Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DMW.exe (firefox) - automatically running malicious URLs


  • This topic is locked This topic is locked
18 replies to this topic

#1 lala121

lala121

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 08 February 2014 - 01:26 PM

I installed K-Lite codec pack. After I installed my Kaspersky Internet Security poping up with messaging like "Malicious URL blocked". I checked the processes in task manager and noticed that "DMW.exe - Firefox" was running. Firefox was not running and I dont use it. So I unnstalled it. But I noticed that the same thing was happening again. The actual file is located in "C:\Program Files\Common Files\SurveyMonkey". This has really stressed me. I created a threat (http://www.bleepingcomputer.com/forums/t/523649/i-need-help-dmwexe-firefox) and Cyptodan has helped me. I ran some scans like TDDSkiller, Adwcleaner, Junkware, Farbar Service scanner. Now I have done the DDS. 

 

DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 9.0.8112.16526
Run by Shaheer Khan at 18:13:43 on 2014-02-08
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3325.2034 [GMT 0:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\wscript.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
C:\Program Files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\explorer.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\SurveyMonkey\dmw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
BHO: AutorunsDisabled - <orphaned>
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Ginger Grammar & Spell Checker: {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - c:\program files\ginger\gingerieaddin\adxloader.dll
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\urladvisor\klwtbbho.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BoxSync] "c:\program files\box\box sync\BoxSync.exe" -m
mRun: [SurveyMonkey] wscript.exe "c:\program files\common files\surveymonkey\data.js"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 14.0.0\ieext\urladvisor\klwtbbho.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://firepass.newvic.ac.uk/+CSCOL+/csvrloader32.cab
DPF: {FDEC6ADD-C88F-4F17-96A9-45B86A7B4BFD} - hxxps://firepass.newvic.ac.uk/+CSCOL+/csvrmon32.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{B0496BF1-4C4D-4BE8-AC4C-41E37905B3FB} : NameServer = 8.8.8.8
TCP: Interfaces\{E9197DA5-0377-4753-AE44-B0562471F42E} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2014-1-12 39624]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2013-6-10 25696]
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [2013-4-12 14432]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-5-14 45024]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2013-6-6 144992]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2013-4-20 87968]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-4-29 217088]
R2 avp;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 14.0.0\avp.exe [2013-6-17 214512]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2013-3-28 21504]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2014-2-5 108000]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2013-12-31 2151744]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-2-8 418376]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:\program files\nitro\pro 9\NitroPDFDriverService9.exe [2013-12-17 197128]
R2 Sage AutoUpdate Manager Service;Sage AutoUpdate Manager Service;c:\program files\common files\sage\central\autoupdateclient\Sage.Central.AutoUpdateManager.Service.exe [2012-7-5 8192]
R2 Sage SData Service;Sage SData Service;c:\program files\common files\sage sdata\Sage.SData.Service.exe [2012-5-17 53248]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-5-5 25696]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-5-5 25696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-2-8 22856]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-11-13 37064]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\cmw_srv.exe --> c:\program files\hotspot shield\bin\cmw_srv.exe [?]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe --> c:\program files\hotspot shield\bin\hsswd.exe [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-2-8 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\box\box sync\SyncUpdaterService.exe [2013-12-26 20992]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2013-4-5 34432]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2013-1-31 22656]
S3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys [2013-12-22 27496]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=c:\windows\system32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2014-02-08 17:32:07 -------- d-----w- c:\windows\ERUNT
2014-02-08 17:21:36 -------- d-----w- C:\AdwCleaner
2014-02-08 15:45:27 -------- d-----w- c:\users\shaheer khan\appdata\roaming\Malwarebytes
2014-02-08 15:45:16 -------- d-----w- c:\programdata\Malwarebytes
2014-02-08 15:45:15 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-08 15:45:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-08 11:10:01 -------- d-----w- c:\users\shaheer khan\appdata\local\AMozilla
2014-02-08 11:09:43 -------- d-----w- c:\users\shaheer khan\appdata\roaming\AMozilla
2014-02-08 11:09:42 -------- d-----w- c:\program files\common files\SurveyMonkey
2014-02-07 10:13:45 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-02-07 10:13:39 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a5beaa36-af70-4d9e-bbca-a0969f0f78e6}\mpengine.dll
2014-02-05 12:44:15 108000 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2014-02-02 12:45:14 -------- d-----w- c:\program files\Lame For Audacity
2014-02-02 12:40:20 -------- d-----w- c:\program files\Audacity
2014-02-01 11:42:54 -------- d--h--w- c:\users\shaheer khan\.Box Sync
2014-01-31 23:50:03 -------- d-----w- c:\users\shaheer khan\appdata\local\Screencast-O-Matic
2014-01-31 16:42:32 -------- d-----w- c:\users\shaheer khan\New Folder
2014-01-31 14:47:24 -------- d-----w- c:\users\shaheer khan\appdata\local\Skype
2014-01-31 14:46:53 -------- d-----r- c:\program files\Skype
2014-01-29 18:36:06 -------- d-----w- c:\program files\Bulk Rename Utility
2014-01-19 14:18:33 -------- d-----w- c:\users\shaheer khan\appdata\local\4dots_Software
2014-01-12 12:00:13 -------- d-----r- c:\users\shaheer khan\Photoshop
2014-01-12 11:01:45 39624 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2014-01-11 11:30:14 -------- d-----w- c:\users\shaheer khan\appdata\roaming\Xilisoft
2014-01-11 11:30:14 -------- d-----w- c:\program files\Xilisoft
.
==================== Find3M  ====================
.
2014-02-05 10:03:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 10:03:22 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-29 18:07:42 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-26 19:46:58 320120 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-12-19 09:44:14 144992 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-12-18 06:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-17 15:05:46 18440 ----a-w- c:\windows\system32\nitrolocalui9.dll
2013-12-17 15:05:44 27144 ----a-w- c:\windows\system32\nitrolocalmon9.dll
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-13 10:50:56 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys
2012-07-12 08:19:00 2174976 ----a-w- c:\program files\common files\atimpenc.dll
.
============= FINISH: 18:14:36.86 ===============
 
Please help me guys :( I'm really stressed because of this. I have so much work to do, currently doing my a-level exams :( I cant afford to go to a shop to get it repaired or whatever and my anxiety disorder is really getting to me because of this :(:( Thank you everyone for your help. 

Attached Files



BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:56 AM

Posted 12 February 2014 - 06:19 PM

Hello lala121, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.changelog.fr/SecurityCheck.exe
.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Best Regards,
oneof4.


#3 lala121

lala121
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 13 February 2014 - 04:34 AM

 

Hello lala121, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.changelog.fr/SecurityCheck.exe
.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Thank you for your reply! I had been waiting for ages. Just want to firstly say thank you for taking then time and helping me. Regards the DSS Log, since uploading I have opened my computer but had not changed anything. Except when turning it on a blue screen came up saying where to boot the computer from, I clicked hard drive, I am not sure whether it had changed anything. 

 

Okay I am going to get working on the scans 



#4 lala121

lala121
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 13 February 2014 - 04:54 AM

 

Hello lala121, and  :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to see some information about what is happening in your machine.  Please perform the following scans:

Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe
or http://screen317.changelog.fr/SecurityCheck.exe
.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==========
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note
: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Here are the logs from the scan  :thumbsup2:

 

Checkup:

 

 Results of screen317's Security Check version 0.99.79  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Flash Player 12.0.0.44  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0 % 
````````````````````End of Log`````````````````````` 
 
 
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Shaheer Khan (administrator) on SHAHEERKHAN-PC on 13-02-2014 09:49:05
Running from C:\Users\Shaheer Khan\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
(Microsoft) C:\Program Files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(Sage (UK) Limited) C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Common Files\SurveyMonkey\dmw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BoxSync] - c:\Program Files\Box\Box Sync\BoxSync.exe [12161792 2014-01-31] (Box, Inc.)
HKLM\...\Run: [SurveyMonkey] - wscript.exe "C:\Program Files\Common Files\SurveyMonkey\data.js"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3571332690-2427944289-3315415155-1006\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3825232 2014-02-05] (Tonec Inc.)
HKU\S-1-5-21-3571332690-2427944289-3315415155-1006\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-3571332690-2427944289-3315415155-1006\...\MountPoints2: {0a5683a3-7636-11e3-9281-001d097a9cb8} - F:\Setup.exe
HKU\S-1-5-21-3571332690-2427944289-3315415155-1006\...\MountPoints2: {cf7ad5c0-7254-11e3-b462-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-3571332690-2427944289-3315415155-1006\...\MountPoints2: {de415b0a-dc2d-11e2-947e-001d097a9cb8} - F:\DVAP.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x601B32F4E20ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
SearchScopes: HKLM - DefaultScope value is missing.
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: Ginger Grammar & Spell Checker - {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files\Ginger\GingerIEAddin\adxloader.dll ()
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://firepass.newvic.ac.uk/+CSCOL+/csvrloader32.cab
DPF: {FDEC6ADD-C88F-4F17-96A9-45B86A7B4BFD} https://firepass.newvic.ac.uk/+CSCOL+/csvrmon32.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B0496BF1-4C4D-4BE8-AC4C-41E37905B3FB}: [NameServer]8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Shaheer Khan\AppData\Roaming\Mozilla\Firefox\Profiles\ez7wb68s.default
FF Homepage: user_pref("browser.startup.homepage", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [firefox@gingersoftware.com] - C:\Program Files\Ginger\Mozilla\firefox@gingersoftware.com
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files\Ginger\Mozilla\firefox@gingersoftware.com [2013-08-01]
FF HKLM\...\Firefox\Extensions: [adapter@gingersoftware.com] - C:\Program Files\Ginger\Mozilla\adapter@gingersoftware.com
FF Extension: Ginger - C:\Program Files\Ginger\Mozilla\adapter@gingersoftware.com [2013-08-04]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-09-20]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-09-20]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-09-20]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-09-20]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-09-20]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Shaheer Khan\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Shaheer Khan\AppData\Roaming\IDM\idmmzcc5 [2014-02-06]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Shaheer Khan\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Shaheer Khan\AppData\Roaming\IDM\idmmzcc5 [2014-02-06]
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Adblock Plus) - C:\Users\Shaheer Khan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-15]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Shaheer Khan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-12-29]
CHR Extension: (MaskMe) - C:\Users\Shaheer Khan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg [2013-12-29]
CHR Extension: (Google Calendar) - C:\Users\Shaheer Khan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-12-29]
CHR Extension: (Safe Money) - C:\Users\Shaheer Khan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-12-29]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Shaheer Khan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-12-29]
CHR Extension: (Google Keep) - C:\Users\Shaheer Khan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-12-29]
CHR Extension: (Virtual Keyboard) - C:\Users\Shaheer Khan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-12-29]
CHR Extension: (IDM Integration Module) - C:\Users\Shaheer Khan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-01-22]
CHR Extension: (Google Wallet) - C:\Users\Shaheer Khan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-29]
CHR Extension: (Anti-Banner) - C:\Users\Shaheer Khan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-12-29]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-08-23]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-02-05]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-09]
 
========================== Services (Whitelisted) =================
 
R2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-02] (Kaspersky Lab ZAO)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [20992 2013-12-26] (Box Inc.)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-31] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2013-12-17] (Nitro PDF Software)
R2 Sage AutoUpdate Manager Service; C:\Program Files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2012-07-05] (Microsoft)
R2 Sage SData Service; C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe [53248 2012-05-17] (Sage (UK) Limited)
S2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [X]
S2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2013-12-17] (AnchorFree Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-11-07] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [574560 2013-12-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-02] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-02] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2013-12-19] (Kaspersky Lab ZAO)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2013-12-26] (Duplex Secure Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-11-13] (Anchorfree Inc.)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [27496 2013-03-25] (Wondershare)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2013-06-08] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-13 09:49 - 2014-02-13 09:49 - 00015851 _____ () C:\Users\Shaheer Khan\Desktop\FRST.txt
2014-02-13 09:48 - 2014-02-13 09:49 - 00000000 ____D () C:\FRST
2014-02-13 09:47 - 2014-02-13 09:47 - 01141248 _____ (Farbar) C:\Users\Shaheer Khan\Desktop\FRST.exe
2014-02-13 09:40 - 2014-02-13 09:40 - 00987425 _____ () C:\Users\Shaheer Khan\Desktop\SecurityCheck.exe
2014-02-08 17:32 - 2014-02-08 17:32 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 17:21 - 2014-02-08 17:24 - 00000000 ____D () C:\AdwCleaner
2014-02-08 16:26 - 2014-02-08 16:26 - 00401654 _____ () C:\Windows\PFRO.log
2014-02-08 15:45 - 2014-02-08 15:45 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Roaming\Malwarebytes
2014-02-08 15:45 - 2014-02-08 15:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-08 15:45 - 2014-02-08 15:45 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-08 15:45 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-08 15:00 - 2014-02-08 15:00 - 00015554 _____ () C:\Users\Saqib Khan\Downloads\ACC1115 COURSEWORK  RESULTS.xlsx
2014-02-08 14:44 - 2014-02-08 14:44 - 00000000 ____D () C:\Users\Saqib Khan\AppData\Roaming\AMozilla
2014-02-08 14:44 - 2014-02-08 14:44 - 00000000 ____D () C:\Users\Saqib Khan\AppData\Local\AMozilla
2014-02-08 11:10 - 2014-02-08 11:10 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Local\AMozilla
2014-02-08 11:09 - 2014-02-08 11:09 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Roaming\AMozilla
2014-02-08 11:09 - 2014-02-08 11:09 - 00000000 ____D () C:\Program Files\Common Files\SurveyMonkey
2014-02-07 10:35 - 2014-02-07 10:35 - 01301148 _____ () C:\Users\Saqib Khan\Desktop\S3 Marginal and Absorption Costing.pptx
2014-02-07 10:18 - 2014-02-07 10:18 - 01110528 _____ () C:\Users\Saqib Khan\Desktop\ECS 1125 Banking, Money and Interest rates.ppt
2014-02-05 22:04 - 2014-02-07 22:04 - 00000981 _____ () C:\Windows\AutoKMS.log
2014-02-05 12:44 - 2013-11-28 00:24 - 00108000 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-02-04 15:57 - 2014-02-04 16:05 - 00359424 _____ () C:\Users\Saqib Khan\Documents\Copy of Journal and T-Accounts.xls
2014-02-02 12:45 - 2014-02-02 12:45 - 00000000 ____D () C:\Program Files\Lame For Audacity
2014-02-02 12:40 - 2014-02-08 00:02 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Roaming\Audacity
2014-02-02 12:40 - 2014-02-02 12:40 - 00000000 ____D () C:\Program Files\Audacity
2014-02-01 14:24 - 2014-02-01 14:24 - 00000000 ___HD () C:\Users\Saqib Khan\.Box Sync
2014-02-01 11:42 - 2014-02-01 11:42 - 00000000 ___HD () C:\Users\Shaheer Khan\.Box Sync
2014-01-31 23:50 - 2014-01-31 23:52 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Local\Screencast-O-Matic
2014-01-31 16:42 - 2014-02-04 17:48 - 00000000 ____D () C:\Users\Shaheer Khan\New Folder
2014-01-31 14:47 - 2014-02-06 12:28 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Roaming\Skype
2014-01-31 14:47 - 2014-01-31 14:47 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Local\Skype
2014-01-31 14:46 - 2014-01-31 14:46 - 00000000 ___RD () C:\Program Files\Skype
2014-01-31 14:46 - 2014-01-31 14:46 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-01-29 18:36 - 2014-01-29 18:36 - 00000000 ____D () C:\Program Files\Bulk Rename Utility
2014-01-22 19:12 - 2014-01-22 19:12 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-01-19 14:18 - 2014-01-19 14:18 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Local\4dots_Software
2014-01-18 16:52 - 2014-01-18 16:52 - 00000000 ____D () C:\Users\Saqib Khan\AppData\Roaming\Sage
 
==================== One Month Modified Files and Folders =======
 
2014-02-13 09:49 - 2014-02-13 09:49 - 00015851 _____ () C:\Users\Shaheer Khan\Desktop\FRST.txt
2014-02-13 09:49 - 2014-02-13 09:48 - 00000000 ____D () C:\FRST
2014-02-13 09:47 - 2014-02-13 09:47 - 01141248 _____ (Farbar) C:\Users\Shaheer Khan\Desktop\FRST.exe
2014-02-13 09:40 - 2014-02-13 09:40 - 00987425 _____ () C:\Users\Shaheer Khan\Desktop\SecurityCheck.exe
2014-02-13 09:40 - 2006-11-02 12:52 - 01098205 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 09:39 - 2013-12-29 19:11 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Roaming\DMCache
2014-02-13 09:37 - 2006-11-02 10:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 09:36 - 2013-03-28 20:36 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-13 09:34 - 2014-01-03 11:42 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Local\Box Sync
2014-02-13 09:30 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-13 09:30 - 2006-11-02 12:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 09:30 - 2006-11-02 12:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-10 19:25 - 2006-11-02 13:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-08 19:03 - 2013-12-17 21:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-08 17:32 - 2014-02-08 17:32 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 17:24 - 2014-02-08 17:21 - 00000000 ____D () C:\AdwCleaner
2014-02-08 16:26 - 2014-02-08 16:26 - 00401654 _____ () C:\Windows\PFRO.log
2014-02-08 15:45 - 2014-02-08 15:45 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Roaming\Malwarebytes
2014-02-08 15:45 - 2014-02-08 15:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-08 15:45 - 2014-02-08 15:45 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-08 15:16 - 2013-03-29 11:55 - 00000000 ____D () C:\Users\Saqib Khan\AppData\Roaming\DMCache
2014-02-08 15:00 - 2014-02-08 15:00 - 00015554 _____ () C:\Users\Saqib Khan\Downloads\ACC1115 COURSEWORK  RESULTS.xlsx
2014-02-08 14:46 - 2013-04-01 15:30 - 00000000 ____D () C:\Users\Saqib Khan\AppData\Local\Box Sync
2014-02-08 14:44 - 2014-02-08 14:44 - 00000000 ____D () C:\Users\Saqib Khan\AppData\Roaming\AMozilla
2014-02-08 14:44 - 2014-02-08 14:44 - 00000000 ____D () C:\Users\Saqib Khan\AppData\Local\AMozilla
2014-02-08 11:47 - 2013-12-30 14:22 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Roaming\Nitro PDF
2014-02-08 11:32 - 2013-12-30 20:18 - 00001339 _____ () C:\Users\Shaheer Khan\Desktop\Box Folder.lnk
2014-02-08 11:10 - 2014-02-08 11:10 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Local\AMozilla
2014-02-08 11:09 - 2014-02-08 11:09 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Roaming\AMozilla
2014-02-08 11:09 - 2014-02-08 11:09 - 00000000 ____D () C:\Program Files\Common Files\SurveyMonkey
2014-02-08 00:02 - 2014-02-02 12:40 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Roaming\Audacity
2014-02-07 22:04 - 2014-02-05 22:04 - 00000981 _____ () C:\Windows\AutoKMS.log
2014-02-07 22:04 - 2013-04-23 15:02 - 00000202 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2014-02-07 13:13 - 2013-11-03 18:47 - 00000000 ____D () C:\ProgramData\ProductData
2014-02-07 11:49 - 2013-12-30 22:27 - 00000000 ____D () C:\Users\Saqib Khan\Box Sync
2014-02-07 10:35 - 2014-02-07 10:35 - 01301148 _____ () C:\Users\Saqib Khan\Desktop\S3 Marginal and Absorption Costing.pptx
2014-02-07 10:22 - 2013-03-29 11:49 - 00000000 ____D () C:\Users\Saqib Khan
2014-02-07 10:18 - 2014-02-07 10:18 - 01110528 _____ () C:\Users\Saqib Khan\Desktop\ECS 1125 Banking, Money and Interest rates.ppt
2014-02-06 15:52 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-06 14:32 - 2013-03-28 21:17 - 00000000 ____D () C:\Program Files\Internet Download Manager
2014-02-06 12:28 - 2014-01-31 14:47 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Roaming\Skype
2014-02-05 20:45 - 2013-12-29 19:11 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Roaming\IDM
2014-02-05 10:03 - 2013-12-17 21:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 10:03 - 2013-12-17 21:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-04 21:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-04 17:48 - 2014-01-31 16:42 - 00000000 ____D () C:\Users\Shaheer Khan\New Folder
2014-02-04 16:57 - 2013-03-29 10:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-04 16:57 - 2006-11-02 10:23 - 00000219 _____ () C:\Windows\win.ini
2014-02-04 16:15 - 2013-12-29 18:33 - 00000000 ____D () C:\Users\Shaheer Khan
2014-02-04 16:05 - 2014-02-04 15:57 - 00359424 _____ () C:\Users\Saqib Khan\Documents\Copy of Journal and T-Accounts.xls
2014-02-03 21:06 - 2014-01-03 11:43 - 00000000 ____D () C:\Users\Shaheer Khan\Box Sync
2014-02-02 12:45 - 2014-02-02 12:45 - 00000000 ____D () C:\Program Files\Lame For Audacity
2014-02-02 12:40 - 2014-02-02 12:40 - 00000000 ____D () C:\Program Files\Audacity
2014-02-01 14:24 - 2014-02-01 14:24 - 00000000 ___HD () C:\Users\Saqib Khan\.Box Sync
2014-02-01 11:42 - 2014-02-01 11:42 - 00000000 ___HD () C:\Users\Shaheer Khan\.Box Sync
2014-01-31 23:52 - 2014-01-31 23:50 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Local\Screencast-O-Matic
2014-01-31 20:03 - 2013-03-29 12:24 - 00000000 ____D () C:\ProgramData\IObit
2014-01-31 14:47 - 2014-01-31 14:47 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Local\Skype
2014-01-31 14:47 - 2013-08-27 14:35 - 00000000 ____D () C:\ProgramData\Skype
2014-01-31 14:46 - 2014-01-31 14:46 - 00000000 ___RD () C:\Program Files\Skype
2014-01-31 14:46 - 2014-01-31 14:46 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-01-31 12:03 - 2013-12-07 20:34 - 00000000 ____D () C:\Users\Saqib Khan\Documents\CVs
2014-01-30 11:25 - 2013-03-29 09:17 - 00000000 ____D () C:\Users\Shaheer Khan\Documents\Shaheer
2014-01-29 18:36 - 2014-01-29 18:36 - 00000000 ____D () C:\Program Files\Bulk Rename Utility
2014-01-26 21:03 - 2013-12-29 18:34 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Local\VirtualStore
2014-01-25 00:07 - 2013-12-30 14:21 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Roaming\Nitro
2014-01-24 23:39 - 2014-01-12 12:00 - 00000000 ___RD () C:\Users\Shaheer Khan\Photoshop
2014-01-22 19:12 - 2014-01-22 19:12 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-01-21 20:26 - 2013-12-29 18:46 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Local\Adobe
2014-01-19 14:18 - 2014-01-19 14:18 - 00000000 ____D () C:\Users\Shaheer Khan\AppData\Local\4dots_Software
2014-01-18 16:52 - 2014-01-18 16:52 - 00000000 ____D () C:\Users\Saqib Khan\AppData\Roaming\Sage
2014-01-18 16:43 - 2013-12-30 22:28 - 00000000 ____D () C:\Users\Saqib Khan\Desktop\Desktop Stuff
2014-01-16 09:58 - 2013-08-15 09:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 09:56 - 2006-11-02 10:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-15 19:18 - 2013-03-29 10:25 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-01-14 16:11 - 2013-03-28 20:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
 
Some content of TEMP:
====================
C:\Users\Saqib Khan\AppData\Local\Temp\log4net.dll
C:\Users\Saqib Khan\AppData\Local\Temp\SyncRestarter.exe
C:\Users\Saqib Khan\AppData\Local\Temp\sync_upgrader.exe
C:\Users\Shaheer Khan\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-13 09:39
 
==================== End Of Log ============================

 

 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by Shaheer Khan at 2014-02-13 09:49:39
Running from C:\Users\Shaheer Khan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
32 bit Windows Card Reader Driver (Version: 1.1.0.0 - TEAC)
Accounts (Version: 19.0.0.7 - Sage (UK) Ltd) Hidden
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122 - Adobe Systems, Inc.)
Audacity 2.0.5 (Version: 2.0.5 - Audacity Team)
Auslogics BoostSpeed (Version: 6.4.2.0 - Auslogics Labs Pty Ltd)
Box Sync (Version: 4.0.4052.0 - Box Inc.) Hidden
Box Sync (Version: 4.0.4336.0 - Box, Inc.)
Bulk Rename Utility 2.7.1.2 (Version:  - TGRMN Software)
Catalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) Hidden
CCC Help English (Version: 2007.0731.2233.38497 - ATI) Hidden
ccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hidden
ccc-utility (Version: 2007.0731.2234.38497 - ATI) Hidden
CCleaner (Version: 4.09 - Piriform)
Coupon Printer (Version: 2.2.0.1 - Coupons.com Inc.) <==== ATTENTION
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)
EPSON Scan (Version:  - )
EPSON SX110 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
f.lux (HKCU Version:  - )
Ginger (Version: 3.3.33 - Ginger Software)
Ginger (Version: 3.3.33 - Ginger Software) Hidden
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Hotspot Shield 3.23 (Version: 3.23 - AnchorFree Inc.)
Intel® PRO Network Connections 12.1.11.0 (Version:  - Intel)
Intel® PRO Network Connections 12.1.11.0 (Version:  - Intel) Hidden
Internet Download Manager (Version:  - Tonec Inc.)
IObit Uninstaller (Version: 3.0.4.922 - IObit)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - German/Deutsch (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mp3tag v2.58 (Version: v2.58 - Florian Heidenreich)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nitro Pro 9 (Version: 9.0.5.9 - Nitro)
Realtek High Definition Audio Driver (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Sage 50 Accounts 2013 Workbooks (Version: 19.0.0.7 - Sage (UK) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (Version:  - Microsoft) Hidden
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0 - Microsoft)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0 - Microsoft)
Skins (Version: 2007.0731.2234.38497 - ATI) Hidden
Skype™ 6.13 (Version: 6.13.104 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WinRAR 5.01 (32-bit) (Version: 5.01.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate (HKCU Version: 7.7.3.20131014 - Xilisoft)
 
==================== Restore Points  =========================
 
14-01-2014 16:10:28 IObit Uninstaller restore point
14-01-2014 16:11:08 Removed Grand Theft Auto Vice City
15-01-2014 18:21:53 Scheduled Checkpoint
16-01-2014 09:53:14 Windows Update
19-01-2014 14:23:05 IObit Uninstaller restore point
21-01-2014 09:40:32 Windows Update
24-01-2014 11:19:33 Windows Update
28-01-2014 14:47:35 Windows Update
31-01-2014 15:16:49 Installed IP Camera Adapter
31-01-2014 15:27:41 Removed IP Camera Adapter
04-02-2014 09:15:17 Windows Update
04-02-2014 16:54:12 Windows Update
08-02-2014 16:57:14 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2013-12-30 13:52 - 2013-12-30 13:52 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {082FF4A4-A422-4073-A629-BF31B519F612} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
Task: {19041528-44EE-4B7B-9EAE-928AE1F6F0C3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {259AA899-8E43-4E25-8266-DA2B865D77F1} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {27CE9D95-A759-4716-9B68-938E1901F26F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {494A4281-2188-459B-9F27-EA90371C1D17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-28] (Google Inc.)
Task: {6645FE07-7E9E-4028-BF13-122172B477D9} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
Task: {7E64C302-0E83-475E-85CB-99A27D6D3FC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-28] (Google Inc.)
Task: {9E782DDD-141D-4617-B2AF-97D688982FEB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {BDACF524-4209-49CB-B8BF-F2330FBB22F7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {E2EFA319-2597-43B5-88EB-224D93EC463C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-06-17 11:35 - 2013-06-17 11:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2011-11-10 02:11 - 2013-09-21 18:38 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2007-03-02 11:44 - 2007-03-02 11:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2014-02-08 11:09 - 2010-03-31 11:58 - 01015256 _____ () C:\Program Files\Common Files\SurveyMonkey\js3250.dll
2014-02-08 11:09 - 2012-01-06 21:09 - 00044032 _____ () C:\Program Files\Common Files\SurveyMonkey\js3260.dll
2014-02-04 09:17 - 2014-02-01 23:42 - 04055368 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 09:17 - 2014-02-01 23:42 - 00399688 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 09:17 - 2014-02-01 23:41 - 01634632 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Box Sync.lnk => C:\Windows\pss\Box Sync.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => c:\program files\common files\adobe\arm\1.0\adobearm.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BoxSync => "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
MSCONFIG\startupreg: BoxSyncHelper => "C:\Program Files\Box Sync\BoxSyncHelper.exe"
MSCONFIG\startupreg: ehTray.exe => c:\windows\ehome\ehtray.exe
MSCONFIG\startupreg: EPSON SX110 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\Windows\TEMP\E_S499D.tmp" /EF "HKCU"
MSCONFIG\startupreg: GingerClient.exe => c:\program files\ginger\gingerclient.exe
MSCONFIG\startupreg: RtHDVCpl => c:\program files\realtek\audio\hda\rthdvcpl.exe -s
MSCONFIG\startupreg: StartCCC => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom 802.11g Network Adapter
Description: Broadcom 802.11g Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XV
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/13/2014 09:34:53 AM) (Source: .NET Runtime) (User: )
Description: Application: BoxSync.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at IconLogic.IconLogic.AskToUnload()
   at IconLogic.IconLogic.OnDBChanged(System.Object, System.IO.FileSystemEventArgs)
   at System.IO.FileSystemWatcher.OnChanged(System.IO.FileSystemEventArgs)
   at System.IO.FileSystemWatcher.NotifyFileSystemEventArgs(Int32, System.String)
   at System.IO.FileSystemWatcher.CompletionStatusChanged(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
 
Error: (02/08/2014 06:04:03 PM) (Source: LiveUpdate.exe) (User: )
Description: The service process could not connect to the service controller
 
 
System errors:
=============
Error: (02/13/2014 09:31:55 AM) (Source: Service Control Manager) (User: )
Description: Hotspot Shield Monitoring Service%%2
 
Error: (02/13/2014 09:31:55 AM) (Source: Service Control Manager) (User: )
Description: Hotspot Shield Service%%2
 
Error: (02/13/2014 09:30:15 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Acrobat PDFWriter failed to initialize because a suitable Acrobat PDFWriter driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
 
Error: (02/10/2014 07:24:01 PM) (Source: Service Control Manager) (User: )
Description: Hotspot Shield Monitoring Service%%2
 
Error: (02/10/2014 07:24:01 PM) (Source: Service Control Manager) (User: )
Description: Hotspot Shield Service%%2
 
Error: (02/10/2014 07:22:32 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Acrobat PDFWriter failed to initialize because a suitable Acrobat PDFWriter driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
 
Error: (02/10/2014 07:10:52 PM) (Source: Service Control Manager) (User: )
Description: 30000avp
 
Error: (02/10/2014 07:10:25 PM) (Source: Service Control Manager) (User: )
Description: Hotspot Shield Monitoring Service%%2
 
Error: (02/10/2014 07:10:25 PM) (Source: Service Control Manager) (User: )
Description: Hotspot Shield Service%%2
 
Error: (02/10/2014 07:08:57 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Acrobat PDFWriter failed to initialize because a suitable Acrobat PDFWriter driver could not be found. The new printer settings that you specified have not taken effect. Install or reinstall the printer driver. You might need to contact the vendor for an updated driver.
 
 
Microsoft Office Sessions:
=========================
Error: (02/13/2014 09:34:53 AM) (Source: .NET Runtime)(User: )
Description: Application: BoxSync.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at IconLogic.IconLogic.AskToUnload()
   at IconLogic.IconLogic.OnDBChanged(System.Object, System.IO.FileSystemEventArgs)
   at System.IO.FileSystemWatcher.OnChanged(System.IO.FileSystemEventArgs)
   at System.IO.FileSystemWatcher.NotifyFileSystemEventArgs(Int32, System.String)
   at System.IO.FileSystemWatcher.CompletionStatusChanged(UInt32, UInt32, System.Threading.NativeOverlapped*)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
 
Error: (02/08/2014 06:04:03 PM) (Source: LiveUpdate.exe)(User: )
Description: The service process could not connect to the service controller
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-13 09:49:15.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-13 09:49:15.545
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-13 09:49:15.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-13 09:49:15.197
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-13 09:49:15.030
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-13 09:49:14.866
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-13 09:49:14.706
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-13 09:49:14.560
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-13 09:49:14.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-13 09:49:14.173
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 48%
Total physical RAM: 3325.45 MB
Available physical RAM: 1716.29 MB
Total Pagefile: 6881.83 MB
Available Pagefile: 5339.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:455.7 GB) (Free:252.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.15 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 78000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=456 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:56 AM

Posted 13 February 2014 - 04:13 PM

Hey :)

 

Please re-run TDSSKiller that cryptodan had you previously run:

 

Click on Change Parameters and click Detect TDLFS File System.

  •     Click the Start Scan button.
  •     Do not use the computer during the scan
  •     If the scan completes with nothing found, click Close to exit.
  •     If malicious objects are found, they will show in the Scan results - Select action for found objects, there will be three options.
  •     Ensure Delete is selected, then click Continue > Reboot now to finish the cleaning process. 
  •     A TDSSKiller text file would be saved in Local Disk C.
  •     Copy and paste the contents of that file in your next reply.

Best Regards,
oneof4.


#6 lala121

lala121
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 13 February 2014 - 04:35 PM

 

Hey :)

 

Please re-run TDSSKiller that cryptodan had you previously run:

 

Click on Change Parameters and click Detect TDLFS File System.

  •     Click the Start Scan button.
  •     Do not use the computer during the scan
  •     If the scan completes with nothing found, click Close to exit.
  •     If malicious objects are found, they will show in the Scan results - Select action for found objects, there will be three options.
  •     Ensure Delete is selected, then click Continue > Reboot now to finish the cleaning process. 
  •     A TDSSKiller text file would be saved in Local Disk C.
  •     Copy and paste the contents of that file in your next reply.

 

 

Heya, hope you are doing fine  :woot: here is the log :)

 

TDSS Log

 

21:25:44.0803 0x0874  TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41

21:25:52.0853 0x0874  ============================================================
21:25:52.0853 0x0874  Current date / time: 2014/02/13 21:25:52.0853
21:25:52.0853 0x0874  SystemInfo:
21:25:52.0853 0x0874  
21:25:52.0853 0x0874  OS Version: 6.0.6002 ServicePack: 2.0
21:25:52.0853 0x0874  Product type: Workstation
21:25:52.0853 0x0874  ComputerName: SHAHEERKHAN-PC
21:25:52.0853 0x0874  UserName: Shaheer Khan
21:25:52.0853 0x0874  Windows directory: C:\Windows
21:25:52.0853 0x0874  System windows directory: C:\Windows
21:25:52.0853 0x0874  Processor architecture: Intel x86
21:25:52.0853 0x0874  Number of processors: 2
21:25:52.0853 0x0874  Page size: 0x1000
21:25:52.0853 0x0874  Boot type: Normal boot
21:25:52.0853 0x0874  ============================================================
21:25:57.0782 0x0874  KLMD registered as C:\Windows\system32\drivers\58837645.sys
21:25:58.0141 0x0874  System UUID: {CEAA98F7-4D92-D0CD-49AB-8A9C5B515727}
21:25:59.0217 0x0874  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:25:59.0249 0x0874  ============================================================
21:25:59.0249 0x0874  \Device\Harddisk0\DR0:
21:25:59.0561 0x0874  MBR partitions:
21:25:59.0561 0x0874  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1400000
21:25:59.0561 0x0874  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141F800, BlocksNum 0x38F66000
21:25:59.0561 0x0874  ============================================================
21:25:59.0717 0x0874  C: <-> \Device\Harddisk0\DR0\Partition2
21:25:59.0997 0x0874  D: <-> \Device\Harddisk0\DR0\Partition1
21:25:59.0997 0x0874  ============================================================
21:25:59.0997 0x0874  Initialize success
21:25:59.0997 0x0874  ============================================================
21:26:36.0813 0x17dc  ============================================================
21:26:36.0813 0x17dc  Scan started
21:26:36.0813 0x17dc  Mode: Manual; TDLFS; 
21:26:36.0813 0x17dc  ============================================================
21:26:36.0813 0x17dc  KSN ping started
21:26:50.0307 0x17dc  KSN ping finished: true
21:26:51.0072 0x17dc  ================ Scan system memory ========================
21:26:51.0072 0x17dc  System memory - ok
21:26:51.0072 0x17dc  ================ Scan services =============================
21:26:51.0259 0x17dc  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
21:26:51.0275 0x17dc  ACPI - ok
21:26:51.0462 0x17dc  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:26:51.0462 0x17dc  AdobeARMservice - ok
21:26:51.0524 0x17dc  [ C8C6C0D659734FDBF63F6F421A5416BC, 11C452D77D0A8A5E430D0D0C9949797FFC03D2E3DADB8FBB9B63EDA868AFF83C ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:26:51.0540 0x17dc  AdobeFlashPlayerUpdateSvc - ok
21:26:51.0587 0x17dc  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:26:51.0602 0x17dc  adp94xx - ok
21:26:51.0649 0x17dc  [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:26:51.0649 0x17dc  adpahci - ok
21:26:51.0665 0x17dc  [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
21:26:51.0665 0x17dc  adpu160m - ok
21:26:51.0696 0x17dc  [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:26:51.0696 0x17dc  adpu320 - ok
21:26:51.0758 0x17dc  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:26:51.0758 0x17dc  AeLookupSvc - ok
21:26:51.0836 0x17dc  [ A6CE73469591554279DA63BE715DBC93, E0F2441A3814173DD93A28727DF7ECB9B58613B8E5D0C3A3FC082AF816C68CA8 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
21:26:51.0836 0x17dc  AERTFilters - ok
21:26:51.0930 0x17dc  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
21:26:51.0930 0x17dc  AFD - ok
21:26:51.0961 0x17dc  [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:26:51.0961 0x17dc  agp440 - ok
21:26:52.0008 0x17dc  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:26:52.0008 0x17dc  aic78xx - ok
21:26:52.0039 0x17dc  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
21:26:52.0039 0x17dc  ALG - ok
21:26:52.0055 0x17dc  [ 3A99CB23A2D326FD532618705D6E3048, AF0FBE8C89F1B231B7BD00155E1555DBCB37B6B7B58E94DA254EC7A40A473236 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:26:52.0055 0x17dc  aliide - ok
21:26:52.0101 0x17dc  [ F9491B157A8CD70557745FA0312C1EEE, CA91E1E136ED6AE3E16883E465D4AEB47260416ABCF14D58ADB395AE2368B418 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:26:52.0101 0x17dc  AMD External Events Utility - ok
21:26:52.0133 0x17dc  [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:26:52.0148 0x17dc  amdagp - ok
21:26:52.0164 0x17dc  [ 4333C133DBD71C7D7FE4FB1B83F9EE3E, 3E08961741FACF0D35D1B49EE6E2A0AFF7DB3D8CCDBF823554EC83786AB925FE ] amdide          C:\Windows\system32\drivers\amdide.sys
21:26:52.0164 0x17dc  amdide - ok
21:26:52.0211 0x17dc  [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
21:26:52.0211 0x17dc  AmdK7 - ok
21:26:52.0226 0x17dc  [ 0CA0071DA4315B00FC1328CA86B425DA, 4F816FA2197166A83A266084F9D5ED68876D0521D378F90F1314DD53C6FB8814 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:26:52.0226 0x17dc  AmdK8 - ok
21:26:52.0975 0x17dc  [ F53B89A4B976B534DAA8AEDAFEAF8EA3, 1973FC771B69ADEE17A3405B7961958B8DF135506D60554BD233325EC1C46AA6 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:26:53.0349 0x17dc  amdkmdag - ok
21:26:53.0459 0x17dc  [ 3DEA9B1D1B274C739C9367FB1E56185F, ACE1520FE4754DB61F6C1726C2B6859ABA322115DF8FB43660A0D964019039CA ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:26:53.0459 0x17dc  amdkmdap - ok
21:26:53.0505 0x17dc  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
21:26:53.0505 0x17dc  Appinfo - ok
21:26:53.0568 0x17dc  [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc             C:\Windows\system32\drivers\arc.sys
21:26:53.0599 0x17dc  arc - ok
21:26:53.0615 0x17dc  [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:26:53.0615 0x17dc  arcsas - ok
21:26:53.0755 0x17dc  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:26:53.0755 0x17dc  aspnet_state - ok
21:26:53.0786 0x17dc  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:26:53.0786 0x17dc  AsyncMac - ok
21:26:53.0817 0x17dc  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
21:26:53.0817 0x17dc  atapi - ok
21:26:54.0972 0x17dc  [ F53B89A4B976B534DAA8AEDAFEAF8EA3, 1973FC771B69ADEE17A3405B7961958B8DF135506D60554BD233325EC1C46AA6 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:26:55.0190 0x17dc  atikmdag - ok
21:26:55.0268 0x17dc  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:26:55.0284 0x17dc  AudioEndpointBuilder - ok
21:26:55.0315 0x17dc  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:26:55.0315 0x17dc  Audiosrv - ok
21:26:55.0409 0x17dc  [ 0D2F8F4055903A762AD46204E5A42E86, D3270039E4F066C69D844060388D3F895137C37C0FBE4C106BE1C71AE9DBC17A ] avp             C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
21:26:55.0424 0x17dc  avp - ok
21:26:55.0596 0x17dc  [ CF6A67C90951E3E763D2135DEDE44B85, DD31F105665C6980D4CEF5C5C0F29590CF1DC0B4AEB3809C8659915E5E95931B ] BCM43XV         C:\Windows\system32\DRIVERS\bcmwl6.sys
21:26:55.0611 0x17dc  BCM43XV - ok
21:26:55.0643 0x17dc  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:26:55.0643 0x17dc  Beep - ok
21:26:55.0658 0x17dc  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
21:26:55.0674 0x17dc  BFE - ok
21:26:55.0721 0x17dc  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
21:26:55.0783 0x17dc  BITS - ok
21:26:55.0783 0x17dc  blbdrive - ok
21:26:55.0814 0x17dc  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:26:55.0814 0x17dc  bowser - ok
21:26:55.0908 0x17dc  [ ADE5F4021FF3844FA0082244D284FC50, FBAE1ABEF59872D3273523EDC2F7E6E8B30BB7FAED38EA20DCDDE195EBEEFA1E ] BoxSyncUpdateService C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
21:26:55.0923 0x17dc  BoxSyncUpdateService - ok
21:26:55.0955 0x17dc  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
21:26:55.0955 0x17dc  BrFiltLo - ok
21:26:55.0970 0x17dc  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
21:26:55.0970 0x17dc  BrFiltUp - ok
21:26:56.0001 0x17dc  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
21:26:56.0001 0x17dc  Browser - ok
21:26:56.0033 0x17dc  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
21:26:56.0033 0x17dc  Brserid - ok
21:26:56.0048 0x17dc  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
21:26:56.0048 0x17dc  BrSerWdm - ok
21:26:56.0048 0x17dc  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
21:26:56.0048 0x17dc  BrUsbMdm - ok
21:26:56.0064 0x17dc  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
21:26:56.0064 0x17dc  BrUsbSer - ok
21:26:56.0064 0x17dc  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:26:56.0079 0x17dc  BTHMODEM - ok
21:26:56.0095 0x17dc  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:26:56.0095 0x17dc  cdfs - ok
21:26:56.0126 0x17dc  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:26:56.0126 0x17dc  cdrom - ok
21:26:56.0142 0x17dc  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
21:26:56.0142 0x17dc  CertPropSvc - ok
21:26:56.0173 0x17dc  [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:26:56.0173 0x17dc  circlass - ok
21:26:56.0204 0x17dc  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
21:26:56.0220 0x17dc  CLFS - ok
21:26:56.0267 0x17dc  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:26:56.0282 0x17dc  clr_optimization_v2.0.50727_32 - ok
21:26:56.0313 0x17dc  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:26:56.0313 0x17dc  clr_optimization_v4.0.30319_32 - ok
21:26:56.0329 0x17dc  [ DFB94A6FC3A26972B0461AB5F1D8272B, E55F8A8661EFBD8AAC202C02E9CA970BB0297786C6FF5E4D4E3CC67706E82FAE ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:26:56.0329 0x17dc  cmdide - ok
21:26:56.0345 0x17dc  [ 82B8C91D327CFECF76CB58716F7D4997, 6F06A4BC44B170BB28BF464E9BB5216D39D11CB8D442570B575A741B032EAEE6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:26:56.0345 0x17dc  Compbatt - ok
21:26:56.0345 0x17dc  COMSysApp - ok
21:26:56.0360 0x17dc  [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:26:56.0360 0x17dc  crcdisk - ok
21:26:56.0391 0x17dc  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
21:26:56.0391 0x17dc  Crusoe - ok
21:26:56.0454 0x17dc  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:26:56.0454 0x17dc  CryptSvc - ok
21:26:56.0501 0x17dc  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:26:56.0501 0x17dc  DcomLaunch - ok
21:26:56.0532 0x17dc  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:26:56.0532 0x17dc  DfsC - ok
21:26:56.0875 0x17dc  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
21:26:56.0969 0x17dc  DFSR - ok
21:26:57.0000 0x17dc  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
21:26:57.0015 0x17dc  Dhcp - ok
21:26:57.0031 0x17dc  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
21:26:57.0031 0x17dc  disk - ok
21:26:57.0078 0x17dc  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:26:57.0078 0x17dc  Dnscache - ok
21:26:57.0109 0x17dc  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
21:26:57.0125 0x17dc  dot3svc - ok
21:26:57.0140 0x17dc  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
21:26:57.0140 0x17dc  DPS - ok
21:26:57.0171 0x17dc  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:26:57.0171 0x17dc  drmkaud - ok
21:26:57.0234 0x17dc  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:26:57.0249 0x17dc  DXGKrnl - ok
21:26:57.0359 0x17dc  [ 4195EA16F756645069642A4B464BB221, 06BE2262D0C5BB8CFF741E83605DD86812F99A2BFE84AFA5A938399457FF0CBD ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
21:26:57.0359 0x17dc  e1express - ok
21:26:57.0437 0x17dc  [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
21:26:57.0437 0x17dc  E1G60 - ok
21:26:57.0483 0x17dc  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
21:26:57.0483 0x17dc  EapHost - ok
21:26:57.0515 0x17dc  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
21:26:57.0530 0x17dc  Ecache - ok
21:26:57.0577 0x17dc  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:26:57.0593 0x17dc  ehRecvr - ok
21:26:57.0624 0x17dc  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
21:26:57.0624 0x17dc  ehSched - ok
21:26:57.0655 0x17dc  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
21:26:57.0655 0x17dc  ehstart - ok
21:26:57.0686 0x17dc  [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:26:57.0702 0x17dc  elxstor - ok
21:26:57.0717 0x17dc  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
21:26:57.0749 0x17dc  EMDMgmt - ok
21:26:57.0795 0x17dc  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
21:26:57.0795 0x17dc  EventSystem - ok
21:26:57.0827 0x17dc  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:26:57.0827 0x17dc  exfat - ok
21:26:57.0858 0x17dc  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:26:57.0873 0x17dc  fastfat - ok
21:26:57.0889 0x17dc  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:26:57.0889 0x17dc  fdc - ok
21:26:57.0905 0x17dc  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
21:26:57.0905 0x17dc  fdPHost - ok
21:26:57.0936 0x17dc  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:26:57.0936 0x17dc  FDResPub - ok
21:26:57.0951 0x17dc  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:26:57.0951 0x17dc  FileInfo - ok
21:26:57.0983 0x17dc  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:26:57.0983 0x17dc  Filetrace - ok
21:26:58.0029 0x17dc  [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:26:58.0045 0x17dc  flpydisk - ok
21:26:58.0061 0x17dc  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:26:58.0061 0x17dc  FltMgr - ok
21:26:58.0107 0x17dc  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
21:26:58.0170 0x17dc  FontCache - ok
21:26:58.0217 0x17dc  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:26:58.0248 0x17dc  FontCache3.0.0.0 - ok
21:26:58.0263 0x17dc  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:26:58.0263 0x17dc  Fs_Rec - ok
21:26:58.0295 0x17dc  [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:26:58.0295 0x17dc  gagp30kx - ok
21:26:58.0341 0x17dc  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
21:26:58.0357 0x17dc  gpsvc - ok
21:26:58.0419 0x17dc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:26:58.0419 0x17dc  gupdate - ok
21:26:58.0419 0x17dc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:26:58.0435 0x17dc  gupdatem - ok
21:26:58.0497 0x17dc  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:26:58.0529 0x17dc  HdAudAddService - ok
21:26:58.0575 0x17dc  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:26:58.0607 0x17dc  HDAudBus - ok
21:26:58.0638 0x17dc  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:26:58.0638 0x17dc  HidBth - ok
21:26:58.0685 0x17dc  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:26:58.0700 0x17dc  HidIr - ok
21:26:58.0731 0x17dc  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
21:26:58.0731 0x17dc  hidserv - ok
21:26:58.0763 0x17dc  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:26:58.0763 0x17dc  HidUsb - ok
21:26:58.0794 0x17dc  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:26:58.0794 0x17dc  hkmsvc - ok
21:26:58.0809 0x17dc  [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
21:26:58.0825 0x17dc  HpCISSs - ok
21:26:58.0841 0x17dc  hshld - ok
21:26:58.0903 0x17dc  [ 70ECACBEAAF6D3AFE3D681F26857A638, 648539C8778D40D1BE636628FB6D7E612B038FC7D443F914F5CA578BA3BA9834 ] HssDRV6         C:\Windows\system32\DRIVERS\hssdrv6.sys
21:26:58.0903 0x17dc  HssDRV6 - ok
21:26:58.0934 0x17dc  HssWd - ok
21:26:58.0981 0x17dc  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:26:58.0981 0x17dc  HTTP - ok
21:26:59.0012 0x17dc  [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp           C:\Windows\system32\drivers\i2omp.sys
21:26:59.0012 0x17dc  i2omp - ok
21:26:59.0059 0x17dc  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:26:59.0059 0x17dc  i8042prt - ok
21:26:59.0075 0x17dc  [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
21:26:59.0090 0x17dc  iaStorV - ok
21:26:59.0184 0x17dc  [ 203BB2691E7D0088A2C1F9C39C15A9B7, 4669374AA7CCEDD162DC010147DE388FE17AB7920F7599AB1C82F381725301F2 ] IDMWFP          C:\Windows\system32\DRIVERS\idmwfp.sys
21:26:59.0184 0x17dc  IDMWFP - ok
21:26:59.0309 0x17dc  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:26:59.0309 0x17dc  IDriverT - ok
21:26:59.0558 0x17dc  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:26:59.0621 0x17dc  idsvc - ok
21:26:59.0652 0x17dc  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:26:59.0667 0x17dc  iirsp - ok
21:26:59.0761 0x17dc  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:26:59.0777 0x17dc  IKEEXT - ok
21:26:59.0933 0x17dc  [ C6A9194FC152893DB5D9ACEA8D7CFA38, D5C5DE46D2D0C076BA63C42CEF8BEED00E990B60D13A469692A2C3465A3023BD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:26:59.0995 0x17dc  IntcAzAudAddService - ok
21:27:00.0073 0x17dc  [ 1C60617D54BC9F035671A44B75D9F7CC, 8E8E3B8FC0BD88042BA9641E5E7A4D045A41DD8378A41910A58203C044251D11 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:27:00.0089 0x17dc  intelide - ok
21:27:00.0120 0x17dc  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:27:00.0120 0x17dc  intelppm - ok
21:27:00.0151 0x17dc  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:27:00.0151 0x17dc  IPBusEnum - ok
21:27:00.0213 0x17dc  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:27:00.0213 0x17dc  IpFilterDriver - ok
21:27:00.0276 0x17dc  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:27:00.0338 0x17dc  iphlpsvc - ok
21:27:00.0338 0x17dc  IpInIp - ok
21:27:00.0369 0x17dc  [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
21:27:00.0369 0x17dc  IPMIDRV - ok
21:27:00.0416 0x17dc  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
21:27:00.0416 0x17dc  IPNAT - ok
21:27:00.0447 0x17dc  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:27:00.0447 0x17dc  IRENUM - ok
21:27:00.0463 0x17dc  [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:27:00.0463 0x17dc  isapnp - ok
21:27:00.0557 0x17dc  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
21:27:00.0557 0x17dc  iScsiPrt - ok
21:27:00.0588 0x17dc  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
21:27:00.0588 0x17dc  iteatapi - ok
21:27:00.0603 0x17dc  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
21:27:00.0603 0x17dc  iteraid - ok
21:27:00.0619 0x17dc  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:27:00.0619 0x17dc  kbdclass - ok
21:27:00.0681 0x17dc  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:27:00.0681 0x17dc  kbdhid - ok
21:27:00.0713 0x17dc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
21:27:00.0713 0x17dc  KeyIso - ok
21:27:00.0978 0x17dc  [ 871C226234A48C24DFE7478F36C0050C, 657CAB49387E0E40311D4DEC93D9860B2DAC2C05F223698CFA2F9BB50B5F3022 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
21:27:00.0993 0x17dc  kl1 - ok
21:27:01.0118 0x17dc  [ 0D5A00385AB68723325D607B646DCDFE, B00441431B54239F8340BD50E9F9E21EEB4556F9C69EEAE8450A06970C77DC58 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
21:27:01.0134 0x17dc  KLIF - ok
21:27:01.0165 0x17dc  [ 039FB019C92A16A54FE527D93B0CFB96, 080897B377511FD2439EB651086390CD72B822E8222C79AB0569FAFAA14BA0AE ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
21:27:01.0165 0x17dc  KLIM6 - ok
21:27:01.0243 0x17dc  [ 249A266AF74ADE44AE8424E78D145E09, 2D83543DFD9E3C1060E231D776E1755E2041CFD0245139C2041D560956165C0E ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
21:27:01.0243 0x17dc  klkbdflt - ok
21:27:01.0305 0x17dc  [ 035724BA6D5676B76FD3AFB66AB4F1E3, 81B30112B96DD3E7250420EEFF2ACECD424A2BE155E83C44434321CEA7DBE117 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
21:27:01.0305 0x17dc  klmouflt - ok
21:27:01.0477 0x17dc  [ EB0D72D2844C57F5F146D7A15B04FBF9, 3DFEDA024AD5D54EEAF7D4411153CFA8AD95FCF217E09F2B7AFD2D91EE623BF2 ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
21:27:01.0477 0x17dc  klpd - ok
21:27:01.0602 0x17dc  [ 040A3BC4AF5A0430A1D9A758F076465E, D371BC29283AA645CF31D6EDB7D4562B7CF8D664D681B9033B948D71F4CC3EE6 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
21:27:01.0602 0x17dc  kltdi - ok
21:27:01.0773 0x17dc  [ 4D19D96447E160A7E4B479037761BBC1, AD34C9C678030744ADD00B09A96C368167AA303DDC39BE74B1538E7AF8A82CB8 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
21:27:01.0773 0x17dc  kneps - ok
21:27:01.0836 0x17dc  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:27:01.0851 0x17dc  KSecDD - ok
21:27:01.0961 0x17dc  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:27:01.0976 0x17dc  KtmRm - ok
21:27:01.0992 0x17dc  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:27:02.0007 0x17dc  LanmanServer - ok
21:27:02.0039 0x17dc  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:27:02.0039 0x17dc  LanmanWorkstation - ok
21:27:02.0195 0x17dc  [ 2892647EE6493131370BBDE8C2AD3B63, DA036CC642FC6B1A1C6E689679D3D9560DB02B84039208CFDF110BA98E1E113A ] LiveUpdateSvc   C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
21:27:02.0241 0x17dc  LiveUpdateSvc - ok
21:27:02.0273 0x17dc  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:27:02.0273 0x17dc  lltdio - ok
21:27:02.0304 0x17dc  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:27:02.0351 0x17dc  lltdsvc - ok
21:27:02.0444 0x17dc  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:27:02.0444 0x17dc  lmhosts - ok
21:27:02.0507 0x17dc  [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:27:02.0553 0x17dc  LSI_FC - ok
21:27:02.0585 0x17dc  [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:27:02.0600 0x17dc  LSI_SAS - ok
21:27:02.0616 0x17dc  [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:27:02.0647 0x17dc  LSI_SCSI - ok
21:27:02.0709 0x17dc  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:27:02.0741 0x17dc  luafv - ok
21:27:02.0787 0x17dc  [ D8C0B2EB928D57C928522EFF500C4BA8, B7261AB2DD262140489087C1A8F1A1DA5EE6373D453E5BC8A3F7B93A5540CE6C ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv.sys
21:27:02.0803 0x17dc  ManyCam - ok
21:27:03.0037 0x17dc  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:27:03.0037 0x17dc  MBAMProtector - ok
21:27:03.0521 0x17dc  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:27:03.0552 0x17dc  MBAMScheduler - ok
21:27:03.0723 0x17dc  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:27:03.0926 0x17dc  MBAMService - ok
21:27:03.0973 0x17dc  [ DFAA87E30868FE4CB7D335837A4BF39C, 7BB65D4DC5CA2A4B4FE531F23E217CFA8BCFFE20E78BF18B04486345FC1E0B6E ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv.sys
21:27:03.0989 0x17dc  mcaudrv_simple - ok
21:27:04.0098 0x17dc  [ 8FD868E32459ECE2A1BB0169F513D31E, F28E47FBEC8EC8424FFFB359668E0FEEA66A69E9D737D75472934FAC39770390 ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys
21:27:04.0113 0x17dc  mcdbus - ok
21:27:04.0176 0x17dc  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:27:04.0176 0x17dc  Mcx2Svc - ok
21:27:04.0269 0x17dc  [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:27:04.0269 0x17dc  megasas - ok
21:27:04.0301 0x17dc  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
21:27:04.0301 0x17dc  MMCSS - ok
21:27:04.0332 0x17dc  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
21:27:04.0332 0x17dc  Modem - ok
21:27:04.0379 0x17dc  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:27:04.0379 0x17dc  monitor - ok
21:27:04.0441 0x17dc  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:27:04.0441 0x17dc  mouclass - ok
21:27:04.0472 0x17dc  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:27:04.0472 0x17dc  mouhid - ok
21:27:04.0503 0x17dc  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
21:27:04.0503 0x17dc  MountMgr - ok
21:27:04.0550 0x17dc  [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:27:04.0550 0x17dc  mpio - ok
21:27:04.0581 0x17dc  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:27:04.0581 0x17dc  mpsdrv - ok
21:27:05.0034 0x17dc  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:27:05.0533 0x17dc  MpsSvc - ok
21:27:05.0783 0x17dc  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
21:27:05.0923 0x17dc  Mraid35x - ok
21:27:06.0079 0x17dc  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:27:06.0297 0x17dc  MRxDAV - ok
21:27:06.0578 0x17dc  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:27:07.0046 0x17dc  mrxsmb - ok
21:27:07.0343 0x17dc  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:27:07.0889 0x17dc  mrxsmb10 - ok
21:27:08.0060 0x17dc  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:27:08.0325 0x17dc  mrxsmb20 - ok
21:27:08.0575 0x17dc  [ F0EC3A4E0693A34B148723B4DA31668C, 96D8730D94F15FB2C54DAD8298C8CA1075373CFC04FE62FA9123D28575E987FC ] msahci          C:\Windows\system32\drivers\msahci.sys
21:27:08.0669 0x17dc  msahci - ok
21:27:08.0809 0x17dc  [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:27:09.0090 0x17dc  msdsm - ok
21:27:09.0324 0x17dc  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
21:27:09.0433 0x17dc  MSDTC - ok
21:27:09.0651 0x17dc  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:27:09.0698 0x17dc  Msfs - ok
21:27:09.0823 0x17dc  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:27:09.0839 0x17dc  msisadrv - ok
21:27:09.0995 0x17dc  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:27:10.0104 0x17dc  MSiSCSI - ok
21:27:10.0104 0x17dc  msiserver - ok
21:27:10.0229 0x17dc  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:27:10.0260 0x17dc  MSKSSRV - ok
21:27:10.0478 0x17dc  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:27:10.0572 0x17dc  MSPCLOCK - ok
21:27:10.0619 0x17dc  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:27:10.0743 0x17dc  MSPQM - ok
21:27:10.0868 0x17dc  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:27:10.0868 0x17dc  MsRPC - ok
21:27:10.0884 0x17dc  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:27:10.0884 0x17dc  mssmbios - ok
21:27:10.0899 0x17dc  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:27:10.0899 0x17dc  MSTEE - ok
21:27:10.0931 0x17dc  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:27:10.0931 0x17dc  Mup - ok
21:27:10.0962 0x17dc  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
21:27:10.0962 0x17dc  napagent - ok
21:27:11.0009 0x17dc  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:27:11.0009 0x17dc  NativeWifiP - ok
21:27:11.0040 0x17dc  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:27:11.0087 0x17dc  NDIS - ok
21:27:11.0102 0x17dc  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:27:11.0102 0x17dc  NdisTapi - ok
21:27:11.0118 0x17dc  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:27:11.0118 0x17dc  Ndisuio - ok
21:27:11.0133 0x17dc  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:27:11.0133 0x17dc  NdisWan - ok
21:27:11.0165 0x17dc  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:27:11.0165 0x17dc  NDProxy - ok
21:27:11.0196 0x17dc  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:27:11.0196 0x17dc  NetBIOS - ok
21:27:11.0227 0x17dc  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
21:27:11.0227 0x17dc  netbt - ok
21:27:11.0258 0x17dc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
21:27:11.0258 0x17dc  Netlogon - ok
21:27:11.0289 0x17dc  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
21:27:11.0305 0x17dc  Netman - ok
21:27:11.0336 0x17dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:27:11.0352 0x17dc  NetMsmqActivator - ok
21:27:11.0352 0x17dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:27:11.0352 0x17dc  NetPipeActivator - ok
21:27:11.0383 0x17dc  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
21:27:11.0399 0x17dc  netprofm - ok
21:27:11.0399 0x17dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:27:11.0414 0x17dc  NetTcpActivator - ok
21:27:11.0414 0x17dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:27:11.0414 0x17dc  NetTcpPortSharing - ok
21:27:11.0461 0x17dc  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:27:11.0461 0x17dc  nfrd960 - ok
21:27:11.0555 0x17dc  [ 4313A9C8FB224FBB17A348BA7E6E4431, DCCB4FDFEC221AC14E0BF22C9B2C11F81B08F4CE4670B66308A541E3C3FB56B7 ] NitroDriverReadSpool9 C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
21:27:11.0570 0x17dc  NitroDriverReadSpool9 - ok
21:27:11.0664 0x17dc  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:27:11.0679 0x17dc  NlaSvc - ok
21:27:11.0711 0x17dc  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:27:11.0726 0x17dc  Npfs - ok
21:27:11.0742 0x17dc  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
21:27:11.0742 0x17dc  nsi - ok
21:27:11.0773 0x17dc  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:27:11.0773 0x17dc  nsiproxy - ok
21:27:11.0835 0x17dc  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:27:11.0913 0x17dc  Ntfs - ok
21:27:11.0960 0x17dc  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
21:27:11.0991 0x17dc  ntrigdigi - ok
21:27:12.0023 0x17dc  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
21:27:12.0023 0x17dc  Null - ok
21:27:12.0054 0x17dc  [ 6F785DB62A6D8F3FAFD3E5695277E849, DC04FC2931FEA3BB6246749E0D748EF9FF5938EE93BD342D5B776BF96016F915 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:27:12.0054 0x17dc  nvraid - ok
21:27:12.0069 0x17dc  [ 4A5FCAB82D9BF6AF8A023A66802FE9E9, 1901DC75B1763F49AFD4E3FE67B52FE1BF99EC083F4F878557128EADCAF58C5C ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:27:12.0069 0x17dc  nvstor - ok
21:27:12.0101 0x17dc  [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:27:12.0101 0x17dc  nv_agp - ok
21:27:12.0116 0x17dc  NwlnkFlt - ok
21:27:12.0116 0x17dc  NwlnkFwd - ok
21:27:12.0147 0x17dc  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:27:12.0163 0x17dc  ohci1394 - ok
21:27:12.0257 0x17dc  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:27:12.0288 0x17dc  ose - ok
21:27:12.0740 0x17dc  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:27:12.0912 0x17dc  osppsvc - ok
21:27:13.0005 0x17dc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
21:27:13.0052 0x17dc  p2pimsvc - ok
21:27:13.0115 0x17dc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:27:13.0130 0x17dc  p2psvc - ok
21:27:13.0208 0x17dc  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
21:27:13.0208 0x17dc  Parport - ok
21:27:13.0239 0x17dc  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:27:13.0239 0x17dc  partmgr - ok
21:27:13.0271 0x17dc  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
21:27:13.0271 0x17dc  Parvdm - ok
21:27:13.0302 0x17dc  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:27:13.0302 0x17dc  PcaSvc - ok
21:27:13.0317 0x17dc  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
21:27:13.0333 0x17dc  pci - ok
21:27:13.0333 0x17dc  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
21:27:13.0333 0x17dc  pciide - ok
21:27:13.0380 0x17dc  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:27:13.0395 0x17dc  pcmcia - ok
21:27:13.0442 0x17dc  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:27:13.0520 0x17dc  PEAUTH - ok
21:27:13.0926 0x17dc  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
21:27:13.0957 0x17dc  pla - ok
21:27:14.0051 0x17dc  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:27:14.0051 0x17dc  PlugPlay - ok
21:27:14.0097 0x17dc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
21:27:14.0113 0x17dc  PNRPAutoReg - ok
21:27:14.0160 0x17dc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
21:27:14.0175 0x17dc  PNRPsvc - ok
21:27:14.0222 0x17dc  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:27:14.0222 0x17dc  PolicyAgent - ok
21:27:14.0269 0x17dc  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:27:14.0269 0x17dc  PptpMiniport - ok
21:27:14.0300 0x17dc  [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor       C:\Windows\system32\drivers\processr.sys
21:27:14.0300 0x17dc  Processor - ok
21:27:14.0331 0x17dc  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
21:27:14.0331 0x17dc  ProfSvc - ok
21:27:14.0363 0x17dc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
21:27:14.0363 0x17dc  ProtectedStorage - ok
21:27:14.0456 0x17dc  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
21:27:14.0487 0x17dc  PSched - ok
21:27:14.0581 0x17dc  [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:27:14.0628 0x17dc  ql2300 - ok
21:27:14.0659 0x17dc  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:27:14.0675 0x17dc  ql40xx - ok
21:27:14.0721 0x17dc  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
21:27:14.0721 0x17dc  QWAVE - ok
21:27:14.0737 0x17dc  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:27:14.0737 0x17dc  QWAVEdrv - ok
21:27:14.0753 0x17dc  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:27:14.0753 0x17dc  RasAcd - ok
21:27:14.0768 0x17dc  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
21:27:14.0768 0x17dc  RasAuto - ok
21:27:14.0784 0x17dc  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:27:14.0799 0x17dc  Rasl2tp - ok
21:27:14.0815 0x17dc  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
21:27:14.0815 0x17dc  RasMan - ok
21:27:14.0846 0x17dc  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:27:14.0846 0x17dc  RasPppoe - ok
21:27:14.0893 0x17dc  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:27:14.0893 0x17dc  RasSstp - ok
21:27:14.0924 0x17dc  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:27:14.0924 0x17dc  rdbss - ok
21:27:14.0971 0x17dc  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:27:14.0971 0x17dc  RDPCDD - ok
21:27:15.0033 0x17dc  [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
21:27:15.0033 0x17dc  rdpdr - ok
21:27:15.0033 0x17dc  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:27:15.0033 0x17dc  RDPENCDD - ok
21:27:15.0080 0x17dc  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:27:15.0080 0x17dc  RDPWD - ok
21:27:15.0127 0x17dc  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:27:15.0127 0x17dc  RemoteAccess - ok
21:27:15.0174 0x17dc  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:27:15.0189 0x17dc  RemoteRegistry - ok
21:27:15.0236 0x17dc  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
21:27:15.0236 0x17dc  RpcLocator - ok
21:27:15.0267 0x17dc  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
21:27:15.0267 0x17dc  RpcSs - ok
21:27:15.0314 0x17dc  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:27:15.0345 0x17dc  rspndr - ok
21:27:15.0439 0x17dc  [ 67D7BE21042E057AD8AD18801854446D, 8E2B82595C2CFCAC5F7A3478789ED39571C5E47F1058C7E0E8B75FDF52C98328 ] Sage AutoUpdate Manager Service C:\Program Files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
21:27:15.0439 0x17dc  Sage AutoUpdate Manager Service - ok
21:27:15.0564 0x17dc  [ ADCCD87A7864590924D94778781460D4, 7C33054D3263965E870A038F6C1A96CCB40422E10C4684C2E946ED853630D95C ] Sage SData Service C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
21:27:15.0564 0x17dc  Sage SData Service - ok
21:27:15.0579 0x17dc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
21:27:15.0579 0x17dc  SamSs - ok
21:27:15.0642 0x17dc  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:27:15.0657 0x17dc  sbp2port - ok
21:27:15.0689 0x17dc  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:27:15.0689 0x17dc  SCardSvr - ok
21:27:15.0735 0x17dc  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
21:27:15.0751 0x17dc  Schedule - ok
21:27:15.0767 0x17dc  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:27:15.0767 0x17dc  SCPolicySvc - ok
21:27:15.0782 0x17dc  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:27:15.0798 0x17dc  SDRSVC - ok
21:27:15.0829 0x17dc  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:27:15.0829 0x17dc  secdrv - ok
21:27:15.0829 0x17dc  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
21:27:15.0829 0x17dc  seclogon - ok
21:27:15.0891 0x17dc  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
21:27:15.0891 0x17dc  SENS - ok
21:27:15.0985 0x17dc  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:27:16.0032 0x17dc  Serenum - ok
21:27:16.0063 0x17dc  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
21:27:16.0063 0x17dc  Serial - ok
21:27:16.0094 0x17dc  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:27:16.0110 0x17dc  sermouse - ok
21:27:16.0141 0x17dc  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:27:16.0141 0x17dc  SessionEnv - ok
21:27:16.0203 0x17dc  [ 103B79418DA647736EE95645F305F68A, E4D356FD8C62B616D3584FE84905995A1CEE452288E3A456CC358FF41FEAB1B7 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:27:16.0219 0x17dc  sffdisk - ok
21:27:16.0235 0x17dc  [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:27:16.0235 0x17dc  sffp_mmc - ok
21:27:16.0250 0x17dc  [ 9CFA05FCFCB7124E69CFC812B72F9614, E9CFCE695E4D1AF146781CFAA295878536E573F06AEA65438878DE29EC9959AD ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:27:16.0250 0x17dc  sffp_sd - ok
21:27:16.0266 0x17dc  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:27:16.0266 0x17dc  sfloppy - ok
21:27:16.0313 0x17dc  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:27:16.0313 0x17dc  SharedAccess - ok
21:27:16.0359 0x17dc  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:27:16.0375 0x17dc  ShellHWDetection - ok
21:27:16.0391 0x17dc  [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:27:16.0391 0x17dc  sisagp - ok
21:27:16.0406 0x17dc  [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
21:27:16.0406 0x17dc  SiSRaid2 - ok
21:27:16.0437 0x17dc  [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:27:16.0437 0x17dc  SiSRaid4 - ok
21:27:16.0500 0x17dc  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:27:16.0515 0x17dc  SkypeUpdate - ok
21:27:17.0155 0x17dc  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
21:27:17.0280 0x17dc  slsvc - ok
21:27:17.0311 0x17dc  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
21:27:17.0311 0x17dc  SLUINotify - ok
21:27:17.0342 0x17dc  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:27:17.0342 0x17dc  Smb - ok
21:27:17.0373 0x17dc  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:27:17.0373 0x17dc  SNMPTRAP - ok
21:27:17.0405 0x17dc  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:27:17.0405 0x17dc  spldr - ok
21:27:17.0436 0x17dc  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
21:27:17.0451 0x17dc  Spooler - ok
21:27:17.0498 0x17dc  [ CBEAEA2729985BFB260641AB424E0166, 2FCED2951D5A1ACF93150BB0CA2293CCBE4227EBAAEA8438A78B5AFC6591F375 ] sptd            C:\Windows\System32\Drivers\sptd.sys
21:27:17.0498 0x17dc  sptd - ok
21:27:17.0576 0x17dc  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:27:17.0576 0x17dc  srv - ok
21:27:17.0623 0x17dc  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:27:17.0623 0x17dc  srv2 - ok
21:27:17.0654 0x17dc  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:27:17.0670 0x17dc  srvnet - ok
21:27:17.0779 0x17dc  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:27:17.0810 0x17dc  SSDPSRV - ok
21:27:17.0826 0x17dc  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:27:17.0826 0x17dc  SstpSvc - ok
21:27:17.0873 0x17dc  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
21:27:17.0888 0x17dc  stisvc - ok
21:27:17.0904 0x17dc  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:27:17.0904 0x17dc  swenum - ok
21:27:17.0966 0x17dc  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
21:27:17.0997 0x17dc  swprv - ok
21:27:18.0060 0x17dc  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
21:27:18.0091 0x17dc  Symc8xx - ok
21:27:18.0107 0x17dc  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
21:27:18.0107 0x17dc  Sym_hi - ok
21:27:18.0122 0x17dc  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
21:27:18.0122 0x17dc  Sym_u3 - ok
21:27:18.0153 0x17dc  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
21:27:18.0216 0x17dc  SysMain - ok
21:27:18.0278 0x17dc  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:27:18.0278 0x17dc  TabletInputService - ok
21:27:18.0278 0x17dc  taphss - ok
21:27:18.0325 0x17dc  [ 5856EC8E362F2658FE45E459D684E29F, BA18E056D72F3433C93764F4689736CE57CB20B19C0646418F4B074C8000B83A ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
21:27:18.0325 0x17dc  taphss6 - ok
21:27:18.0356 0x17dc  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:27:18.0372 0x17dc  TapiSrv - ok
21:27:18.0403 0x17dc  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
21:27:18.0403 0x17dc  TBS - ok
21:27:18.0543 0x17dc  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:27:18.0621 0x17dc  Tcpip - ok
21:27:18.0668 0x17dc  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
21:27:18.0699 0x17dc  Tcpip6 - ok
21:27:18.0715 0x17dc  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:27:18.0715 0x17dc  tcpipreg - ok
21:27:18.0746 0x17dc  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:27:18.0746 0x17dc  TDPIPE - ok
21:27:18.0777 0x17dc  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:27:18.0777 0x17dc  TDTCP - ok
21:27:18.0793 0x17dc  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:27:18.0793 0x17dc  tdx - ok
21:27:18.0824 0x17dc  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:27:18.0824 0x17dc  TermDD - ok
21:27:18.0855 0x17dc  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
21:27:18.0871 0x17dc  TermService - ok
21:27:18.0933 0x17dc  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
21:27:18.0933 0x17dc  Themes - ok
21:27:18.0965 0x17dc  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
21:27:18.0965 0x17dc  THREADORDER - ok
21:27:19.0011 0x17dc  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
21:27:19.0027 0x17dc  TrkWks - ok
21:27:19.0058 0x17dc  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:27:19.0058 0x17dc  TrustedInstaller - ok
21:27:19.0105 0x17dc  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:27:19.0105 0x17dc  tssecsrv - ok
21:27:19.0136 0x17dc  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
21:27:19.0136 0x17dc  tunmp - ok
21:27:19.0167 0x17dc  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:27:19.0167 0x17dc  tunnel - ok
21:27:19.0230 0x17dc  [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:27:19.0245 0x17dc  uagp35 - ok
21:27:19.0292 0x17dc  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:27:19.0308 0x17dc  udfs - ok
21:27:19.0339 0x17dc  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:27:19.0339 0x17dc  UI0Detect - ok
21:27:19.0339 0x17dc  [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:27:19.0339 0x17dc  uliagpkx - ok
21:27:19.0370 0x17dc  [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
21:27:19.0370 0x17dc  uliahci - ok
21:27:19.0417 0x17dc  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
21:27:19.0417 0x17dc  UlSata - ok
21:27:19.0433 0x17dc  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
21:27:19.0433 0x17dc  ulsata2 - ok
21:27:19.0464 0x17dc  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:27:19.0479 0x17dc  umbus - ok
21:27:19.0511 0x17dc  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
21:27:19.0511 0x17dc  upnphost - ok
21:27:19.0557 0x17dc  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:27:19.0557 0x17dc  usbccgp - ok
21:27:19.0620 0x17dc  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:27:19.0620 0x17dc  usbcir - ok
21:27:19.0667 0x17dc  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:27:19.0667 0x17dc  usbehci - ok
21:27:19.0698 0x17dc  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:27:19.0729 0x17dc  usbhub - ok
21:27:19.0776 0x17dc  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:27:19.0791 0x17dc  usbohci - ok
21:27:19.0838 0x17dc  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:27:19.0854 0x17dc  usbprint - ok
21:27:19.0901 0x17dc  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:27:19.0901 0x17dc  usbscan - ok
21:27:19.0932 0x17dc  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:27:19.0932 0x17dc  USBSTOR - ok
21:27:19.0994 0x17dc  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:27:19.0994 0x17dc  usbuhci - ok
21:27:20.0072 0x17dc  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
21:27:20.0072 0x17dc  UxSms - ok
21:27:20.0119 0x17dc  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
21:27:20.0135 0x17dc  vds - ok
21:27:20.0150 0x17dc  [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:27:20.0166 0x17dc  vga - ok
21:27:20.0181 0x17dc  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:27:20.0181 0x17dc  VgaSave - ok
21:27:20.0228 0x17dc  [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:27:20.0259 0x17dc  viaagp - ok
21:27:20.0291 0x17dc  [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7           C:\Windows\system32\drivers\viac7.sys
21:27:20.0291 0x17dc  ViaC7 - ok
21:27:20.0337 0x17dc  [ 58C8D5AC5C3EEF40E7E704A5CED7987D, 247188A1579C02656696AB46A3762E64E642CEBA1F549BB144881877F895D11D ] viaide          C:\Windows\system32\drivers\viaide.sys
21:27:20.0337 0x17dc  viaide - ok
21:27:20.0353 0x17dc  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:27:20.0353 0x17dc  volmgr - ok
21:27:20.0400 0x17dc  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:27:20.0415 0x17dc  volmgrx - ok
21:27:20.0462 0x17dc  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:27:20.0462 0x17dc  volsnap - ok
21:27:20.0493 0x17dc  [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:27:20.0493 0x17dc  vsmraid - ok
21:27:20.0556 0x17dc  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
21:27:20.0649 0x17dc  VSS - ok
21:27:20.0696 0x17dc  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
21:27:20.0712 0x17dc  W32Time - ok
21:27:20.0743 0x17dc  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:27:20.0743 0x17dc  WacomPen - ok
21:27:20.0790 0x17dc  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:27:20.0805 0x17dc  Wanarp - ok
21:27:20.0805 0x17dc  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:27:20.0805 0x17dc  Wanarpv6 - ok
21:27:20.0837 0x17dc  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:27:20.0868 0x17dc  wcncsvc - ok
21:27:20.0899 0x17dc  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:27:20.0899 0x17dc  WcsPlugInService - ok
21:27:20.0946 0x17dc  [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd              C:\Windows\system32\drivers\wd.sys
21:27:20.0961 0x17dc  Wd - ok
21:27:21.0039 0x17dc  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:27:21.0071 0x17dc  Wdf01000 - ok
21:27:21.0086 0x17dc  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:27:21.0086 0x17dc  WdiServiceHost - ok
21:27:21.0117 0x17dc  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:27:21.0117 0x17dc  WdiSystemHost - ok
21:27:21.0164 0x17dc  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
21:27:21.0164 0x17dc  WebClient - ok
21:27:21.0242 0x17dc  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:27:21.0273 0x17dc  Wecsvc - ok
21:27:21.0305 0x17dc  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:27:21.0305 0x17dc  wercplsupport - ok
21:27:21.0336 0x17dc  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:27:21.0351 0x17dc  WerSvc - ok
21:27:21.0414 0x17dc  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:27:21.0429 0x17dc  WinDefend - ok
21:27:21.0429 0x17dc  WinHttpAutoProxySvc - ok
21:27:21.0476 0x17dc  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:27:21.0492 0x17dc  Winmgmt - ok
21:27:21.0570 0x17dc  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:27:21.0617 0x17dc  WinRM - ok
21:27:21.0710 0x17dc  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
21:27:21.0710 0x17dc  WinUSB - ok
21:27:21.0804 0x17dc  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:27:21.0866 0x17dc  Wlansvc - ok
21:27:21.0897 0x17dc  [ 701A9F884A294327E9141D73746EE279, C8A46B8C32F9EAC7848D385473F6B5C4B6DA719A941A75AD5F081757FC07A09D ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:27:21.0897 0x17dc  WmiAcpi - ok
21:27:21.0944 0x17dc  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:27:21.0960 0x17dc  wmiApSrv - ok
21:27:22.0053 0x17dc  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:27:22.0100 0x17dc  WMPNetworkSvc - ok
21:27:22.0131 0x17dc  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:27:22.0147 0x17dc  WPCSvc - ok
21:27:22.0163 0x17dc  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:27:22.0178 0x17dc  WPDBusEnum - ok
21:27:22.0209 0x17dc  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
21:27:22.0225 0x17dc  WpdUsb - ok
21:27:22.0350 0x17dc  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:27:22.0381 0x17dc  WPFFontCache_v0400 - ok
21:27:22.0459 0x17dc  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:27:22.0475 0x17dc  ws2ifsl - ok
21:27:22.0521 0x17dc  [ F67C4950E3B07684AC483CB718C2A3C1, DF0B2358E46DE4B795994A21483BA702BE1A958F3DE60E419595F2CD37D01F7C ] WsAudio_Device  C:\Windows\system32\drivers\VirtualAudio.sys
21:27:22.0521 0x17dc  WsAudio_Device - ok
21:27:22.0553 0x17dc  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:27:22.0568 0x17dc  wscsvc - ok
21:27:22.0568 0x17dc  WSearch - ok
21:27:22.0755 0x17dc  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:27:22.0865 0x17dc  wuauserv - ok
21:27:22.0896 0x17dc  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:27:22.0911 0x17dc  WudfPf - ok
21:27:22.0927 0x17dc  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:27:22.0927 0x17dc  WUDFRd - ok
21:27:22.0943 0x17dc  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:27:22.0943 0x17dc  wudfsvc - ok
21:27:22.0974 0x17dc  ================ Scan global ===============================
21:27:23.0005 0x17dc  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
21:27:23.0036 0x17dc  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
21:27:23.0083 0x17dc  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
21:27:23.0130 0x17dc  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
21:27:23.0145 0x17dc  [ Global ] - ok
21:27:23.0145 0x17dc  ================ Scan MBR ==================================
21:27:23.0161 0x17dc  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:27:24.0066 0x17dc  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
21:27:24.0066 0x17dc  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:27:26.0687 0x17dc  ================ Scan VBR ==================================
21:27:26.0702 0x17dc  [ 9C2005E947C9BECF10A9F638E35E6B4A ] \Device\Harddisk0\DR0\Partition1
21:27:26.0765 0x17dc  \Device\Harddisk0\DR0\Partition1 - ok
21:27:26.0796 0x17dc  [ ED4372EEFA5E04B6156869816FB9511B ] \Device\Harddisk0\DR0\Partition2
21:27:26.0905 0x17dc  \Device\Harddisk0\DR0\Partition2 - ok
21:27:26.0905 0x17dc  Waiting for KSN requests completion. In queue: 8
21:27:27.0919 0x17dc  Waiting for KSN requests completion. In queue: 8
21:27:28.0949 0x17dc  AV detected via SS2: Kaspersky Internet Security, C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmiav.exe ( 14.0.0.4651 ), 0x41000 ( enabled : updated )
21:27:28.0964 0x17dc  FW detected via SS2: Kaspersky Internet Security, C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\wmifw.exe ( 14.0.0.4651 ), 0x41010 ( enabled )
21:27:31.0460 0x17dc  ============================================================
21:27:31.0460 0x17dc  Scan finished
21:27:31.0460 0x17dc  ============================================================
21:27:31.0460 0x12f8  Detected object count: 1
21:27:31.0460 0x12f8  Actual detected object count: 1
21:27:53.0753 0x12f8  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:27:53.0753 0x12f8  \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
21:27:53.0753 0x12f8  \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
21:27:53.0768 0x12f8  \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
21:27:53.0768 0x12f8  \Device\Harddisk0\DR0\TDLFS\tdlwsp.dll - copied to quarantine
21:27:53.0768 0x12f8  \Device\Harddisk0\DR0\TDLFS - deleted
21:27:53.0768 0x12f8  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 
21:28:04.0407 0x097c  Deinitialize success


#7 lala121

lala121
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 13 February 2014 - 04:39 PM

Hi, 

 

Also I know you told me not to delete anything, but when I deleted the object from TDSS, after reboot Kaspersky Internet Security said there was a maleware in the TDSKiller Quarantine folder. So I panicked and clicked "eliminate". Is it bad that I did that?  :(



#8 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:56 AM

Posted 13 February 2014 - 08:48 PM

Hi lala121, :)
 

So I panicked and clicked "eliminate". Is it bad that I did that?  :(

No, not this time, but please don't "panic," everything will be fine.
 
Let's continue:
 
We need to run ComboFix.exe. Please visit the following webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)

Please include the C:\ComboFix.txt in your next reply for further review.


Best Regards,
oneof4.


#9 lala121

lala121
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 14 February 2014 - 09:59 AM

Hi lala121, :)
 

So I panicked and clicked "eliminate". Is it bad that I did that?  :(

No, not this time, but please don't "panic," everything will be fine.
 
Let's continue:
 
We need to run ComboFix.exe. Please visit the following webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)

Please include the C:\ComboFix.txt in your next reply for further review.

 

Hi :) Thanks god it was okay. I promise I wont panic anymore  :thumbup2:

 

I ran the scan and here is the log. Also after the tool rebooted my computer this registry error came up! I think it has got something to do with the 'DMW.EXE' as it is not running anymore. Here is the link to the screen capture AKCDq6c.jpg  :)

 

ComboFix Log 

 

ComboFix 14-02-14.01 - Shaheer Khan 14/02/2014  14:24:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3325.1552 [GMT 0:00]
Running from: c:\users\Shaheer Khan\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Saqib Khan\AppData\Local\assembly\tmp
c:\users\Saqib Khan\AppData\Local\assembly\tmp\V8ZZ75JW\__AssemblyInfo__.ini
c:\users\Saqib Khan\AppData\Local\assembly\tmp\V8ZZ75JW\Box.Cryptography.DLL
c:\windows\system32\frapsvid.dll
c:\windows\wininit.ini
D:\resycled
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-14 to 2014-02-14  )))))))))))))))))))))))))))))))
.
.
2014-02-14 14:34 . 2014-02-14 14:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-02-14 14:13 . 2014-02-14 14:24 -------- d-----w- C:\f96d3624edfea6a1a6d6
2014-02-13 21:27 . 2014-02-13 21:27 -------- d-----w- C:\TDSSKiller_Quarantine
2014-02-13 09:48 . 2014-02-13 09:51 -------- d-----w- C:\FRST
2014-02-08 17:32 . 2014-02-08 17:32 -------- d-----w- c:\windows\ERUNT
2014-02-08 17:21 . 2014-02-08 17:24 -------- d-----w- C:\AdwCleaner
2014-02-08 15:45 . 2014-02-08 15:45 -------- d-----w- c:\users\Shaheer Khan\AppData\Roaming\Malwarebytes
2014-02-08 15:45 . 2014-02-08 15:45 -------- d-----w- c:\programdata\Malwarebytes
2014-02-08 15:45 . 2014-02-08 15:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-08 15:45 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-08 14:44 . 2014-02-08 14:44 -------- d-----w- c:\users\Saqib Khan\AppData\Roaming\AMozilla
2014-02-08 14:44 . 2014-02-08 14:44 -------- d-----w- c:\users\Saqib Khan\AppData\Local\AMozilla
2014-02-08 11:10 . 2014-02-08 11:10 -------- d-----w- c:\users\Shaheer Khan\AppData\Local\AMozilla
2014-02-08 11:09 . 2014-02-08 11:09 -------- d-----w- c:\users\Shaheer Khan\AppData\Roaming\AMozilla
2014-02-08 11:09 . 2014-02-08 11:09 -------- d-----w- c:\program files\Common Files\SurveyMonkey
2014-02-05 12:44 . 2013-11-28 00:24 108000 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2014-02-02 12:45 . 2014-02-02 12:45 -------- d-----w- c:\program files\Lame For Audacity
2014-02-02 12:40 . 2014-02-08 00:02 -------- d-----w- c:\users\Shaheer Khan\AppData\Roaming\Audacity
2014-02-02 12:40 . 2014-02-02 12:40 -------- d-----w- c:\program files\Audacity
2014-02-01 14:24 . 2014-02-01 14:24 -------- d--h--w- c:\users\Saqib Khan\.Box Sync
2014-02-01 11:42 . 2014-02-01 11:42 -------- d--h--w- c:\users\Shaheer Khan\.Box Sync
2014-01-31 23:50 . 2014-01-31 23:52 -------- d-----w- c:\users\Shaheer Khan\AppData\Local\Screencast-O-Matic
2014-01-31 16:42 . 2014-02-04 17:48 -------- d-----w- c:\users\Shaheer Khan\New Folder
2014-01-31 14:47 . 2014-01-31 14:47 -------- d-----w- c:\users\Shaheer Khan\AppData\Local\Skype
2014-01-31 14:47 . 2014-02-06 12:28 -------- d-----w- c:\users\Shaheer Khan\AppData\Roaming\Skype
2014-01-31 14:46 . 2014-01-31 14:46 -------- d-----w- c:\program files\Common Files\Skype
2014-01-31 14:46 . 2014-01-31 14:46 -------- d-----r- c:\program files\Skype
2014-01-29 18:36 . 2014-01-29 18:36 -------- d-----w- c:\program files\Bulk Rename Utility
2014-01-19 14:18 . 2014-01-19 14:18 -------- d-----w- c:\users\Shaheer Khan\AppData\Local\4dots_Software
2014-01-18 16:52 . 2014-01-18 16:52 -------- d-----w- c:\users\Saqib Khan\AppData\Roaming\Sage
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 10:03 . 2013-12-17 21:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 10:03 . 2013-12-17 21:52 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-29 18:07 . 2013-12-29 18:07 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-12-26 19:46 . 2013-04-01 14:09 320120 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-12-19 09:44 . 2013-06-06 16:38 144992 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-12-18 06:13 . 2013-03-28 23:17 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-17 21:09 . 2014-01-12 11:01 39624 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-12-17 15:05 . 2013-12-30 14:19 18440 ----a-w- c:\windows\system32\nitrolocalui9.dll
2013-12-17 15:05 . 2013-12-30 14:19 27144 ----a-w- c:\windows\system32\nitrolocalmon9.dll
2012-07-12 08:19 . 2012-07-12 08:19 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-12-31 20:51 752448 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncFileLocked]
@="{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}"
[HKEY_CLASSES_ROOT\CLSID\{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}]
2009-11-08 10:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncNotSynced]
@="{e22ccf16-2db6-3de8-9a2c-acb66b571b69}"
[HKEY_CLASSES_ROOT\CLSID\{e22ccf16-2db6-3de8-9a2c-acb66b571b69}]
2009-11-08 10:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncProblem]
@="{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}"
[HKEY_CLASSES_ROOT\CLSID\{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}]
2009-11-08 10:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncSynced]
@="{01fcd170-7f0a-3b6a-b992-66a7a20289b5}"
[HKEY_CLASSES_ROOT\CLSID\{01fcd170-7f0a-3b6a-b992-66a7a20289b5}]
2009-11-08 10:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-02-05 3825232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SurveyMonkey"="wscript.exe" [2013-10-11 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Box Sync.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk
backup=c:\windows\pss\Box Sync.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 15:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoxSync]
2014-01-31 10:39 12161792 ----a-w- c:\program files\Box\Box Sync\BoxSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-18 23:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX110 Series]
2008-09-26 06:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFBE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GingerClient.exe]
2013-07-30 16:31 2909992 ----a-w- c:\program files\Ginger\GingerClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2013-09-21 18:44 11877448 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 12:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 09:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-18 23:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 23:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 09:11 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-17 10:03]
.
2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-28 13:32]
.
2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-28 13:32]
.
.
------- Supplementary Scan -------
.
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B0496BF1-4C4D-4BE8-AC4C-41E37905B3FB}: NameServer = 8.8.8.8
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://firepass.newvic.ac.uk/+CSCOL+/csvrloader32.cab
DPF: {FDEC6ADD-C88F-4F17-96A9-45B86A7B4BFD} - hxxps://firepass.newvic.ac.uk/+CSCOL+/csvrmon32.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BoxSyncHelper - c:\program files\Box Sync\BoxSyncHelper.exe
AddRemove-HotspotShield - c:\program files\Hotspot Shield\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-14 14:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
c:\users\SHAHEE~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3571332690-2427944289-3315415155-1006_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-3571332690-2427944289-3315415155-1006_Classes\CLSID\{C06F4056-C35F-4bf8-A93A-9F098F3E503D}]
@DACL=(02 0000)
"68286396A6CFBF0FABE673A9E171DE78BA06A45A"=""
"5918569797E09F35"="18"
"440D54AA8AF58E3D"="18"
"651845B38CF3800687C45987DD"="1B"
"580950B697F5823D87"="194D31F0CEB1DA7DD387"
"481244AA97E58A29"="1B"
"580950B697F5823D87E94384D6"="194D31F0CEB1DA7DD387"
"481244AA97E58A29BDC55593"="1B"
"5E0E54A082F8883F97D844"="1B"
"580852A786F2983996D35D"="1C"
.
[HKEY_USERS\S-1-5-21-3571332690-2427944289-3315415155-1006_Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}]
@DACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
c:\program files\IObit\LiveUpdate\LiveUpdate.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Nitro\Pro 9\NitroPDFDriverService9.exe
c:\program files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
c:\program files\Common Files\Sage SData\Sage.SData.Service.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-02-14  14:47:33 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-14 14:47
.
Pre-Run: 274,857,984,000 bytes free
Post-Run: 275,083,472,896 bytes free
.
- - End Of File - - 8956436A01262868C3F19546B1787DFD
5C616939100B85E558DA92B899A0FC36

Edited by lala121, 14 February 2014 - 05:07 PM.


#10 lala121

lala121
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 14 February 2014 - 05:06 PM

Well I was wrong.... DMW.exe is back again (screenshot)  :scratchhead:  Just wondering would installing the OS including formatting the hard get rid of it? 

 

spo67HG.jpg



#11 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:56 AM

Posted 14 February 2014 - 08:42 PM

Hello, :)

 

 

Just wondering would installing the OS including formatting the hard get rid of it?

Absolutely, along with everything else on the computer. It's up to you, if that's the direction you want to take. However, I've been researching this infection, and it appears that it does sneek in with the K-Lite Mega Codec Pack.  I believe I have the steps necessary to remove it if you are willing to pursue that. Reformatting / reinstalling Windows is sometimes the only solution, but mostly as a last resort.  If you are willing to continue with me on the removal process, then please follow the next set of instructions:

 

==========

 

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE

  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
:filefind
DMW.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Best Regards,
oneof4.


#12 lala121

lala121
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 15 February 2014 - 06:05 AM

Hello, :)

 

 

Just wondering would installing the OS including formatting the hard get rid of it?

Absolutely, along with everything else on the computer. It's up to you, if that's the direction you want to take. However, I've been researching this infection, and it appears that it does sneek in with the K-Lite Mega Codec Pack.  I believe I have the steps necessary to remove it if you are willing to pursue that. Reformatting / reinstalling Windows is sometimes the only solution, but mostly as a last resort.  If you are willing to continue with me on the removal process, then please follow the next set of instructions:

 

==========

 

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE

  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
:filefind
DMW.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Hiya, 

 

I definitely will not be installing K-Lite ever again!  Here is the log:

 

Systemlook log

 

SystemLook 30.07.11 by jpshortstuff
Log created at 10:57 on 15/02/2014 by Shaheer Khan
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "DMW.exe"
C:\Program Files\Common Files\SurveyMonkey\dmw.exe --a---- 910296 bytes [11:09 08/02/2014] [11:58 31/03/2010] 49958506B773E40D31832E3EEDA522E7
 
-= EOF =-


#13 lala121

lala121
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 15 February 2014 - 06:17 AM

Hi :) 

 

Also just to let you know, as my computer is connected to the internet. Windows Updates automatically installed some updates. Not very sure if it would affect the process of fixing this problem.... :(



#14 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:56 AM

Posted 15 February 2014 - 12:49 PM

Windows Updates should be fine to let run.  Hang with me, I'm preparing a fix for the dmw.exe issue.


Best Regards,
oneof4.


#15 lala121

lala121
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 15 February 2014 - 01:34 PM

Windows Updates should be fine to let run.  Hang with me, I'm preparing a fix for the dmw.exe issue.

 

Yes please :) Otherwise I will just re-install my OS because it has really taken long and its really annoying, that I cant use my computer properly. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users