Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing Virus: Win32/Rovnix.gen!


  • This topic is locked This topic is locked
11 replies to this topic

#1 Action Print

Action Print

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 07 February 2014 - 01:57 PM

Microsoft security essentials keeps saying that I have a Virus. Win32/Rovnix.gen! Can't figure out how to get rid of it.

Boopme told me to run ESET and it comes up with a keygen? So he instructed me told to run the DDS here is the attach.txt results. it only came up with the attach.txt

 

I can't figure out how to get it to attach so I pasted them I'm sorry:( I know it says not to

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/4/2012 9:10:53 AM
System Uptime: 2/6/2014 11:36:24 AM (25 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M2A-VM
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket AM2  | 2199/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 434 GiB total, 352.37 GiB free.
D: is FIXED (NTFS) - 497 GiB total, 405.808 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
H: is FIXED (NTFS) - 931 GiB total, 837.088 GiB free.
Y: is NetworkDisk (NTFS) - 26 GiB total, 21.178 GiB free.
Z: is NetworkDisk (NTFS) - 17 GiB total, 13.364 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer: 
Name: 
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service: 
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: 
Device ID: ROOT\IMAGE\0001
Manufacturer: 
Name: 
PNP Device ID: ROOT\IMAGE\0001
Service: 
.
==== System Restore Points ===================
.
RP751: 1/11/2014 11:17:47 AM - Software Distribution Service 3.0
RP752: 1/12/2014 2:16:49 AM - Software Distribution Service 3.0
RP753: 1/12/2014 11:16:37 AM - Software Distribution Service 3.0
RP754: 1/13/2014 11:17:19 AM - Software Distribution Service 3.0
RP755: 1/14/2014 3:00:58 AM - Software Distribution Service 3.0
RP756: 1/14/2014 11:17:02 AM - Software Distribution Service 3.0
RP757: 1/15/2014 3:00:57 AM - Software Distribution Service 3.0
RP758: 1/16/2014 3:37:50 AM - System Checkpoint
RP759: 1/16/2014 8:36:47 AM - Software Distribution Service 3.0
RP760: 1/17/2014 8:36:38 AM - Software Distribution Service 3.0
RP761: 1/18/2014 8:36:26 AM - Software Distribution Service 3.0
RP762: 1/19/2014 2:18:29 AM - Software Distribution Service 3.0
RP763: 1/19/2014 8:36:16 AM - Software Distribution Service 3.0
RP764: 1/20/2014 8:36:17 AM - Software Distribution Service 3.0
RP765: 1/21/2014 8:36:45 AM - Software Distribution Service 3.0
RP766: 1/22/2014 8:37:19 AM - Software Distribution Service 3.0
RP767: 1/23/2014 9:32:27 AM - System Checkpoint
RP768: 1/24/2014 8:37:48 AM - Software Distribution Service 3.0
RP769: 1/25/2014 8:37:50 AM - Software Distribution Service 3.0
RP770: 1/26/2014 2:17:51 AM - Software Distribution Service 3.0
RP771: 1/26/2014 8:37:37 AM - Software Distribution Service 3.0
RP772: 1/27/2014 8:38:46 AM - Software Distribution Service 3.0
RP773: 1/28/2014 8:37:53 AM - Software Distribution Service 3.0
RP774: 1/29/2014 8:37:45 AM - Software Distribution Service 3.0
RP775: 1/30/2014 8:38:00 AM - Software Distribution Service 3.0
RP776: 1/31/2014 8:38:40 AM - Software Distribution Service 3.0
RP777: 2/1/2014 8:37:38 AM - Software Distribution Service 3.0
RP778: 2/2/2014 2:18:31 AM - Software Distribution Service 3.0
RP779: 2/2/2014 8:37:43 AM - Software Distribution Service 3.0
RP780: 2/3/2014 8:37:32 AM - Software Distribution Service 3.0
RP781: 2/4/2014 8:38:11 AM - Software Distribution Service 3.0
RP782: 2/5/2014 8:38:35 AM - Software Distribution Service 3.0
RP783: 2/6/2014 8:39:03 AM - Software Distribution Service 3.0
RP784: 2/7/2014 11:59:07 AM - Software Distribution Service 3.0
.
==== Image File Execution Options =============
.
IFEO: Your Image File Name Here without a path - ntsd -d
.
==== Installed Programs ======================
.
.
==== End Of File ===========================

Edited by Action Print, 07 February 2014 - 02:12 PM.


BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 07 February 2014 - 03:27 PM

Hi there,

please run the following scans and post up the logs:


Step 1

Please download TDSSKiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

 

 

Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Action Print

Action Print
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 07 February 2014 - 03:37 PM

Hello! Thank you for helping me. The link on step one is not working?



#4 Action Print

Action Print
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 07 February 2014 - 03:59 PM

Nevermind I got it to work.
 
14:51:34.0421 0x1188  TDSS rootkit removing tool 3.0.0.22 Feb  3 2014 16:45:35
14:51:48.0281 0x1188  ============================================================
14:51:48.0281 0x1188  Current date / time: 2014/02/07 14:51:48.0281
14:51:48.0281 0x1188  SystemInfo:
14:51:48.0281 0x1188  
14:51:48.0281 0x1188  OS Version: 5.1.2600 ServicePack: 3.0
14:51:48.0281 0x1188  Product type: Workstation
14:51:48.0281 0x1188  ComputerName: LEWIS
14:51:48.0281 0x1188  UserName: Administrator
14:51:48.0281 0x1188  Windows directory: C:\WINDOWS
14:51:48.0281 0x1188  System windows directory: C:\WINDOWS
14:51:48.0281 0x1188  Processor architecture: Intel x86
14:51:48.0281 0x1188  Number of processors: 2
14:51:48.0281 0x1188  Page size: 0x1000
14:51:48.0281 0x1188  Boot type: Normal boot
14:51:48.0281 0x1188  ============================================================
14:51:55.0406 0x1188  KLMD registered as C:\WINDOWS\system32\drivers\18480856.sys
14:52:43.0218 0x1188  System UUID: {3A96B566-70AE-279E-ED4B-6CF91ADB36B2}
14:52:47.0593 0x1188  !crdlk
14:52:47.0593 0x1188  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
14:52:53.0421 0x1188  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:52:53.0515 0x1188  Drive \Device\Harddisk1\DR3 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:52:53.0515 0x1188  ============================================================
14:52:53.0515 0x1188  \Device\Harddisk0\DR0:
14:52:53.0515 0x1188  MBR partitions:
14:52:53.0515 0x1188  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3632BD9A
14:52:53.0562 0x1188  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3644A321, BlocksNum 0x3E2BB6A0
14:52:53.0562 0x1188  \Device\Harddisk1\DR3:
14:52:53.0562 0x1188  MBR partitions:
14:52:53.0562 0x1188  \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
14:52:53.0562 0x1188  ============================================================
14:52:53.0625 0x1188  C: <-> \Device\Harddisk0\DR0\Partition1
14:52:53.0765 0x1188  D: <-> \Device\Harddisk0\DR0\Partition2
14:52:54.0171 0x1188  H: <-> \Device\Harddisk1\DR3\Partition1
14:52:54.0171 0x1188  ============================================================
14:52:54.0171 0x1188  Initialize success
14:52:54.0171 0x1188  ============================================================
14:53:24.0546 0x0a60  ============================================================
14:53:24.0546 0x0a60  Scan started
14:53:24.0546 0x0a60  Mode: Manual; SigCheck; TDLFS; 
14:53:24.0546 0x0a60  ============================================================
14:53:24.0546 0x0a60  KSN ping started
14:53:39.0078 0x0a60  KSN ping finished: true
14:53:40.0921 0x0a60  ================ Scan system memory ========================
14:53:40.0937 0x0a60  System memory - ok
14:53:40.0937 0x0a60  ================ Scan services =============================
14:53:42.0453 0x0a60  Abiosdsk - ok
14:53:42.0625 0x0a60  abp480n5 - ok
14:53:42.0937 0x0a60  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:53:43.0468 0x0a60  ACPI - ok
14:53:44.0203 0x0a60  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:53:44.0343 0x0a60  ACPIEC - ok
14:53:44.0562 0x0a60  [ 73685E15EF8B0BD9C30F1AF413F13D49, 618087873BB867D942272A84F7875484C7BCA8D5AEB1454FB42077C15C51B2DE ] adfs            C:\WINDOWS\system32\drivers\adfs.sys
14:53:44.0640 0x0a60  adfs - ok
14:53:45.0078 0x0a60  [ 14C23516C990DCD6052152CF034DDE40, 1EC8AAD6AA6D68A17A9D04AECDB716BD0DD4BFF93641BD96D01855AF1232A5FB ] Adobe Version Cue CS3 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
14:53:45.0468 0x0a60  Adobe Version Cue CS3 - ok
14:53:45.0875 0x0a60  [ 9444A3530C2E88B7ED96A566FF9CCC13, B6372B557715279A03063FD0A30512A5938A689A950B9C6AF7BBC66C15FA87A6 ] Adobe Version Cue CS4 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
14:53:46.0406 0x0a60  Adobe Version Cue CS4 - ok
14:53:46.0859 0x0a60  [ C8C6C0D659734FDBF63F6F421A5416BC, 11C452D77D0A8A5E430D0D0C9949797FFC03D2E3DADB8FBB9B63EDA868AFF83C ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:53:47.0328 0x0a60  AdobeFlashPlayerUpdateSvc - ok
14:53:47.0484 0x0a60  adpu160m - ok
14:53:47.0750 0x0a60  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:53:48.0265 0x0a60  aec - ok
14:53:48.0562 0x0a60  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:53:48.0687 0x0a60  AFD - ok
14:53:48.0859 0x0a60  Aha154x - ok
14:53:49.0265 0x0a60  aic78u2 - ok
14:53:49.0421 0x0a60  aic78xx - ok
14:53:49.0640 0x0a60  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:53:49.0765 0x0a60  Alerter - ok
14:53:50.0031 0x0a60  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
14:53:50.0375 0x0a60  ALG - ok
14:53:50.0531 0x0a60  AliIde - ok
14:53:50.0718 0x0a60  [ 0A4D13B388C814560BD69C3A496ECFA8, 71ADD4C4A5C6465EA27F572DE608C348896C4C557D136718CCDD9919144F7986 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:53:50.0781 0x0a60  AmdK8 - ok
14:53:50.0937 0x0a60  amsint - ok
14:53:51.0531 0x0a60  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:53:51.0734 0x0a60  AppMgmt - ok
14:53:51.0890 0x0a60  asc - ok
14:53:52.0296 0x0a60  asc3350p - ok
14:53:52.0453 0x0a60  asc3550 - ok
14:53:52.0859 0x0a60  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:53:52.0906 0x0a60  aspnet_state - ok
14:53:53.0328 0x0a60  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:53:53.0484 0x0a60  AsyncMac - ok
14:53:53.0781 0x0a60  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:53:53.0937 0x0a60  atapi - ok
14:53:54.0328 0x0a60  Atdisk - ok
14:53:54.0859 0x0a60  [ 471087B5E1E01CC82604E81EA14781D8, DA6AAFE65232AF3DA3D0D5F399730A1117B0DBBCB6AA2A9BD0D1ADA22A1198B8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:53:55.0468 0x0a60  Ati HotKey Poller - detected UnsignedFile.Multi.Generic ( 1 )
14:53:57.0875 0x0a60  Detect skipped due to KSN trusted
14:53:57.0875 0x0a60  Ati HotKey Poller - ok
14:53:59.0046 0x0a60  [ B979BA0120B6DB757196A8E2E873FE3C, 4F4CCD1D07485A53CA3ECEB10E029102BBE9946A15C7B67840E64D352808A0CA ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe
14:54:00.0250 0x0a60  ATI Smart - detected UnsignedFile.Multi.Generic ( 1 )
14:54:02.0921 0x0a60  Detect skipped due to KSN trusted
14:54:02.0921 0x0a60  ATI Smart - ok
14:54:05.0734 0x0a60  [ C0B86ECB324E50F6BBD529F9D5C6B24B, 6B6E58CBDE1010FF13740DA91482E8A40D7B31CD808C16B524BE012C0EADB0D1 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:54:10.0828 0x0a60  ati2mtag - detected UnsignedFile.Multi.Generic ( 1 )
14:54:13.0296 0x0a60  Detect skipped due to KSN trusted
14:54:13.0296 0x0a60  ati2mtag - ok
14:54:13.0640 0x0a60  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:54:13.0796 0x0a60  Atmarpc - ok
14:54:13.0984 0x0a60  [ 523CA82A8810F4354E6425406AFBC130, E3E9F0B27379AD027CF98810FB463851F61E18D9D38654C8E5E2A69DF229EF4D ] ATMsrvc         C:\WINDOWS\System32\ATMsrvc.exe
14:54:14.0015 0x0a60  ATMsrvc - detected UnsignedFile.Multi.Generic ( 1 )
14:54:16.0593 0x0a60  Detect skipped due to KSN trusted
14:54:16.0593 0x0a60  ATMsrvc - ok
14:54:16.0890 0x0a60  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:54:17.0015 0x0a60  AudioSrv - ok
14:54:17.0156 0x0a60  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:54:17.0312 0x0a60  audstub - ok
14:54:17.0703 0x0a60  [ 9C7C45DE9E167F6268D32D6D10133F7D, 58005B49AE6D5CABB3ECEFF0D800F53D6E81A67B5EFE25E9374EC061FEC5601F ] Avgdiskx        C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
14:54:17.0796 0x0a60  Avgdiskx - ok
14:54:20.0234 0x0a60  [ F89B2DACE0FBE54CF65D12B7081C19C3, 64BBA5A29948ABFADB8865CE0D7D0259AB291B8DA04786AB351055D57B49D439 ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
14:54:24.0656 0x0a60  AVGIDSAgent - ok
14:54:25.0125 0x0a60  [ C66B17D93F94622293608C2FB91C5806, 5BA6948A5328D73B1BAF6DACC7B2A842FD0072246DD416DE39F6993EAABC2997 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
14:54:25.0250 0x0a60  AVGIDSDriver - ok
14:54:25.0515 0x0a60  [ 0C70FAB4B08DC1FF6612AA3F352CFCA9, 6991B6A9E5063611C280968F758E6B0F431E19EB8539808531C6293A0F313C47 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
14:54:25.0609 0x0a60  AVGIDSHX - ok
14:54:25.0796 0x0a60  [ 4118A9D326A76D485713A36988102C3E, 10C494165258D091AB31533C37FA05C29013471D5B2D6BDA60F731715FA02248 ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
14:54:25.0812 0x0a60  AVGIDSShim - ok
14:54:26.0109 0x0a60  [ 578ECC3D911897B2C5B760EDAF8ED6CA, 99CAACB349C8629D4BE6070BDBFB0BDB4A13ABFFF738F04D723D2AFE7EA58894 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:54:26.0218 0x0a60  Avgldx86 - ok
14:54:26.0578 0x0a60  [ BD1A440B9F126AFE52978A44952B0018, 83577249AACC3F0C655C27A471739113B2086BFC1FF15D0ED7E64B0215B739DB ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
14:54:26.0718 0x0a60  Avglogx - ok
14:54:26.0953 0x0a60  [ 7DC192EC714342E7C020C7CF42E394D8, 09F4CFFD93067E62B09C550A7A0588E90CAD190E49E1B7082FC5A949AF389781 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:54:27.0015 0x0a60  Avgmfx86 - ok
14:54:27.0203 0x0a60  [ E6322DF686CE1C59D7797FAEF0732454, 03534F19568B421F9BE9C99A7A5302D38FCABA26E95C49A492DA49E58A918B55 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:54:27.0218 0x0a60  Avgrkx86 - ok
14:54:27.0546 0x0a60  [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:54:27.0562 0x0a60  Avgtdix - ok
14:54:27.0968 0x0a60  [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
14:54:28.0390 0x0a60  avgwd - ok
14:54:28.0765 0x0a60  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:54:28.0921 0x0a60  Beep - ok
14:54:29.0406 0x0a60  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:54:29.0953 0x0a60  BITS - ok
14:54:30.0265 0x0a60  [ 73686FE0B2E0469F89FD2075BE724704, 4BC5BBA7ACB5BDA77251B82B9CF16C6A9EBBCC29760860A0F37ABDDF9288143F ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:54:30.0343 0x0a60  Bonjour Service - detected UnsignedFile.Multi.Generic ( 1 )
14:54:33.0171 0x0a60  Detect skipped due to KSN trusted
14:54:33.0171 0x0a60  Bonjour Service - ok
14:54:33.0453 0x0a60  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
14:54:33.0546 0x0a60  Browser - ok
14:54:34.0796 0x0a60  catchme - ok
14:54:35.0500 0x0a60  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:54:35.0640 0x0a60  cbidf2k - ok
14:54:35.0796 0x0a60  cd20xrnt - ok
14:54:36.0031 0x0a60  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:54:36.0250 0x0a60  Cdaudio - ok
14:54:36.0484 0x0a60  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:54:36.0640 0x0a60  Cdfs - ok
14:54:36.0921 0x0a60  [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:54:37.0031 0x0a60  Cdrom - ok
14:54:37.0187 0x0a60  Changer - ok
14:54:37.0625 0x0a60  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:54:37.0843 0x0a60  CiSvc - ok
14:54:38.0093 0x0a60  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:54:38.0203 0x0a60  ClipSrv - ok
14:54:38.0546 0x0a60  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:54:38.0656 0x0a60  clr_optimization_v2.0.50727_32 - ok
14:54:39.0062 0x0a60  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:54:39.0187 0x0a60  clr_optimization_v4.0.30319_32 - ok
14:54:39.0359 0x0a60  CmdIde - ok
14:54:39.0500 0x0a60  COMSysApp - ok
14:54:39.0765 0x0a60  Cpqarray - ok
14:54:40.0125 0x0a60  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:54:40.0234 0x0a60  CryptSvc - ok
14:54:40.0375 0x0a60  dac2w2k - ok
14:54:40.0531 0x0a60  dac960nt - ok
14:54:41.0078 0x0a60  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:54:41.0390 0x0a60  DcomLaunch - ok
14:54:41.0703 0x0a60  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:54:41.0890 0x0a60  Dhcp - ok
14:54:42.0109 0x0a60  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:54:42.0234 0x0a60  Disk - ok
14:54:42.0375 0x0a60  dmadmin - ok
14:54:43.0046 0x0a60  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:54:44.0015 0x0a60  dmboot - ok
14:54:44.0265 0x0a60  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\DRIVERS\dmio.sys
14:54:44.0453 0x0a60  dmio - ok
14:54:44.0593 0x0a60  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:54:44.0750 0x0a60  dmload - ok
14:54:44.0953 0x0a60  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:54:45.0078 0x0a60  dmserver - ok
14:54:45.0265 0x0a60  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:54:45.0421 0x0a60  DMusic - ok
14:54:45.0750 0x0a60  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:54:45.0781 0x0a60  Dnscache - ok
14:54:46.0187 0x0a60  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:54:46.0406 0x0a60  Dot3svc - ok
14:54:46.0578 0x0a60  dpti2o - ok
14:54:46.0718 0x0a60  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:54:46.0843 0x0a60  drmkaud - ok
14:54:47.0093 0x0a60  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:54:47.0234 0x0a60  EapHost - ok
14:54:47.0578 0x0a60  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:54:47.0687 0x0a60  ERSvc - ok
14:54:48.0000 0x0a60  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
14:54:48.0031 0x0a60  Eventlog - ok
14:54:48.0375 0x0a60  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
14:54:48.0546 0x0a60  EventSystem - ok
14:54:48.0796 0x0a60  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:54:49.0250 0x0a60  Fastfat - ok
14:54:49.0546 0x0a60  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:54:49.0734 0x0a60  FastUserSwitchingCompatibility - ok
14:54:49.0968 0x0a60  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:54:50.0093 0x0a60  Fdc - ok
14:54:50.0281 0x0a60  fhzniind - ok
14:54:50.0453 0x0a60  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:54:50.0578 0x0a60  Fips - ok
14:54:50.0718 0x0a60  fjhkrbiq - ok
14:54:51.0359 0x0a60  [ 1F63900E2EB00101B9ACA2B7A870704E, 5AFE1FC852937FECE6B33147BD0110436FE97F33BFDA3F69B1F5EDAD6FFC09C6 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:54:52.0125 0x0a60  FLEXnet Licensing Service - ok
14:54:52.0343 0x0a60  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:54:52.0500 0x0a60  Flpydisk - ok
14:54:52.0734 0x0a60  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
14:54:52.0859 0x0a60  FltMgr - ok
14:54:53.0093 0x0a60  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:54:53.0140 0x0a60  FontCache3.0.0.0 - ok
14:54:53.0328 0x0a60  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:54:53.0500 0x0a60  Fs_Rec - ok
14:54:53.0750 0x0a60  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:54:53.0906 0x0a60  Ftdisk - ok
14:54:54.0078 0x0a60  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:54:54.0250 0x0a60  Gpc - ok
14:54:54.0515 0x0a60  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:54:54.0687 0x0a60  gupdate - ok
14:54:54.0953 0x0a60  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:54:54.0968 0x0a60  gupdatem - ok
14:54:55.0250 0x0a60  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:54:55.0546 0x0a60  HDAudBus - ok
14:54:55.0796 0x0a60  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:54:55.0953 0x0a60  helpsvc - ok
14:54:56.0265 0x0a60  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:54:56.0375 0x0a60  HidServ - ok
14:54:56.0546 0x0a60  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:54:56.0671 0x0a60  HidUsb - ok
14:54:56.0937 0x0a60  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:54:57.0046 0x0a60  hkmsvc - ok
14:54:57.0203 0x0a60  hpn - ok
14:54:57.0593 0x0a60  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:54:57.0812 0x0a60  HTTP - ok
14:54:58.0109 0x0a60  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:54:58.0218 0x0a60  HTTPFilter - ok
14:54:58.0375 0x0a60  i2omgmt - ok
14:54:58.0546 0x0a60  i2omp - ok
14:54:58.0734 0x0a60  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:54:58.0843 0x0a60  i8042prt - ok
14:54:59.0125 0x0a60  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:54:59.0218 0x0a60  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
14:55:09.0406 0x0a60  IDriverT ( UnsignedFile.Multi.Generic ) - warning
14:55:09.0406 0x0a60  Force sending object to P2P due to detect: C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:55:13.0906 0x0a60  Object send P2P result: true
14:55:17.0781 0x0a60  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:55:18.0843 0x0a60  idsvc - ok
14:55:19.0109 0x0a60  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:55:19.0250 0x0a60  Imapi - ok
14:55:19.0546 0x0a60  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:55:19.0781 0x0a60  ImapiService - ok
14:55:20.0015 0x0a60  ini910u - ok
14:55:22.0968 0x0a60  [ CBDDAB14249B2F05407FC09AB8FFFB88, F83B06B53A54463CC35487EE24E2D52A90F1867743A9323A98261FA187731B4F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:55:28.0453 0x0a60  IntcAzAudAddService - ok
14:55:28.0656 0x0a60  IntelIde - ok
14:55:28.0843 0x0a60  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
14:55:28.0968 0x0a60  Ip6Fw - ok
14:55:29.0156 0x0a60  [ 631348874A9C710F4AE1A2BAC634DC2C, ED8BBC1A594455381EE09ECF924C921E06B26303A272675004273F679431FFE0 ] Ipenmf          C:\WINDOWS\system32\DRIVERS\Ipenmf.sys
14:55:29.0218 0x0a60  Ipenmf - detected UnsignedFile.Multi.Generic ( 1 )
14:55:31.0625 0x0a60  Ipenmf ( UnsignedFile.Multi.Generic ) - warning
14:55:34.0281 0x0a60  [ 36425C2BCF9E0623CF464C384EBA4011, C281CD0CAB3C8FA84F6E6A898DDF7A49624DBD93B02A3DAAD5AB25FF89CD889E ] Ipenuf          C:\WINDOWS\system32\DRIVERS\Ipenuf.sys
14:55:34.0296 0x0a60  Ipenuf - detected UnsignedFile.Multi.Generic ( 1 )
14:55:36.0875 0x0a60  Ipenuf ( UnsignedFile.Multi.Generic ) - warning
14:55:39.0562 0x0a60  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:55:39.0703 0x0a60  IpFilterDriver - ok
14:55:39.0859 0x0a60  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:55:40.0000 0x0a60  IpInIp - ok
14:55:40.0312 0x0a60  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:55:40.0609 0x0a60  IpNat - ok
14:55:40.0812 0x0a60  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:55:41.0000 0x0a60  IPSec - ok
14:55:41.0171 0x0a60  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:55:41.0296 0x0a60  IRENUM - ok
14:55:41.0593 0x0a60  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:55:41.0718 0x0a60  isapnp - ok
14:55:41.0984 0x0a60  [ DE96BBF842059A67D876B692076D8875, BBF554275B30477A689D7890B26B00818B59F2AD70B46B82E61120F06105CC21 ] ivusb           C:\WINDOWS\system32\DRIVERS\ivusb.sys
14:55:42.0015 0x0a60  ivusb - ok
14:55:42.0281 0x0a60  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:55:42.0406 0x0a60  Kbdclass - ok
14:55:42.0671 0x0a60  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:55:42.0796 0x0a60  kmixer - ok
14:55:43.0062 0x0a60  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:55:43.0187 0x0a60  KSecDD - ok
14:55:43.0500 0x0a60  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:55:43.0578 0x0a60  lanmanserver - ok
14:55:43.0906 0x0a60  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:55:44.0015 0x0a60  lanmanworkstation - ok
14:55:44.0171 0x0a60  lbrtfdc - ok
14:55:44.0546 0x0a60  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:55:44.0671 0x0a60  LmHosts - ok
14:55:44.0906 0x0a60  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:55:45.0015 0x0a60  Messenger - ok
14:55:45.0218 0x0a60  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:55:45.0359 0x0a60  mnmdd - ok
14:55:45.0546 0x0a60  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:55:45.0656 0x0a60  mnmsrvc - ok
14:55:45.0859 0x0a60  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:55:45.0984 0x0a60  Modem - ok
14:55:46.0203 0x0a60  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:55:46.0312 0x0a60  Mouclass - ok
14:55:46.0484 0x0a60  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:55:46.0625 0x0a60  mouhid - ok
14:55:46.0843 0x0a60  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:55:46.0953 0x0a60  MountMgr - ok
14:55:47.0296 0x0a60  [ CF105EE42E3F71E648CEBB3F666E1CF0, 1839F989ED4D954A586CB8C327F8728C020537E617FB743F457ECEFCCFA4B6C4 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:55:47.0453 0x0a60  MpFilter - ok
14:55:47.0734 0x0a60  mraid35x - ok
14:55:48.0000 0x0a60  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:55:48.0250 0x0a60  MRxDAV - ok
14:55:48.0703 0x0a60  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:55:48.0890 0x0a60  MRxSmb - ok
14:55:49.0062 0x0a60  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:55:49.0187 0x0a60  MSDTC - ok
14:55:49.0546 0x0a60  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:55:49.0640 0x0a60  Msfs - ok
14:55:49.0796 0x0a60  MSIServer - ok
14:55:49.0968 0x0a60  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:55:50.0093 0x0a60  MSKSSRV - ok
14:55:50.0390 0x0a60  [ C1F19D2BACBEE9AB64D9AE69E9859AC0, 11F55350EF5219B132A1E04C8BF8A521089F62D7207D40F7F3C6E8B6E04090A1 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:55:50.0421 0x0a60  MsMpSvc - ok
14:55:50.0578 0x0a60  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:55:50.0687 0x0a60  MSPCLOCK - ok
14:55:50.0843 0x0a60  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:55:50.0968 0x0a60  MSPQM - ok
14:55:51.0125 0x0a60  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:55:51.0234 0x0a60  mssmbios - ok
14:55:51.0421 0x0a60  [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ASACPI.sys
14:55:51.0468 0x0a60  MTsensor - ok
14:55:51.0734 0x0a60  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:55:51.0765 0x0a60  Mup - ok
14:55:51.0953 0x0a60  [ 216AC775320F64DE28CFEB7C179C4FF9, 12A9E0056E4BA11C55490CED9739806D08040860C37AEFE1FA8D5EDF074A74FB ] MXOPSWD         C:\WINDOWS\system32\DRIVERS\mxopswd.sys
14:55:52.0046 0x0a60  MXOPSWD - ok
14:55:52.0484 0x0a60  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:55:52.0781 0x0a60  napagent - ok
14:55:53.0390 0x0a60  [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate        C:\Program Files\Nero\Update\NASvc.exe
14:55:53.0968 0x0a60  NAUpdate - ok
14:55:54.0312 0x0a60  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:55:54.0468 0x0a60  NDIS - ok
14:55:54.0640 0x0a60  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:55:54.0703 0x0a60  NdisTapi - ok
14:55:54.0875 0x0a60  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:55:54.0984 0x0a60  Ndisuio - ok
14:55:55.0187 0x0a60  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:55:55.0296 0x0a60  NdisWan - ok
14:55:55.0500 0x0a60  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:55:55.0578 0x0a60  NDProxy - ok
14:55:55.0734 0x0a60  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:55:55.0890 0x0a60  NetBIOS - ok
14:55:56.0156 0x0a60  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:55:56.0296 0x0a60  NetBT - ok
14:55:56.0609 0x0a60  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:55:56.0765 0x0a60  NetDDE - ok
14:55:57.0062 0x0a60  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:55:57.0171 0x0a60  NetDDEdsdm - ok
14:55:57.0343 0x0a60  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:55:57.0453 0x0a60  Netlogon - ok
14:55:57.0843 0x0a60  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
14:55:57.0968 0x0a60  Netman - ok
14:55:58.0218 0x0a60  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:55:58.0343 0x0a60  NetTcpPortSharing - ok
14:55:58.0781 0x0a60  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:55:58.0812 0x0a60  Nla - ok
14:55:59.0031 0x0a60  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:55:59.0140 0x0a60  Npfs - ok
14:55:59.0656 0x0a60  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:55:59.0984 0x0a60  Ntfs - ok
14:56:00.0140 0x0a60  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:56:00.0250 0x0a60  NtLmSsp - ok
14:56:00.0718 0x0a60  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:56:01.0234 0x0a60  NtmsSvc - ok
14:56:01.0421 0x0a60  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:56:01.0578 0x0a60  Null - ok
14:56:01.0734 0x0a60  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:56:01.0875 0x0a60  NwlnkFlt - ok
14:56:02.0062 0x0a60  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:56:02.0203 0x0a60  NwlnkFwd - ok
14:56:02.0375 0x0a60  ogvtkrjf - ok
14:56:02.0625 0x0a60  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:56:02.0718 0x0a60  ose - ok
14:56:03.0031 0x0a60  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:56:03.0218 0x0a60  Parport - ok
14:56:03.0421 0x0a60  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:56:03.0562 0x0a60  PartMgr - ok
14:56:03.0781 0x0a60  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:56:03.0906 0x0a60  ParVdm - ok
14:56:04.0156 0x0a60  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:56:04.0281 0x0a60  PCI - ok
14:56:04.0437 0x0a60  PCIDump - ok
14:56:04.0640 0x0a60  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:56:04.0781 0x0a60  PCIIde - ok
14:56:05.0031 0x0a60  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:56:05.0250 0x0a60  Pcmcia - ok
14:56:05.0390 0x0a60  PDCOMP - ok
14:56:05.0531 0x0a60  PDFRAME - ok
14:56:05.0656 0x0a60  PDRELI - ok
14:56:05.0796 0x0a60  PDRFRAME - ok
14:56:05.0937 0x0a60  perc2 - ok
14:56:06.0093 0x0a60  perc2hib - ok
14:56:06.0625 0x0a60  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:56:06.0640 0x0a60  PlugPlay - ok
14:56:06.0796 0x0a60  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:56:06.0906 0x0a60  PolicyAgent - ok
14:56:07.0078 0x0a60  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:56:07.0218 0x0a60  PptpMiniport - ok
14:56:07.0421 0x0a60  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
14:56:07.0609 0x0a60  Processor - ok
14:56:07.0843 0x0a60  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:56:07.0937 0x0a60  ProtectedStorage - ok
14:56:08.0140 0x0a60  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:56:08.0296 0x0a60  PSched - ok
14:56:08.0859 0x0a60  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:56:09.0015 0x0a60  Ptilink - ok
14:56:09.0187 0x0a60  ql1080 - ok
14:56:09.0343 0x0a60  Ql10wnt - ok
14:56:09.0531 0x0a60  ql12160 - ok
14:56:09.0687 0x0a60  ql1240 - ok
14:56:09.0843 0x0a60  ql1280 - ok
14:56:10.0031 0x0a60  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:56:10.0156 0x0a60  RasAcd - ok
14:56:10.0390 0x0a60  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:56:10.0578 0x0a60  RasAuto - ok
14:56:10.0765 0x0a60  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:56:10.0906 0x0a60  Rasl2tp - ok
14:56:11.0218 0x0a60  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:56:11.0421 0x0a60  RasMan - ok
14:56:11.0593 0x0a60  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:56:11.0718 0x0a60  RasPppoe - ok
14:56:11.0875 0x0a60  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:56:12.0000 0x0a60  Raspti - ok
14:56:12.0250 0x0a60  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:56:12.0453 0x0a60  Rdbss - ok
14:56:12.0656 0x0a60  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:56:12.0765 0x0a60  RDPCDD - ok
14:56:13.0093 0x0a60  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:56:13.0375 0x0a60  rdpdr - ok
14:56:13.0796 0x0a60  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:56:13.0906 0x0a60  RDPWD - ok
14:56:14.0156 0x0a60  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:56:14.0375 0x0a60  RDSessMgr - ok
14:56:14.0640 0x0a60  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:56:14.0781 0x0a60  redbook - ok
14:56:15.0046 0x0a60  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:56:15.0187 0x0a60  RemoteAccess - ok
14:56:15.0515 0x0a60  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:56:15.0656 0x0a60  RemoteRegistry - ok
14:56:15.0875 0x0a60  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:56:16.0015 0x0a60  RpcLocator - ok
14:56:16.0515 0x0a60  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
14:56:16.0703 0x0a60  RpcSs - ok
14:56:16.0968 0x0a60  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:56:17.0125 0x0a60  RSVP - ok
14:56:17.0343 0x0a60  [ 25BE98C05808C57E4D8D26477DC12D39, 6FB8AB3458CFBA630C568B4A6741B6252348F5B720E7A8A170D463AA34A3D265 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:56:17.0593 0x0a60  RTLE8023xp - ok
14:56:17.0812 0x0a60  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:56:17.0921 0x0a60  SamSs - ok
14:56:18.0156 0x0a60  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:56:18.0312 0x0a60  SCardSvr - ok
14:56:18.0687 0x0a60  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:56:18.0953 0x0a60  Schedule - ok
14:56:20.0468 0x0a60  [ 95AA9E165C7DE1B64A11E8B18E91E499, 505BB51F358EAE5835071A89069530DFDA99E9C5220EA6A648842C15E74E4907 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
14:56:22.0593 0x0a60  SDScannerService - ok
14:56:23.0531 0x0a60  [ D31398D4BB4907B517B6E784C2100C4A, 36BDB2BFAC2C0ADF8C6DF6D1511ECF43C8F6ED7D4D76244DC5232AD97BA5E9C9 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
14:56:24.0750 0x0a60  SDUpdateService - ok
14:56:25.0031 0x0a60  [ 6AE8E702D1027A9627DDE2B77BB9992B, 5EA68E2A487D252A68DB0861E7FAFA69956D266CBAA5A1D77751F7E6BD4169B7 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
14:56:25.0171 0x0a60  SDWSCService - ok
14:56:25.0359 0x0a60  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:56:25.0500 0x0a60  Secdrv - ok
14:56:25.0765 0x0a60  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:56:25.0875 0x0a60  seclogon - ok
14:56:26.0156 0x0a60  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
14:56:26.0265 0x0a60  SENS - ok
14:56:26.0453 0x0a60  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:56:26.0578 0x0a60  serenum - ok
14:56:26.0843 0x0a60  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:56:27.0015 0x0a60  Serial - ok
14:56:27.0625 0x0a60  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:56:27.0750 0x0a60  Sfloppy - ok
14:56:28.0078 0x0a60  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:56:28.0109 0x0a60  ShellHWDetection - ok
14:56:28.0265 0x0a60  Simbad - ok
14:56:28.0593 0x0a60  Sparrow - ok
14:56:28.0781 0x0a60  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:56:28.0906 0x0a60  splitter - ok
14:56:29.0187 0x0a60  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:56:29.0234 0x0a60  Spooler - ok
14:56:29.0468 0x0a60  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:56:29.0625 0x0a60  sr - ok
14:56:29.0921 0x0a60  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:56:30.0109 0x0a60  srservice - ok
14:56:30.0515 0x0a60  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:56:30.0968 0x0a60  Srv - ok
14:56:31.0218 0x0a60  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:56:31.0359 0x0a60  SSDPSRV - ok
14:56:31.0562 0x0a60  [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
14:56:31.0656 0x0a60  StillCam - ok
14:56:32.0078 0x0a60  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:56:32.0546 0x0a60  stisvc - ok
14:56:32.0718 0x0a60  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:56:32.0843 0x0a60  swenum - ok
14:56:33.0015 0x0a60  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:56:33.0171 0x0a60  swmidi - ok
14:56:33.0312 0x0a60  SwPrv - ok
14:56:33.0531 0x0a60  symc810 - ok
14:56:33.0703 0x0a60  symc8xx - ok
14:56:33.0890 0x0a60  sym_hi - ok
14:56:34.0046 0x0a60  sym_u3 - ok
14:56:34.0250 0x0a60  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:56:34.0390 0x0a60  sysaudio - ok
14:56:34.0718 0x0a60  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:56:34.0875 0x0a60  SysmonLog - ok
14:56:35.0281 0x0a60  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:56:35.0578 0x0a60  TapiSrv - ok
14:56:35.0984 0x0a60  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:56:36.0171 0x0a60  Tcpip - ok
14:56:36.0343 0x0a60  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:56:36.0453 0x0a60  TDPIPE - ok
14:56:36.0625 0x0a60  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:56:36.0765 0x0a60  TDTCP - ok
14:56:36.0937 0x0a60  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:56:37.0046 0x0a60  TermDD - ok
14:56:37.0515 0x0a60  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
14:56:37.0671 0x0a60  TermService - ok
14:56:38.0375 0x0a60  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:56:38.0843 0x0a60  Themes - ok
14:56:39.0078 0x0a60  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:56:39.0218 0x0a60  TlntSvr - ok
14:56:39.0390 0x0a60  TosIde - ok
14:56:39.0718 0x0a60  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:56:39.0843 0x0a60  TrkWks - ok
14:56:40.0156 0x0a60  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:56:40.0328 0x0a60  Udfs - ok
14:56:40.0484 0x0a60  ultra - ok
14:56:40.0890 0x0a60  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:56:41.0453 0x0a60  Update - ok
14:56:42.0078 0x0a60  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:56:42.0312 0x0a60  upnphost - ok
14:56:42.0546 0x0a60  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
14:56:42.0656 0x0a60  UPS - ok
14:56:42.0843 0x0a60  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:56:42.0890 0x0a60  usbccgp - ok
14:56:43.0078 0x0a60  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:56:43.0109 0x0a60  usbehci - ok
14:56:43.0312 0x0a60  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:56:43.0562 0x0a60  usbhub - ok
14:56:43.0750 0x0a60  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:56:43.0890 0x0a60  usbohci - ok
14:56:44.0078 0x0a60  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:56:44.0156 0x0a60  usbscan - ok
14:56:44.0312 0x0a60  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:56:44.0453 0x0a60  USBSTOR - ok
14:56:44.0687 0x0a60  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:56:44.0796 0x0a60  VgaSave - ok
14:56:44.0953 0x0a60  ViaIde - ok
14:56:45.0187 0x0a60  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:56:45.0312 0x0a60  VolSnap - ok
14:56:45.0703 0x0a60  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
14:56:45.0984 0x0a60  VSS - ok
14:56:46.0359 0x0a60  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
14:56:46.0531 0x0a60  W32Time - ok
14:56:46.0765 0x0a60  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:56:46.0937 0x0a60  Wanarp - ok
14:56:47.0156 0x0a60  [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM         C:\WINDOWS\system32\DRIVERS\wdcsam.sys
14:56:47.0218 0x0a60  WDC_SAM - ok
14:56:47.0640 0x0a60  [ BF847A3972CC6B5CE26E0EA742DD52D9, F8EEAB98260A6D1A1426842F5DE7F28186784FBE30C86EFF4FD3BFFBCF9F277F ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
14:56:47.0687 0x0a60  WDDMService - detected UnsignedFile.Multi.Generic ( 1 )
14:56:50.0125 0x0a60  Detect skipped due to KSN trusted
14:56:50.0125 0x0a60  WDDMService - ok
14:56:51.0015 0x0a60  [ B5966F1DFF6E20576F3C8C2D93D129FD, 215526629D2160B15117B4F2395AA8B2B01A1237F9320B6CF33B668F7F36B2F5 ] WDFME           C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
14:56:52.0375 0x0a60  WDFME - detected UnsignedFile.Multi.Generic ( 1 )
14:56:55.0046 0x0a60  Detect skipped due to KSN trusted
14:56:55.0046 0x0a60  WDFME - ok
14:56:55.0171 0x0a60  WDICA - ok
14:56:55.0390 0x0a60  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:56:55.0609 0x0a60  wdmaud - ok
14:56:56.0093 0x0a60  [ 92F0088CA18BB08BB596EF2608256F8A, 70DD5E23505719DB114B8E78770CDB48B985FB8F00AF59B9BB191600D52D95A5 ] WDSC            C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
14:56:56.0593 0x0a60  WDSC - detected UnsignedFile.Multi.Generic ( 1 )
14:56:59.0000 0x0a60  Detect skipped due to KSN trusted
14:56:59.0000 0x0a60  WDSC - ok
14:56:59.0234 0x0a60  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:56:59.0375 0x0a60  WebClient - ok
14:56:59.0875 0x0a60  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:57:00.0078 0x0a60  winmgmt - ok
14:57:00.0562 0x0a60  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
14:57:00.0656 0x0a60  WmdmPmSN - ok
14:57:01.0312 0x0a60  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:57:01.0703 0x0a60  Wmi - ok
14:57:02.0031 0x0a60  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:57:02.0250 0x0a60  WmiApSrv - ok
14:57:03.0156 0x0a60  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
14:57:04.0281 0x0a60  WMPNetworkSvc - ok
14:57:04.0546 0x0a60  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:57:04.0625 0x0a60  WpdUsb - ok
14:57:05.0312 0x0a60  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:57:06.0078 0x0a60  WPFFontCache_v0400 - ok
14:57:06.0265 0x0a60  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:57:06.0375 0x0a60  WS2IFSL - ok
14:57:06.0578 0x0a60  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:57:06.0687 0x0a60  wuauserv - ok
14:57:06.0890 0x0a60  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:57:06.0937 0x0a60  WudfPf - ok
14:57:07.0156 0x0a60  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:57:07.0281 0x0a60  WudfRd - ok
14:57:07.0562 0x0a60  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:57:07.0609 0x0a60  WudfSvc - ok
14:57:08.0125 0x0a60  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:57:08.0656 0x0a60  WZCSVC - ok
14:57:09.0015 0x0a60  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:57:09.0203 0x0a60  xmlprov - ok
14:57:09.0375 0x0a60  ================ Scan global ===============================
14:57:09.0656 0x0a60  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
14:57:09.0875 0x0a60  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:57:10.0156 0x0a60  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:57:10.0250 0x0a60  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
14:57:10.0250 0x0a60  [ Global ] - ok
14:57:10.0250 0x0a60  ================ Scan MBR ==================================
14:57:10.0296 0x0a60  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:57:11.0937 0x0a60  \Device\Harddisk0\DR0 - ok
14:57:11.0937 0x0a60  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
14:57:12.0890 0x0a60  \Device\Harddisk1\DR3 - ok
14:57:12.0890 0x0a60  ================ Scan VBR ==================================
14:57:12.0937 0x0a60  [ 176E22CDAA1EC49B5BEB413FBCD8B653 ] \Device\Harddisk0\DR0\Partition1
14:57:12.0937 0x0a60  \Device\Harddisk0\DR0\Partition1 - ok
14:57:12.0953 0x0a60  [ B04EF1EC1B178E90171D0EE267F18483 ] \Device\Harddisk0\DR0\Partition2
14:57:12.0968 0x0a60  \Device\Harddisk0\DR0\Partition2 - ok
14:57:12.0968 0x0a60  [ 4AE21F4C5DA1EDE45B67ADA07CB293B0 ] \Device\Harddisk1\DR3\Partition1
14:57:12.0984 0x0a60  \Device\Harddisk1\DR3\Partition1 - ok
14:57:12.0984 0x0a60  Waiting for KSN requests completion. In queue: 15
14:57:13.0984 0x0a60  Waiting for KSN requests completion. In queue: 15
14:57:15.0031 0x0a60  AV detected via SS1: Microsoft Security Essentials, 4.2.0223.0, enabled, updated
14:57:17.0515 0x0a60  ============================================================
14:57:17.0515 0x0a60  Scan finished
14:57:17.0515 0x0a60  ============================================================
14:57:17.0531 0x0970  Detected object count: 3
14:57:17.0531 0x0970  Actual detected object count: 3
14:58:13.0750 0x0970  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:13.0750 0x0970  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:58:13.0750 0x0970  Ipenmf ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:13.0750 0x0970  Ipenmf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:58:13.0765 0x0970  Ipenuf ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:13.0765 0x0970  Ipenuf ( UnsignedFile.Multi.Generic ) - User select action: Skip 


#5 Action Print

Action Print
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 07 February 2014 - 04:06 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2014
Ran by Administrator (administrator) on LEWIS on 07-02-2014 15:03:20
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) ===================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Fingersystem) C:\WINDOWS\system32\Ipen.exe
() C:\WINDOWS\system32\xDNOTbgnd.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgmfapx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IpenMOUSE] - C:\WINDOWS\system32\Ipen.exe [40960 2003-05-19] (Fingersystem)
HKLM\...\Run: [AdobeCS4ServiceManager] - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2011-09-07] (Adobe Systems Incorporated)
HKLM\...\Run: [XeroxScanUtility] - C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe [2310144 2009-06-02] (Xerox Corporation)
HKLM\...\Run: [XeroxEndeavorBackgroundTask] - C:\WINDOWS\system32\xDNOTbgnd.exe [95744 2009-05-25] ()
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16126464 2007-03-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\.DEFAULT\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-1708537768-1177238915-682003330-500\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1708537768-1177238915-682003330-500\...409d6c4515e9\InprocServer32: [Default-shell32] shell32.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\network.bat ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - FingerSystem IE Memo - {8D13872E-6174-49C1-B8D2-793F90CCAFAC} - C:\Program Files\Finger System Inc\Fingersystem Ipen Driver\FGIeMemo.dll ()
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://192.168.1.238:85/RemoteWeb.cab
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://192.168.1.10/ConnectComputer/nshelp.dll
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://192.168.1.238:85/VideoViewer.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 69.6.190.10 69.6.190.11
 
Chrome: 
=======
CHR HomePage: hxxp://www.amazon.com/websearch/ref=bit_bds-p23_serp_cr_us_display?ie=UTF8&tagbase=bds-p23&tbrId=v1_abb-channel-23_46071e852aae45efaf172d3aa51929a4_39_1006_20131107_US_cr_sp_
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
 
========================== Services (Whitelisted) =================
 
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2011-09-07] (Adobe Systems Incorporated)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] ()
S4 ATMsrvc; C:\WINDOWS\System32\ATMsrvc.exe [15360 2000-05-24] (Adobe Systems Incorporated)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [238592 2011-03-09] (WDC)
S2 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1060864 2011-03-09] ()
R2 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2011-03-09] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 Ipenmf; C:\WINDOWS\System32\DRIVERS\Ipenmf.sys [10144 2003-02-26] (Fingersystem)
S3 Ipenuf; C:\WINDOWS\System32\DRIVERS\Ipenuf.sys [10048 2003-03-03] (Fingersystem)
S3 ivusb; C:\WINDOWS\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 MXOPSWD; C:\WINDOWS\System32\DRIVERS\mxopswd.sys [22152 2007-05-03] (Maxtor Corp.)
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S1 fhzniind; \??\C:\WINDOWS\system32\drivers\fhzniind.sys [X]
S1 fjhkrbiq; \??\C:\WINDOWS\system32\drivers\fjhkrbiq.sys [X]
S4 IntelIde; No ImagePath
S1 ogvtkrjf; \??\C:\WINDOWS\system32\drivers\ogvtkrjf.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-07 15:03 - 2014-02-07 15:03 - 00014066 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-02-07 15:02 - 2014-02-07 15:03 - 00000000 ____D () C:\FRST
2014-02-07 14:59 - 2014-02-07 14:59 - 01136640 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-02-07 14:50 - 2014-02-07 14:51 - 04122976 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2014-02-07 12:49 - 2014-02-07 12:53 - 00003604 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-02-07 12:43 - 2014-02-07 12:44 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-02-06 14:46 - 2014-02-06 14:46 - 00000000 ____D () C:\Program Files\ESET
2014-02-06 10:29 - 2014-02-06 10:30 - 00987425 _____ () C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
2014-02-05 12:33 - 2014-02-06 11:57 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-04 17:12 - 2014-02-04 17:12 - 00001971 _____ () C:\Documents and Settings\Administrator\000069LL00PE.TMP
2014-02-03 13:07 - 2014-02-04 14:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\welcome pardner 2-2014
2014-01-30 15:39 - 2014-01-30 15:39 - 00000186 _____ () C:\Documents and Settings\Administrator\My Documents\test.csv
2014-01-29 16:35 - 2014-01-29 16:35 - 00001344 _____ () C:\Documents and Settings\Administrator\My Documents\Document.txt
2014-01-29 16:23 - 2014-01-29 16:24 - 00000402 _____ () C:\Documents and Settings\Administrator\My Documents\3001.txt
2014-01-29 15:43 - 2014-01-29 15:43 - 00000503 _____ () C:\Documents and Settings\Administrator\My Documents\100.txt
2014-01-29 15:41 - 2014-01-29 15:42 - 00000395 _____ () C:\Documents and Settings\Administrator\My Documents\100.csv
2014-01-29 15:40 - 2014-01-29 15:40 - 00023040 _____ () C:\Documents and Settings\Administrator\My Documents\100.xls
2014-01-15 03:04 - 2014-01-15 03:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 03:01 - 2014-01-15 03:04 - 00004819 _____ () C:\WINDOWS\KB2914368.log
 
==================== One Month Modified Files and Folders =======
 
2014-02-07 15:03 - 2014-02-07 15:03 - 00014066 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-02-07 15:03 - 2014-02-07 15:02 - 00000000 ____D () C:\FRST
2014-02-07 14:59 - 2014-02-07 14:59 - 01136640 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-02-07 14:52 - 2012-03-30 12:52 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-07 14:51 - 2014-02-07 14:50 - 04122976 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2014-02-07 14:33 - 2009-12-17 14:46 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-07 12:53 - 2014-02-07 12:49 - 00003604 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-02-07 12:44 - 2014-02-07 12:43 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-02-07 12:08 - 2008-03-13 16:23 - 01681960 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-07 09:33 - 2008-03-13 16:31 - 00032436 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-07 06:33 - 2009-12-17 14:46 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-07 02:20 - 2010-04-29 09:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\New Folder (2)
2014-02-06 17:48 - 2013-12-12 17:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-02-06 14:46 - 2014-02-06 14:46 - 00000000 ____D () C:\Program Files\ESET
2014-02-06 12:13 - 2008-03-13 23:10 - 00000254 _____ () C:\WINDOWS\wiadebug.log
2014-02-06 11:57 - 2014-02-05 12:33 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-02-06 11:56 - 2013-04-05 08:40 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-02-06 11:53 - 2013-02-27 12:16 - 00449348 _____ () C:\xxbgtask.log
2014-02-06 11:53 - 2013-02-27 12:10 - 01483012 _____ () C:\XrxUsd.log
2014-02-06 11:53 - 2011-03-01 17:11 - 00389440 _____ () C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2014-02-06 11:51 - 2013-09-19 11:27 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-02-06 11:51 - 2008-03-18 17:18 - 02940016 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-06 11:51 - 2004-08-04 06:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-06 11:44 - 2008-03-13 23:10 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-02-06 11:41 - 2008-03-13 16:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-06 11:35 - 2013-09-19 11:26 - 00131072 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-02-06 11:35 - 2008-03-19 14:13 - 00196608 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-02-06 11:35 - 2008-03-13 16:32 - 00000278 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-06 10:30 - 2014-02-06 10:29 - 00987425 _____ () C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
2014-02-06 10:24 - 2008-03-28 15:06 - 00005376 _____ () C:\Documents and Settings\Administrator\IASVA90.FPT
2014-02-05 08:15 - 2013-09-19 11:27 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-02-05 02:53 - 2012-03-30 12:52 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-05 02:53 - 2011-12-05 12:19 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-05 02:52 - 2013-06-12 10:52 - 09216904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-02-04 17:12 - 2014-02-04 17:12 - 00001971 _____ () C:\Documents and Settings\Administrator\000069LL00PE.TMP
2014-02-04 17:12 - 2008-03-28 15:06 - 00000578 _____ () C:\Documents and Settings\Administrator\IASVA90.DBF
2014-02-04 17:12 - 2008-03-13 16:32 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-04 14:24 - 2014-02-03 13:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\welcome pardner 2-2014
2014-02-03 08:55 - 2013-09-19 11:27 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-01-31 16:47 - 2004-08-04 06:00 - 00000754 _____ () C:\WINDOWS\win.ini
2014-01-30 15:39 - 2014-01-30 15:39 - 00000186 _____ () C:\Documents and Settings\Administrator\My Documents\test.csv
2014-01-30 15:05 - 2008-03-21 13:13 - 00002487 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2014-01-29 16:35 - 2014-01-29 16:35 - 00001344 _____ () C:\Documents and Settings\Administrator\My Documents\Document.txt
2014-01-29 16:24 - 2014-01-29 16:23 - 00000402 _____ () C:\Documents and Settings\Administrator\My Documents\3001.txt
2014-01-29 15:43 - 2014-01-29 15:43 - 00000503 _____ () C:\Documents and Settings\Administrator\My Documents\100.txt
2014-01-29 15:42 - 2014-01-29 15:41 - 00000395 _____ () C:\Documents and Settings\Administrator\My Documents\100.csv
2014-01-29 15:40 - 2014-01-29 15:40 - 00023040 _____ () C:\Documents and Settings\Administrator\My Documents\100.xls
2014-01-20 16:20 - 2013-12-16 12:10 - 00017841 _____ () C:\WINDOWS\setupapi.log
2014-01-19 01:32 - 2012-01-10 08:30 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-15 03:17 - 2013-08-14 02:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-15 03:05 - 2008-03-13 17:28 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 03:04 - 2014-01-15 03:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 03:04 - 2014-01-15 03:01 - 00004819 _____ () C:\WINDOWS\KB2914368.log
2014-01-15 03:04 - 2013-12-16 10:39 - 00013296 _____ () C:\WINDOWS\iis6.log
2014-01-15 03:04 - 2013-12-16 10:39 - 00012366 _____ () C:\WINDOWS\FaxSetup.log
2014-01-15 03:04 - 2013-12-16 10:39 - 00006722 _____ () C:\WINDOWS\ocgen.log
2014-01-15 03:04 - 2013-12-16 10:39 - 00005643 _____ () C:\WINDOWS\tsoc.log
2014-01-15 03:04 - 2013-12-16 10:39 - 00004115 _____ () C:\WINDOWS\comsetup.log
2014-01-15 03:04 - 2013-12-16 10:39 - 00003780 _____ () C:\WINDOWS\msmqinst.log
2014-01-15 03:04 - 2013-12-16 10:39 - 00002494 _____ () C:\WINDOWS\ntdtcsetup.log
2014-01-15 03:04 - 2013-12-16 10:39 - 00002166 _____ () C:\WINDOWS\netfxocm.log
2014-01-15 03:04 - 2013-12-16 10:39 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-01-15 03:04 - 2013-12-16 10:39 - 00000850 _____ () C:\WINDOWS\MedCtrOC.log
2014-01-15 03:04 - 2013-12-16 10:39 - 00000684 _____ () C:\WINDOWS\ocmsn.log
2014-01-15 03:04 - 2013-12-16 10:39 - 00000622 _____ () C:\WINDOWS\tabletoc.log
2014-01-15 03:04 - 2013-12-16 10:39 - 00000618 _____ () C:\WINDOWS\msgsocm.log
 
ZeroAccess:
C:\RECYCLER\S-1-5-21-1708537768-1177238915-682003330-500\$e71cb998cd8511bcb70fc97b9f406c30
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2014
Ran by Administrator at 2014-02-07 15:04:07
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 
==================== Installed Programs ======================
 
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (Version: 1.2.443 - Adobe Systems Incorporated)
Add or Remove Adobe Creative Suite 3 Design Standard (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.5 - Adobe Systems) Hidden
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe AIR (Version: 1.1.0.5790 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Standard (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Design Premium (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Design Premium (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 STI-en (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 Plugin (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator 10.0.3 (Version: 10.0.3 - Adobe Systems, Inc.)
Adobe Illustrator CS3 (Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 1.1 - Adobe Systems Incorporated)
Adobe MotionPicture Color Files (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PageMaker 7.0 (Version: 7.0.1 - Adobe Systems, Inc.)
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe SGM CS4 (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS3 (Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe SING CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe SVG Viewer 3.0 (Version:  3.0 - Adobe Systems, Inc.)
Adobe Type Manager 4.1 (Version:  - )
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Server {ko_KR}  (Version: 3.0.0.0 {ko_KR}  - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS4 Server (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
ATI - Software Uninstall Utility (Version: 6.14.10.1022 - )
ATI Catalyst Control Center (Version: 2.010.0210.2338 - )
ATI Display Driver (Version: 8.593.100-100210a-095952E-ATI - )
ATI Parental Control & Encoder (Version: 3.0 - ATI Technologies Inc.) Hidden
AVG 2014 (Version: 14.0.3697 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Czech (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Danish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Dutch (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help English (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Finnish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help French (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help German (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Greek (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Italian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Japanese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Korean (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Polish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Russian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Spanish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Swedish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Thai (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Turkish (Version: 2010.0210.2338.42455 - ATI) Hidden
ccc-core-preinstall (Version: 2010.0210.2339.42455 - ATI) Hidden
ccc-core-static (Version: 2010.0210.2339.42455 - ATI) Hidden
ccc-utility (Version: 2010.0210.2339.42455 - ATI) Hidden
CCleaner (Version: 4.07 - Piriform)
Classic FTP (Version:  - NCH Software)
Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000 - Microsoft Corporation)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
EPSON Scan (Version:  - )
ESET Online Scanner v3 (Version:  - )
Express Burn Disc Burning Software (Version:  - NCH Software)
Express Zip (Version:  - NCH Software)
Fingersystem Ipen Driver (Version:  - )
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Earth (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
IRISPen Express 6 (Version: 6.00.1841 - I.R.I.S.)
IRISPen Express 6 (Version: 6.00.1841 - I.R.I.S.) Hidden
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Interactive Training (Version:  - )
Microsoft Office Publisher 2003 (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office XP Professional (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Security Client (Version: 4.2.0223.1 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (Version:  - )
Mozilla Thunderbird 24.3.0 (x86 en-US) (Version: 24.3.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0 - Microsoft Corporation)
Nero BurnLite 10 (Version: 10.0.10100.1.100 - Nero AG)
Nero BurnLite 10 (Version: 10.0.10500 - Nero AG)
Nero Control Center 10 (Version: 10.0.13100.3.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (Version: 2.0.15100.0.1 - Nero AG) Hidden
Nero Update (Version: 1.0.0018 - Nero AG)
OpenOffice.org 3.3 (Version: 3.3.9567 - OpenOffice.org)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
Print Workshop 2008 (Version: 1.0.0 - Valusoft)
QuickTime (Version:  - )
Realtek High Definition Audio Driver (Version: 5.10.0.5391 - Realtek Semiconductor Corp.)
ritePen (Version:  - )
Skins (Version: 2010.0210.2339.42455 - ATI) Hidden
Spybot - Search & Destroy (Version: 2.1.21 - Safer-Networking Ltd.)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Tweak UI (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Visual printLEADER (Version:  - )
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD SmartWare (Version: 1.4.5.5 - Western Digital)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0 - Advanced Micro Devices)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
 
==================== Restore Points  =========================
 
11-01-2014 17:17:47 Software Distribution Service 3.0
12-01-2014 08:16:49 Software Distribution Service 3.0
12-01-2014 17:16:37 Software Distribution Service 3.0
13-01-2014 17:17:19 Software Distribution Service 3.0
14-01-2014 09:00:58 Software Distribution Service 3.0
14-01-2014 17:17:02 Software Distribution Service 3.0
15-01-2014 09:00:57 Software Distribution Service 3.0
16-01-2014 09:37:50 System Checkpoint
16-01-2014 14:36:47 Software Distribution Service 3.0
17-01-2014 14:36:38 Software Distribution Service 3.0
18-01-2014 14:36:26 Software Distribution Service 3.0
19-01-2014 08:18:29 Software Distribution Service 3.0
19-01-2014 14:36:16 Software Distribution Service 3.0
20-01-2014 14:36:17 Software Distribution Service 3.0
21-01-2014 14:36:45 Software Distribution Service 3.0
22-01-2014 14:37:19 Software Distribution Service 3.0
23-01-2014 15:32:27 System Checkpoint
24-01-2014 14:37:48 Software Distribution Service 3.0
25-01-2014 14:37:50 Software Distribution Service 3.0
26-01-2014 08:17:51 Software Distribution Service 3.0
26-01-2014 14:37:37 Software Distribution Service 3.0
27-01-2014 14:38:46 Software Distribution Service 3.0
28-01-2014 14:37:53 Software Distribution Service 3.0
29-01-2014 14:37:45 Software Distribution Service 3.0
30-01-2014 14:38:00 Software Distribution Service 3.0
31-01-2014 14:38:40 Software Distribution Service 3.0
01-02-2014 14:37:38 Software Distribution Service 3.0
02-02-2014 08:18:31 Software Distribution Service 3.0
02-02-2014 14:37:43 Software Distribution Service 3.0
03-02-2014 14:37:32 Software Distribution Service 3.0
04-02-2014 14:38:11 Software Distribution Service 3.0
05-02-2014 14:38:35 Software Distribution Service 3.0
06-02-2014 14:39:03 Software Distribution Service 3.0
07-02-2014 17:59:07 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
2004-08-04 06:00 - 2012-06-01 07:47 - 00000761 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-10-12 16:06 - 2008-09-04 14:30 - 00286720 _____ () C:\WINDOWS\system32\xiputil.dll
2011-10-12 16:06 - 2008-09-04 14:30 - 00364544 _____ () C:\WINDOWS\system32\xipinterp.dll
2011-10-12 16:06 - 2008-09-04 14:30 - 00155648 _____ () C:\WINDOWS\system32\xesup.dll
2011-10-12 16:06 - 2008-09-04 14:30 - 01388544 _____ () C:\WINDOWS\system32\xeext.dll
2013-09-19 11:24 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-19 11:24 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2012-10-15 14:57 - 2012-10-15 14:57 - 00083456 _____ () C:\Program Files\NCH Software\ExpressZip\ezcm.dll
2009-02-11 13:59 - 2003-05-23 10:30 - 00045056 _____ () C:\WINDOWS\system32\Ipenin.dll
2008-04-14 04:41 - 2008-04-14 04:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 04:42 - 2008-04-14 04:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-02-04 13:41 - 2014-02-01 17:42 - 04055368 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 13:41 - 2014-02-01 17:42 - 00399688 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 13:41 - 2014-02-01 17:41 - 01634632 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/05/2014 08:30:12 AM) (Source: MsiInstaller) (User: LEWIS)
Description: Product: Microsoft Office XP Professional -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.
 
Error: (12/16/2013 02:53:24 PM) (Source: WDFME) (User: )
Description: Service cannot be started. The service process could not connect to the service controller
 
Error: (12/16/2013 00:36:09 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmssswizard.exe4.4.304.00x80070015generalcallistowizard__cwizardflow__onflowfailure0wdotoolNILNILNIL
 
Error: (12/16/2013 00:34:20 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmssswizard.exe4.4.304.00x8004ff0adownloadingcallistowizard__cwizardflow__onflowfailure0wdotoolNILNILNIL
 
Error: (12/16/2013 00:17:46 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmssswizard.exe4.4.304.00x8004ff0ageneralcallistowizard__cwizardflow__onflowfailure0wdotoolNILNILNIL
 
Error: (12/13/2013 08:47:23 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (12/12/2013 05:06:13 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmssswizard.exe4.4.304.00x8004dd10generalcallistowizard__cwizardflow__onflowfailure0wdotoolNILNILNIL
 
Error: (12/12/2013 08:52:33 AM) (Source: SDUpdSvc.exe) (User: )
Description: The service process could not connect to the service controller
 
Error: (12/11/2013 11:21:18 AM) (Source: Microsoft Office 10) (User: )
Description: Faulting application winword.exe, version 10.0.2627.0, faulting module winword.exe, version 10.0.2627.0, fault address 0x00004ca4.
 
Error: (12/09/2013 02:53:19 PM) (Source: SDUpdSvc.exe) (User: )
Description: The service process could not connect to the service controller
 
 
System errors:
=============
Error: (02/06/2014 11:46:34 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error: 
%%1053
 
Error: (02/06/2014 11:46:34 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating Service service to connect.
 
Error: (02/06/2014 11:46:34 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (02/06/2014 11:46:34 AM) (Source: Service Control Manager) (User: )
Description: The WD File Management Engine service failed to start due to the following error: 
%%1053
 
Error: (02/06/2014 11:46:34 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the WD File Management Engine service to connect.
 
Error: (02/06/2014 11:46:34 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
%%1053
 
Error: (02/06/2014 11:46:34 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
 
Error: (02/06/2014 11:46:34 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (02/06/2014 11:46:34 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (02/05/2014 11:51:41 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0
 
 
Microsoft Office Sessions:
=========================
Error: (01/05/2014 08:30:12 AM) (Source: MsiInstaller)(User: LEWIS)
Description: Product: Microsoft Office XP Professional -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.(NULL)(NULL)(NULL)(NULL)
 
Error: (12/16/2013 02:53:24 PM) (Source: WDFME)(User: )
Description: Service cannot be started. The service process could not connect to the service controller
 
Error: (12/16/2013 00:36:09 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmssswizard.exe4.4.304.00x80070015generalcallistowizard__cwizardflow__onflowfailure0wdotoolNILNILNIL
 
Error: (12/16/2013 00:34:20 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmssswizard.exe4.4.304.00x8004ff0adownloadingcallistowizard__cwizardflow__onflowfailure0wdotoolNILNILNIL
 
Error: (12/16/2013 00:17:46 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmssswizard.exe4.4.304.00x8004ff0ageneralcallistowizard__cwizardflow__onflowfailure0wdotoolNILNILNIL
 
Error: (12/13/2013 08:47:23 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL
 
Error: (12/12/2013 05:06:13 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmssswizard.exe4.4.304.00x8004dd10generalcallistowizard__cwizardflow__onflowfailure0wdotoolNILNILNIL
 
Error: (12/12/2013 08:52:33 AM) (Source: SDUpdSvc.exe)(User: )
Description: The service process could not connect to the service controller
 
Error: (12/11/2013 11:21:18 AM) (Source: Microsoft Office 10)(User: )
Description: winword.exe10.0.2627.0winword.exe10.0.2627.000004ca4
 
Error: (12/09/2013 02:53:19 PM) (Source: SDUpdSvc.exe)(User: )
Description: The service process could not connect to the service controller
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 35%
Total physical RAM: 3454.32 MB
Available physical RAM: 2233.08 MB
Total Pagefile: 7382.44 MB
Available Pagefile: 6335.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.43 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:433.59 GB) (Free:352.3 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:497.37 GB) (Free:405.81 GB) NTFS
Drive h: (My Book) (Fixed) (Total:931.48 GB) (Free:837.09 GB) NTFS
Drive y: (D_Data) (Network) (Total:25.69 GB) (Free:21.18 GB) NTFS
Drive z: (DATADRIVE) (Network) (Total:16.94 GB) (Free:13.36 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 4FCCE264)
Partition 1: (Active) - (Size=434 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=497 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 0002DE38)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 10 February 2014 - 04:35 AM

This doesn't look too bad. Is MSE still detecting Rovnix now?


Please download Malwarebytes Anti-Malware and save it to your Desktop.
  • Execute the downloaded setup to install MBAM on your computer.
  • Start MBAM with administator privileges.
  • Open the tab Update and click on Check for Updates.
  • Open the tab Scanner, select Perform Quick Scan and press the Scan button.
  • When the scan is finished click on Show results.
  • Make sure that all the malware found is checked and click on Remove selected. Allow a reboot if one is required.
  • When finished MBAM shows a log file. (It can also be found under the Logs tab.)
    Please copy and paste the contents of this log file in your next reply.


#7 Action Print

Action Print
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 10 February 2014 - 11:36 AM

Sorry this is a work computer and I don't have access to it over the weekend.
Yes MSE still detects the Ronvix.
 
Here is the Malwarebytes log.
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.10.04
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: LEWIS [administrator]
 
Protection: Enabled
 
2/10/2014 8:51:27 AM
mbam-log-2014-02-10 (08-51-27).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243837
Time elapsed: 37 minute(s), 40 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 16
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712} (PUP.Optional.AmazonTB.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 2
C:\Documents and Settings\Administrator\Application Data\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
 
Files Detected: 32
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0WHNFSPK\distro-search-protect-fix[1] (PUP.Optional.Searchprotect) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\JZTOJ3WX\distro-search-protect-fix[1] (PUP.Optional.Searchprotect) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\roboot.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\1.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\10054.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\a.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\b.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\c.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\d.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\e.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\f.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\g.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\h.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\i.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\j.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\k.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\l.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\m.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\n.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\o.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\p.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\q.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\r.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\s.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\t.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\u.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\v.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\w.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\wlu.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\x.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\y.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\PriceGong\Data\z.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
 
(end)


#8 Action Print

Action Print
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 17 February 2014 - 10:09 AM

Any other suggestions MSE is still detecting Rovnix?



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 17 February 2014 - 06:10 PM

MSE is still detecting Rovnix

To get this right: Realtime protection of MSE still gives alerts that Rovnix has been found? Can you provide the exact wording of this alert or provide a screenshot of it?

#10 Action Print

Action Print
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 18 February 2014 - 09:46 AM

Ok here are some screen shots. I can't get the windows defender offline to work. The computer will boot from the cd but then locks up as soon as it starts scanning. 
 
 
 
 
Category: Virus
 
Description: This program is dangerous and replicates by infecting other files.
 
Recommended action: Remove this software immediately.
 
Items: 
rootkit:Rovnix->Vbr::Rovnix
 
I have selected it multiple times on the history and clicked remove all but them next time MSE runs it finds it again.


#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 18 February 2014 - 09:53 AM

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

Edited by aharonov, 18 February 2014 - 09:54 AM.


#12 Action Print

Action Print
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:08 PM

Posted 18 February 2014 - 03:19 PM

mbar-log-2014-02-18 (09-12-20).txt
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2014.02.18.03
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: LEWIS [administrator]
 
2/18/2014 9:12:20 AM
mbar-log-2014-02-18 (09-12-20).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 248278
Time elapsed: 2 hour(s), 37 minute(s), 33 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 6
C:\RECYCLER\S-1-5-18\$e71cb998cd8511bcb70fc97b9f406c30\U (Trojan.Siredef.C) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1708537768-1177238915-682003330-500\$e71cb998cd8511bcb70fc97b9f406c30\U (Trojan.Siredef.C) -> Delete on reboot.
C:\RECYCLER\S-1-5-18\$e71cb998cd8511bcb70fc97b9f406c30\L (Trojan.Siredef.C) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1708537768-1177238915-682003330-500\$e71cb998cd8511bcb70fc97b9f406c30\L (Trojan.Siredef.C) -> Delete on reboot.
C:\RECYCLER\S-1-5-18\$e71cb998cd8511bcb70fc97b9f406c30 (Trojan.Siredef.C) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1708537768-1177238915-682003330-500\$e71cb998cd8511bcb70fc97b9f406c30 (Trojan.Siredef.C) -> Delete on reboot.
 
Files Detected: 1
C:\RECYCLER\S-1-5-18\$e71cb998cd8511bcb70fc97b9f406c30\@ (Trojan.Siredef.C) -> Delete on reboot.
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
system-log.txt
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.199000 GHz
Memory total: 3622113280, free: 1870581760
 
Downloaded database version: v2014.02.18.03
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
     02/18/2014 09:11:55
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\WINDOWS\system32\ntkrnlpa.exe
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wdcsam.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE741E9E-8B59-4532-B076-B7B680007697}\MpKsl417a457c.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\atiok3x2.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\adfs.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\Udfs.SYS
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{48F0BD13-4E63-473D-BBA5-E1F6920695E8}\MpKsla8eeb121.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR5
Upper Device Object: 0xffffffff89c6e030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xffffffff8b1c6790
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8aa43568
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000075\
Lower Device Object: 0xffffffff8aba7508
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8b3aeab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8b3dd940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8b3aeab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b40ed10, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b3aeab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b434b38, DeviceName: \Device\00000069\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b3dd940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4FCCE264
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 909295002
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 910467810  Numsec = 1043052255
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8aa43568, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8aa44b90, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8aa43568, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8aba7508, DeviceName: \Device\00000075\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2DE38
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953456128
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000170586112 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff89c6e030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a535990, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89c6e030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b1c6790, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
 
Partition information:
 
    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 44  Numsec = 15679396
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 8040480256 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\RECYCLER\S-1-5-18\$e71cb998cd8511bcb70fc97b9f406c30\@ --> [Trojan.Siredef.C]
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2014\log\avgcore.log.1" is compressed (flags = 1)
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Infected: C:\RECYCLER\S-1-5-18\$e71cb998cd8511bcb70fc97b9f406c30\U --> [Trojan.Siredef.C]
Infected: C:\RECYCLER\S-1-5-21-1708537768-1177238915-682003330-500\$e71cb998cd8511bcb70fc97b9f406c30\U --> [Trojan.Siredef.C]
Infected: C:\RECYCLER\S-1-5-18\$e71cb998cd8511bcb70fc97b9f406c30\L --> [Trojan.Siredef.C]
Infected: C:\RECYCLER\S-1-5-21-1708537768-1177238915-682003330-500\$e71cb998cd8511bcb70fc97b9f406c30\L --> [Trojan.Siredef.C]
Infected: C:\RECYCLER\S-1-5-18\$e71cb998cd8511bcb70fc97b9f406c30 --> [Trojan.Siredef.C]
Infected: C:\RECYCLER\S-1-5-21-1708537768-1177238915-682003330-500\$e71cb998cd8511bcb70fc97b9f406c30 --> [Trojan.Siredef.C]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users