Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help- can't get rid of a nasty Trojan!


  • This topic is locked This topic is locked
85 replies to this topic

#1 yoniarmon

yoniarmon

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 15 March 2014 - 10:47 PM

Aloha,

I have the same symptoms as this person was encountering:

http://www.bleepingcomputer.com/forums/t/526484/java-update-problem/?p=3305391

 

after I looked online and saw that page, I went on to the forum he/she were directed to:

 http://www.bleepingcomputer.com/forums/t/526786/help-infected-with-a-trojan/

 

I tried following the whole process that person was guided through, but on the last ESET scan it still showed 26 infected files.

could you please help me?


Edited by yoniarmon, 15 March 2014 - 10:49 PM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 17 March 2014 - 07:42 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 yoniarmon

yoniarmon
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 18 March 2014 - 01:42 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Administrator (administrator) on EXPERIEN-19D2EE on 17-03-2014 20:38:20
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corp.) C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
() D:\My Documents\Downloads\vlc-2.1.3-win32.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
() C:\Documents and Settings\Administrator\Local Settings\Temp\nswB58.tmp\nsB66.tmp
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-09] (SigmaTel, Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [167936 2007-10-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [OTFSDMS] - C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe [129024 2008-06-19] (Microsoft Corp.)
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NSU_agent] - C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Onylonymfysumo] - "C:\Documents and Settings\Administrator\Application Data\Immozaa\usices.exe"
HKLM\...\Run: [Ymafovegruogure] - "C:\Documents and Settings\Administrator\Application Data\Ohezoc\itdah.exe"
HKLM\...\Run: [Ozleoxoxaq] - "C:\Documents and Settings\Administrator\Application Data\Xoekme\ubomb.exe"
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-15] (AVAST Software)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKLM\...\Policies\Explorer: [NoCDBurning] 1
HKLM\...\Policies\Explorer: [StartMenuFavorites] 0
HKLM\...\Policies\Explorer: [Start_ShowMyComputer] 1
HKLM\...\Policies\Explorer: [Start_ShowMyDocs] 1
HKLM\...\Policies\Explorer: [Start_ShowMyMusic] 0
HKLM\...\Policies\Explorer: [Start_ShowRun] 1
HKLM\...\Policies\Explorer: [Start_ShowSearch] 0
HKU\.DEFAULT\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\CTFMON.EXE
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\.DEFAULT\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\.DEFAULT\...\Policies\Explorer: [NoInternetIcon] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMHelp] 1
HKU\.DEFAULT\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\.DEFAULT\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-19\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\S-1-5-19\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-19\...\Policies\Explorer: [NoInternetIcon] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-19\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-19\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-19\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-20\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\Policies\Explorer: [NoInternetIcon] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-20\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKU\S-1-5-20\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18706176 2013-01-08] (Skype Technologies S.A.)
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Run: [Wouvqozeufy] - "C:\Documents and Settings\Administrator\Application Data\Nobeoneq\bovau.exe"
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Run: [Ymafovegruogure] - "C:\Documents and Settings\Administrator\Application Data\Ohezoc\itdah.exe"
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Run: [Ozleoxoxaq] - "C:\Documents and Settings\Administrator\Application Data\Xoekme\ubomb.exe"
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Policies\Explorer: [NoInternetIcon] 1
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\MountPoints2: {1246b3fa-8c22-11de-8e9f-001e4cdddae9} - F:\wd_windows_tools\WDSetup.exe
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\MountPoints2: {a6f6db62-b0d9-11de-8eb0-001f3a18d92b} - F:\LaunchU3.exe -a
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\MountPoints2: {a6f6db63-b0d9-11de-8eb0-001f3a18d92b} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
SecurityProviders: schannel.dll, digest.dll
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie_rsearch.html
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={9BA992CB-EF86-433B-80D8-23A037F15F00}&mid=11e7302ffc1ca9522f3c05c5c64ffdce-c4dd17ed79106b14b779fcd4583f3e37fbf6c161&lang=en&ds=AVG&pr=fr&d=2012-09-26 08:59:12&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2008-05-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: hxxp://www.mysearchresults.com/?c=9003&t=08
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN31271347572204921&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npupd62.dll ()
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\search-here.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\search.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: wxDfast - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\503610f485be1@503610f485c24.info [2012-09-15]
FF Extension: InternetHelper3.1  - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3} [2013-12-17]
FF Extension: mediaplayerconnectivity - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-09-15]
FF Extension: Search-Results Toolbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2013-02-10]
FF Extension: Default Tab - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\addon@defaulttab.com.xpi [2013-07-29]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-02-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-04-26]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-04-26]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ []
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-10-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-15]
 
Chrome: 
=======
CHR HomePage: hxxp://www.ynet.co.il/
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (WindizUpdate Plug-in) - C:\Program Files\Mozilla Firefox\plugins\npupd62.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\\npsitesafety.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-18]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-16]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
CHR HKLM\...\Chrome\Extension: [afcloefbcmhdigbnbmlilbgaklhjceoc] - C:\Documents and Settings\All Users\Application Data\wxDfast\afcloefbcmhdigbnbmlilbgaklhjceoc.crx [2011-12-18]
CHR HKLM\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx [2011-12-18]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-15]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2014-03-15]
CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx [2014-03-15]
CHR HKLM\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-07-22]
CHR HKCU\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx [2013-07-22]
CHR HKCU\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-07-22]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-15] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153584 2012-10-17] (Sun Microsystems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 OTFSDMS; C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe [129024 2008-06-19] (Microsoft Corp.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [166456 2012-11-21] (Soluto)
S2 SolutoService; C:\Program Files\Soluto\SolutoService.exe [644152 2012-11-21] (Soluto)
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe [94208 2007-05-09] (SigmaTel, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-03-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-03-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-03-15] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-03-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-03-15] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-03-15] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-03-15] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424320 2006-08-27] (Broadcom Corporation)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539072 2007-03-22] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-22] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-22] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37280 2007-03-22] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-03-22] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-27] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-27] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-27] (HP)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-08-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-08-02] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R0 Soluto; C:\WINDOWS\System32\DRIVERS\Soluto.sys [51144 2012-11-21] (Soluto LTD.)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-09] (SigmaTel, Inc.)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [296320 2008-04-03] (Marvell)
U4 CiSvc; 
S3 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
U4 ERSvc; 
S4 IntelIde; No ImagePath
U1 WS2IFSL; 
U4 wscsvc; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-15 18:54 - 2014-03-15 18:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVAST Software
2014-03-15 18:53 - 2014-03-15 18:53 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-03-15 18:53 - 2014-03-15 18:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-03-15 18:52 - 2014-03-17 06:52 - 00000330 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-03-15 18:51 - 2014-03-15 18:52 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-03-15 18:51 - 2014-03-15 18:51 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-03-15 18:51 - 2014-03-15 18:51 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-03-15 18:51 - 2014-03-15 18:51 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-03-15 18:51 - 2014-03-15 18:51 - 00180248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-03-15 18:51 - 2014-03-15 18:51 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-03-15 18:51 - 2014-03-15 18:51 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-03-15 18:51 - 2014-03-15 18:51 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-03-15 18:51 - 2014-03-15 18:51 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-03-15 18:46 - 2014-03-15 18:46 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-15 18:42 - 2014-03-15 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-03-14 23:41 - 2014-03-15 01:32 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Xoekme
2014-03-14 23:40 - 2014-03-15 10:20 - 00023909 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt
2014-03-14 23:39 - 2014-03-17 20:40 - 00030930 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-03-14 22:59 - 2014-03-17 20:38 - 00000000 ____D () C:\FRST
2014-03-14 22:53 - 2014-03-14 22:53 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-03-14 20:46 - 2014-03-14 20:46 - 00000000 ____D () C:\Program Files\ESET
2014-03-14 20:45 - 2014-03-14 20:45 - 02347384 _____ (ESET) C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
2014-03-14 20:20 - 2014-03-14 20:20 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-14 20:13 - 2014-03-14 20:13 - 04130656 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2014-03-13 20:10 - 2014-03-13 20:10 - 00005911 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\krfeeogg
2014-03-13 10:07 - 2014-03-13 10:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-03-13 10:06 - 2014-03-13 10:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-13 10:05 - 2014-03-13 10:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-13 10:05 - 2014-03-13 10:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-13 10:05 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-13 08:14 - 2014-03-13 08:14 - 00068465 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\pbqhrqwv
2014-03-13 07:59 - 2014-03-13 07:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini031314-01.dmp
2014-03-11 19:23 - 2014-03-11 19:23 - 00000827 _____ () C:\Documents and Settings\Administrator\out.bin
2014-03-11 17:09 - 2002-12-11 17:34 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2014-03-11 10:38 - 2014-03-11 10:38 - 00012326 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\gcuscjrp
2014-03-11 10:37 - 2014-03-11 10:37 - 00068161 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\eqxuvbld
2014-03-11 10:36 - 2014-03-11 10:36 - 00000000 _____ () C:\Documents and Settings\Administrator\Application Data\SharedSettings.ccs
2014-03-06 18:42 - 2014-03-16 10:10 - 01160944 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-15 18:19 - 2014-02-15 18:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
 
==================== One Month Modified Files and Folders =======
 
2014-03-17 20:40 - 2014-03-14 23:39 - 00030930 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-03-17 20:38 - 2014-03-14 22:59 - 00000000 ____D () C:\FRST
2014-03-17 20:34 - 2010-05-24 09:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2014-03-17 19:53 - 2009-11-05 13:02 - 00001010 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1202660629-1801674531-500UA.job
2014-03-17 06:52 - 2014-03-15 18:52 - 00000330 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-03-16 10:22 - 2009-07-02 16:17 - 00083000 ____C () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-16 10:15 - 2012-08-23 01:17 - 00000512 ___HC () C:\WINDOWS\Tasks\WxDFastUpdaterTask{9AE96FE6-4C67-4528-94BA-3D56554BF0F4}.job
2014-03-16 10:15 - 2012-08-23 01:17 - 00000494 ___HC () C:\WINDOWS\Tasks\GBoxUpdaterTask{0B44B617-A003-4DB7-8258-F4364938B8A8}.job
2014-03-16 10:15 - 2012-04-14 08:53 - 00000294 ____C () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-484763869-1202660629-1801674531-500.job
2014-03-16 10:15 - 2011-08-16 00:18 - 00000280 ____C () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-18.job
2014-03-16 10:15 - 2009-07-02 00:39 - 00000050 ____C () C:\WINDOWS\wiaservc.log
2014-03-16 10:15 - 2009-07-02 00:38 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-03-16 10:15 - 2009-07-01 23:48 - 01267210 ____C () C:\WINDOWS\WindowsUpdate.log
2014-03-16 10:13 - 2009-07-01 23:45 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-03-16 10:11 - 2010-10-20 23:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-03-16 10:11 - 2009-07-02 00:28 - 00326704 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-16 10:10 - 2014-03-06 18:42 - 01160944 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-03-16 10:10 - 2009-07-01 23:45 - 00032462 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-16 10:08 - 2009-07-01 23:46 - 00000178 __SHC () C:\Documents and Settings\Administrator\ntuser.ini
2014-03-16 09:57 - 2012-09-14 17:18 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2014-03-16 09:57 - 2012-09-14 17:17 - 00000000 ____D () C:\Program Files\Nokia
2014-03-16 09:56 - 2012-09-14 18:42 - 00000000 ____D () C:\WINDOWS\Globalization
2014-03-16 09:48 - 2009-07-02 17:24 - 00000000 ____D () C:\Program Files\AVG
2014-03-16 09:45 - 2013-09-18 10:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-03-16 09:44 - 2013-09-18 10:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-03-16 09:43 - 2009-11-09 11:21 - 00000000 ___HD () C:\$AVG
2014-03-16 09:42 - 2013-06-27 11:33 - 16964415 _____ () C:\WINDOWS\setupapi.log
2014-03-15 22:40 - 2012-08-23 01:17 - 00000000 ____D () C:\Program Files\SProtector
2014-03-15 19:11 - 2009-07-01 23:46 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-03-15 18:54 - 2014-03-15 18:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVAST Software
2014-03-15 18:53 - 2014-03-15 18:53 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-03-15 18:53 - 2014-03-15 18:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-03-15 18:52 - 2014-03-15 18:51 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-03-15 18:51 - 2014-03-15 18:51 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-03-15 18:51 - 2014-03-15 18:51 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-03-15 18:51 - 2014-03-15 18:51 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-03-15 18:51 - 2014-03-15 18:51 - 00180248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-03-15 18:51 - 2014-03-15 18:51 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-03-15 18:51 - 2014-03-15 18:51 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-03-15 18:51 - 2014-03-15 18:51 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-03-15 18:51 - 2014-03-15 18:51 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-03-15 18:46 - 2014-03-15 18:46 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-15 18:44 - 2014-03-15 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-03-15 12:37 - 2009-07-02 00:25 - 00000000 ____D () C:\WINDOWS\system
2014-03-15 10:20 - 2014-03-14 23:40 - 00023909 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt
2014-03-15 10:18 - 2011-08-16 01:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Dropbox
2014-03-15 01:32 - 2014-03-14 23:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Xoekme
2014-03-15 00:53 - 2009-11-05 13:02 - 00000958 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1202660629-1801674531-500Core.job
2014-03-14 23:10 - 2009-07-02 00:25 - 00000000 ____D () C:\WINDOWS\repair
2014-03-14 22:53 - 2014-03-14 22:53 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-03-14 20:46 - 2014-03-14 20:46 - 00000000 ____D () C:\Program Files\ESET
2014-03-14 20:45 - 2014-03-14 20:45 - 02347384 _____ (ESET) C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
2014-03-14 20:32 - 2009-07-01 23:45 - 00000178 __SHC () C:\Documents and Settings\LocalService\ntuser.ini
2014-03-14 20:32 - 2009-07-01 23:45 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-14 20:20 - 2014-03-14 20:20 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-14 20:13 - 2014-03-14 20:13 - 04130656 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
2014-03-14 15:40 - 2013-02-10 23:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Skype
2014-03-14 03:21 - 2009-07-02 00:25 - 00000000 ____D () C:\WINDOWS\msagent
2014-03-14 03:17 - 2013-07-29 11:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DefaultTab
2014-03-14 03:16 - 2013-07-29 11:32 - 00000000 ____D () C:\Program Files\InternetHelper3.1
2014-03-13 20:10 - 2014-03-13 20:10 - 00005911 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\krfeeogg
2014-03-13 16:42 - 2012-05-03 12:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-03-13 14:08 - 2013-08-21 21:13 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
2014-03-13 13:28 - 2012-08-23 01:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GBox
2014-03-13 10:07 - 2014-03-13 10:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-03-13 10:06 - 2014-03-13 10:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-03-13 10:06 - 2014-03-13 10:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-13 10:05 - 2014-03-13 10:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-13 09:23 - 2009-07-02 00:34 - 00080207 ____C () C:\WINDOWS\FaxSetup.log
2014-03-13 09:23 - 2009-07-02 00:34 - 00039466 ____C () C:\WINDOWS\tsoc.log
2014-03-13 09:23 - 2009-07-02 00:34 - 00038895 ____C () C:\WINDOWS\comsetup.log
2014-03-13 09:23 - 2009-07-02 00:34 - 00034035 ____C () C:\WINDOWS\ocgen.log
2014-03-13 09:23 - 2009-07-02 00:34 - 00021978 ____C () C:\WINDOWS\ntdtcsetup.log
2014-03-13 09:23 - 2009-07-02 00:34 - 00005762 ____C () C:\WINDOWS\MedCtrOC.log
2014-03-13 09:23 - 2009-07-02 00:34 - 00004574 ____C () C:\WINDOWS\tabletoc.log
2014-03-13 09:22 - 2009-07-02 00:34 - 00030908 ____C () C:\WINDOWS\msmqinst.log
2014-03-13 08:14 - 2014-03-13 08:14 - 00068465 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\pbqhrqwv
2014-03-13 07:59 - 2014-03-13 07:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini031314-01.dmp
2014-03-13 07:59 - 2010-12-19 07:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-11 19:23 - 2014-03-11 19:23 - 00000827 _____ () C:\Documents and Settings\Administrator\out.bin
2014-03-11 17:10 - 2009-07-01 23:44 - 00378786 ____C () C:\WINDOWS\wmsetup.log
2014-03-11 17:10 - 2008-05-06 02:00 - 00000608 ____C () C:\WINDOWS\win.ini
2014-03-11 12:18 - 2011-08-16 00:18 - 00000288 ____C () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
2014-03-11 10:59 - 2012-04-05 21:18 - 00692616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-11 10:59 - 2012-04-05 21:18 - 00071048 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-11 10:53 - 2009-07-01 23:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Mozilla
2014-03-11 10:38 - 2014-03-11 10:38 - 00012326 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\gcuscjrp
2014-03-11 10:37 - 2014-03-11 10:37 - 00068161 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\eqxuvbld
2014-03-11 10:36 - 2014-03-11 10:36 - 00000000 _____ () C:\Documents and Settings\Administrator\Application Data\SharedSettings.ccs
2014-03-11 10:33 - 2008-05-06 02:00 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2014-03-06 18:43 - 2012-09-15 13:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-02 10:02 - 2013-06-27 09:59 - 00003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-03-02 10:02 - 2011-11-17 21:50 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-02-15 18:20 - 2014-02-15 18:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\656_FPPSetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\air655.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\air65E.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\difxapi.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\hpqrrx08.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\hpzscr01.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\install_flashplayer12x32_mssd_aaa_aih.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\oi_{8769FDD9-FA02-416D-9260-5207A019933F}.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\UNINSTALL.EXE
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-10cc3798.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================


#4 yoniarmon

yoniarmon
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 18 March 2014 - 01:45 AM

thanks for your help.

you wrote not to check any box and hit scan on FRST, so i got only FRST.txt without the Addition.txt 

let me know if I need to re-do anything.



#5 yoniarmon

yoniarmon
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 18 March 2014 - 01:51 AM

20:46:22.0182 0x09e8  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
20:46:27.0400 0x09e8  ============================================================
20:46:27.0400 0x09e8  Current date / time: 2014/03/17 20:46:27.0400
20:46:27.0400 0x09e8  SystemInfo:
20:46:27.0400 0x09e8  
20:46:27.0400 0x09e8  OS Version: 5.1.2600 ServicePack: 3.0
20:46:27.0400 0x09e8  Product type: Workstation
20:46:27.0400 0x09e8  ComputerName: EXPERIEN-19D2EE
20:46:27.0400 0x09e8  UserName: Administrator
20:46:27.0400 0x09e8  Windows directory: C:\WINDOWS
20:46:27.0400 0x09e8  System windows directory: C:\WINDOWS
20:46:27.0400 0x09e8  Processor architecture: Intel x86
20:46:27.0400 0x09e8  Number of processors: 2
20:46:27.0400 0x09e8  Page size: 0x1000
20:46:27.0400 0x09e8  Boot type: Normal boot
20:46:27.0400 0x09e8  ============================================================
20:46:32.0603 0x09e8  KLMD registered as C:\WINDOWS\system32\drivers\71003158.sys
20:46:35.0666 0x09e8  System UUID: {705E860E-699C-44CE-83E3-2CFB1B34E3E5}
20:46:41.0994 0x09e8  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:46:41.0994 0x09e8  ============================================================
20:46:41.0994 0x09e8  \Device\Harddisk0\DR0:
20:46:42.0010 0x09e8  MBR partitions:
20:46:42.0010 0x09e8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
20:46:42.0010 0x09e8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xEF82792
20:46:42.0010 0x09e8  ============================================================
20:46:42.0057 0x09e8  D: <-> \Device\Harddisk0\DR0\Partition2
20:46:42.0322 0x09e8  C: <-> \Device\Harddisk0\DR0\Partition1
20:46:42.0322 0x09e8  ============================================================
20:46:42.0322 0x09e8  Initialize success
20:46:42.0322 0x09e8  ============================================================
20:47:10.0635 0x0168  ============================================================
20:47:10.0635 0x0168  Scan started
20:47:10.0635 0x0168  Mode: Manual; 
20:47:10.0635 0x0168  ============================================================
20:47:10.0635 0x0168  KSN ping started
20:47:13.0603 0x0168  KSN ping finished: true
20:47:15.0557 0x0168  ================ Scan system memory ========================
20:47:15.0557 0x0168  System memory - ok
20:47:15.0557 0x0168  ================ Scan services =============================
20:47:15.0947 0x0168  Abiosdsk - ok
20:47:15.0947 0x0168  abp480n5 - ok
20:47:16.0057 0x0168  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:47:16.0057 0x0168  ACPI - ok
20:47:16.0338 0x0168  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:47:16.0338 0x0168  ACPIEC - ok
20:47:16.0510 0x0168  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:47:16.0525 0x0168  AdobeFlashPlayerUpdateSvc - ok
20:47:16.0525 0x0168  adpu160m - ok
20:47:16.0635 0x0168  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:47:16.0728 0x0168  aec - ok
20:47:16.0807 0x0168  [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:47:16.0807 0x0168  AFD - ok
20:47:16.0822 0x0168  Aha154x - ok
20:47:16.0822 0x0168  aic78u2 - ok
20:47:16.0838 0x0168  aic78xx - ok
20:47:16.0869 0x0168  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:47:16.0869 0x0168  Alerter - ok
20:47:16.0916 0x0168  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
20:47:16.0916 0x0168  ALG - ok
20:47:16.0916 0x0168  AliIde - ok
20:47:16.0932 0x0168  amsint - ok
20:47:17.0025 0x0168  [ A80230BD04F0B8BF05185B369BB1CBB8, 8B167D2E31E7687E3B8E166938095DD7E5D77D270CDD78332CA68199A041F72F ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:47:17.0025 0x0168  ApfiltrService - ok
20:47:17.0322 0x0168  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
20:47:17.0338 0x0168  AppMgmt - ok
20:47:17.0385 0x0168  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:47:17.0385 0x0168  Arp1394 - ok
20:47:17.0400 0x0168  asc - ok
20:47:17.0400 0x0168  asc3350p - ok
20:47:17.0416 0x0168  asc3550 - ok
20:47:17.0557 0x0168  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:47:17.0588 0x0168  aspnet_state - ok
20:47:17.0666 0x0168  [ 7021F01CCAC1538CCF9AE004723AF033, 698B199D378426D9A07B01600BA265B8E8EDBEB29BEE223FB22592E59FB5B92E ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
20:47:17.0666 0x0168  aswMonFlt - ok
20:47:17.0728 0x0168  [ 98C18C78B0C3E7EFBDDA7BD0C35F5903, 92128EA70472EBA8804C2972DAA8557F460C2E082084E29B40CE93A05447592F ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
20:47:17.0728 0x0168  aswRdr - ok
20:47:17.0791 0x0168  [ F385467DF95D0A73775CB3B076B8B969, D427A5F4FB4D1DAB04AFC29E7EC510844F907ABBA053538995E65747BAD37422 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
20:47:17.0791 0x0168  aswRvrt - ok
20:47:18.0494 0x0168  [ 8CD8710457FCC1CDE88CBFA3AA119B92, B750481B2D44E2D01DEF500276A7253731EDD2BCB117B083EE10FAA7A8FFF729 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
20:47:18.0525 0x0168  aswSnx - ok
20:47:18.0775 0x0168  [ C1F95C9481F46B96E23A276639C55AC9, 75F7BCF74E46E3A8EC9AF0DB5D7FCA280DCAF97BD932767DCBDE66E26BF0E7CE ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
20:47:18.0791 0x0168  aswSP - ok
20:47:18.0838 0x0168  [ E6390554DCB2A730702188547267093C, 1F97F23A2C1767ABD52041DFA0EF9065567CDB02B12F674CF4EE4E8FBA69773B ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
20:47:18.0853 0x0168  aswTdi - ok
20:47:18.0994 0x0168  [ 1B0662514A68C3A42E60D240C5ABEF28, 71301759C135895C72CAED297A669BA58B3F73E0B7E46DB981F6559D5D5E2B89 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
20:47:19.0025 0x0168  aswVmm - ok
20:47:19.0541 0x0168  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:47:19.0541 0x0168  AsyncMac - ok
20:47:19.0619 0x0168  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:47:19.0619 0x0168  atapi - ok
20:47:19.0635 0x0168  Atdisk - ok
20:47:19.0666 0x0168  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:47:19.0666 0x0168  Atmarpc - ok
20:47:19.0713 0x0168  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:47:19.0713 0x0168  AudioSrv - ok
20:47:19.0728 0x0168  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:47:19.0728 0x0168  audstub - ok
20:47:19.0885 0x0168  [ CC42F104172B4A62793083D380867317, 0B09823419B328E29EB9FFBD033B3295590E414F31E7B37F11F62BD4B7EBAF06 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:47:19.0885 0x0168  avast! Antivirus - ok
20:47:20.0369 0x0168  [ 30D20FC98BCFD52E1DA778CF19B223D4, 4B035071CEF9BBD32EEA16E6A14F9908DCB89687632E8CB8420FA8EE0DB075C4 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:47:20.0385 0x0168  BCM43XX - ok
20:47:20.0416 0x0168  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:47:20.0416 0x0168  Beep - ok
20:47:20.0603 0x0168  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:47:20.0869 0x0168  BITS - ok
20:47:20.0932 0x0168  [ A06CE3399D16DB864F55FAEB1F1927A9, 3430FA8552D91670D9FB0A921C735ADBE2DA7FF108C199DDEEF2FB2E50713AF3 ] Browser         C:\WINDOWS\System32\browser.dll
20:47:20.0947 0x0168  Browser - ok
20:47:21.0057 0x0168  [ ECDC40CC54603C711E1A7A1C9255184A, 7F109180AAC41D79036085A5725544BFA3895CAF791B272D9460133A0868AECB ] btaudio         C:\WINDOWS\system32\drivers\btaudio.sys
20:47:21.0088 0x0168  btaudio - ok
20:47:21.0385 0x0168  [ 58A49BD10E08D3D4333A60DEDCB1CED8, 2110462BDD51BCEB661C089376E60E5ECE5F5908CF80A09035190529C9F306A4 ] BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
20:47:21.0400 0x0168  BTDriver - ok
20:47:21.0588 0x0168  [ 885B6D0F826A216EEE4C3AD883809012, C0C1DFE0E076464721C116CAF7193F3E5A3747097B4CAAD165511C2D391B3C58 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:47:21.0619 0x0168  BTKRNL - ok
20:47:21.0791 0x0168  [ 467BC618DEBA4F8DB5A1A5E87510C335, 720F130465A71A7A643ED9F09AC90773BADBCD266EEEEB087282FD2C783F46C0 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
20:47:21.0791 0x0168  btwdins - ok
20:47:21.0869 0x0168  [ B1D350F3F13CF340FCE93912D2BA1EBF, ADB2F5F70CB094AA0E582AD67A4D77F68B27DA6115722A2B9DD472C19BFB9DD0 ] BTWDNDIS        C:\WINDOWS\system32\DRIVERS\btwdndis.sys
20:47:21.0885 0x0168  BTWDNDIS - ok
20:47:21.0932 0x0168  [ E48668B4A6A5CF68B33AECAD18EE8E1E, CC190DCED4B71FDCC113E90B4FCAC4975830C6C86C04F9CDDF2C4E9F2661AA30 ] btwhid          C:\WINDOWS\system32\DRIVERS\btwhid.sys
20:47:21.0932 0x0168  btwhid - ok
20:47:21.0978 0x0168  [ 8BCD7BFE9C70A8FF7444263435B18AA1, CD260090E88D75C5F277403075FA43BA71166E9C65B9ECD3E2D767E67D92374D ] btwmodem        C:\WINDOWS\system32\DRIVERS\btwmodem.sys
20:47:21.0978 0x0168  btwmodem - ok
20:47:22.0041 0x0168  [ 57E91E9925976BBC98984EEBAAF1D84C, 7AC67CE1026D589F66C31F9B30D65C4F94EE5F56FA1FE4992023AE31F6D142D2 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
20:47:22.0041 0x0168  BTWUSB - ok
20:47:22.0103 0x0168  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:47:22.0103 0x0168  cbidf2k - ok
20:47:22.0369 0x0168  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:47:22.0369 0x0168  CCDECODE - ok
20:47:22.0385 0x0168  cd20xrnt - ok
20:47:22.0416 0x0168  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:47:22.0416 0x0168  Cdaudio - ok
20:47:22.0478 0x0168  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:47:22.0478 0x0168  Cdfs - ok
20:47:22.0510 0x0168  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:47:22.0525 0x0168  Cdrom - ok
20:47:22.0525 0x0168  Changer - ok
20:47:22.0588 0x0168  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:47:22.0588 0x0168  ClipSrv - ok
20:47:22.0666 0x0168  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:47:22.0822 0x0168  clr_optimization_v2.0.50727_32 - ok
20:47:22.0838 0x0168  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:47:22.0838 0x0168  CmBatt - ok
20:47:22.0838 0x0168  CmdIde - ok
20:47:22.0853 0x0168  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:47:22.0869 0x0168  Compbatt - ok
20:47:22.0869 0x0168  COMSysApp - ok
20:47:22.0885 0x0168  Cpqarray - ok
20:47:23.0557 0x0168  cpuz135 - ok
20:47:23.0557 0x0168  cpuz136 - ok
20:47:23.0650 0x0168  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:47:23.0650 0x0168  CryptSvc - ok
20:47:23.0650 0x0168  dac2w2k - ok
20:47:23.0666 0x0168  dac960nt - ok
20:47:23.0932 0x0168  [ 2589FE6015A316C0F5D5112B4DA7B509, 2753785BA07A1A7A25E275332F5F9F403F6E8CBF396FD0905D6BA84B98C403A6 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:47:23.0963 0x0168  DcomLaunch - ok
20:47:24.0072 0x0168  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:47:24.0103 0x0168  Dhcp - ok
20:47:24.0353 0x0168  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:47:24.0353 0x0168  Disk - ok
20:47:24.0353 0x0168  dmadmin - ok
20:47:24.0525 0x0168  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:47:24.0541 0x0168  dmboot - ok
20:47:24.0619 0x0168  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:47:24.0619 0x0168  dmio - ok
20:47:24.0635 0x0168  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:47:24.0650 0x0168  dmload - ok
20:47:24.0682 0x0168  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:47:24.0682 0x0168  dmserver - ok
20:47:24.0728 0x0168  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:47:24.0728 0x0168  DMusic - ok
20:47:24.0775 0x0168  [ 474B4DC3983173E4B4C9740B0DAC98A6, C0B1B5B3A87529FFA93BCFCC2BC013A96CAD7F5049ED4D999E8D5D9AC91F95B7 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:47:24.0775 0x0168  Dnscache - ok
20:47:24.0853 0x0168  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:47:24.0853 0x0168  Dot3svc - ok
20:47:24.0869 0x0168  dpti2o - ok
20:47:24.0885 0x0168  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:47:24.0885 0x0168  drmkaud - ok
20:47:24.0932 0x0168  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:47:24.0932 0x0168  EapHost - ok
20:47:25.0025 0x0168  [ 0E776ED5F7CC9F94299E70461B7B8185, 22750B3829133D1D4BB3CE2FA6247BE2373B5D15A6ED1C8A71673AA1CE7D9530 ] Eventlog        C:\WINDOWS\system32\services.exe
20:47:25.0025 0x0168  Eventlog - ok
20:47:25.0213 0x0168  [ 19A799805B24990867B00C120D300C3A, 3C8CB64BE0508B5136D4F4919DA665AB86366EFFFFDD890A9B27E7CE39DCF098 ] EventSystem     C:\WINDOWS\system32\es.dll
20:47:25.0525 0x0168  EventSystem - ok
20:47:25.0619 0x0168  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:47:25.0635 0x0168  Fastfat - ok
20:47:25.0728 0x0168  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:47:25.0728 0x0168  FastUserSwitchingCompatibility - ok
20:47:25.0760 0x0168  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
20:47:25.0760 0x0168  Fdc - ok
20:47:25.0791 0x0168  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:47:25.0791 0x0168  Fips - ok
20:47:25.0822 0x0168  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
20:47:25.0822 0x0168  Flpydisk - ok
20:47:25.0916 0x0168  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:47:25.0916 0x0168  FltMgr - ok
20:47:26.0025 0x0168  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:47:26.0025 0x0168  FontCache3.0.0.0 - ok
20:47:26.0041 0x0168  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:47:26.0041 0x0168  Fs_Rec - ok
20:47:26.0135 0x0168  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:47:26.0150 0x0168  Ftdisk - ok
20:47:26.0385 0x0168  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:47:26.0385 0x0168  Gpc - ok
20:47:26.0478 0x0168  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:47:26.0478 0x0168  HDAudBus - ok
20:47:26.0541 0x0168  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
20:47:26.0541 0x0168  HidServ - ok
20:47:26.0572 0x0168  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:47:26.0572 0x0168  hidusb - ok
20:47:26.0635 0x0168  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:47:26.0650 0x0168  hkmsvc - ok
20:47:26.0650 0x0168  hpn - ok
20:47:26.0713 0x0168  [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:47:26.0713 0x0168  HPZid412 - ok
20:47:26.0728 0x0168  [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:47:26.0744 0x0168  HPZipr12 - ok
20:47:26.0760 0x0168  [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:47:26.0760 0x0168  HPZius12 - ok
20:47:26.0885 0x0168  [ 290CDBB05903742EA06B7203C5A662F5, C6788E3C18A072F23F4FD77A9F8B95672C13F2AB0F55652D82DED064C5FC98B6 ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:47:26.0900 0x0168  HSFHWAZL - ok
20:47:27.0603 0x0168  [ 7AB812355F98858B9ECDD46E6FCC221F, 1F3F727CC9D02EABA1D5EB1878CDDBC1C7AC135534661A058A2676B50974A943 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:47:27.0619 0x0168  HSF_DPV - ok
20:47:27.0775 0x0168  [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:47:27.0963 0x0168  HTTP - ok
20:47:27.0994 0x0168  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:47:27.0994 0x0168  HTTPFilter - ok
20:47:28.0010 0x0168  i2omgmt - ok
20:47:28.0025 0x0168  i2omp - ok
20:47:28.0072 0x0168  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:47:28.0072 0x0168  i8042prt - ok
20:47:28.0947 0x0168  [ BFFA387180121DF1E4646C4CED3E16CA, D94C94DB7F90FAB681E28F81C346CED009F1E6104F5BB1F3EB2F467A34D0221E ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:47:29.0869 0x0168  ialm - ok
20:47:30.0432 0x0168  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:47:30.0463 0x0168  idsvc - ok
20:47:30.0510 0x0168  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:47:30.0510 0x0168  Imapi - ok
20:47:30.0603 0x0168  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:47:30.0603 0x0168  ImapiService - ok
20:47:30.0619 0x0168  ini910u - ok
20:47:30.0697 0x0168  [ 99D47D1CF700982B37CCE16B068449F0, C10C1BF5B2DDDC2C56BB8C27DD84E1D7595B6A8D1A89F91FB133AE49EA71816E ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
20:47:30.0697 0x0168  IntcHdmiAddService - ok
20:47:30.0697 0x0168  IntelIde - ok
20:47:30.0728 0x0168  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:47:30.0728 0x0168  intelppm - ok
20:47:30.0760 0x0168  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:47:30.0760 0x0168  Ip6Fw - ok
20:47:30.0822 0x0168  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:47:30.0838 0x0168  IpFilterDriver - ok
20:47:30.0853 0x0168  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:47:30.0853 0x0168  IpInIp - ok
20:47:30.0932 0x0168  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:47:30.0932 0x0168  IpNat - ok
20:47:30.0978 0x0168  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:47:30.0994 0x0168  IPSec - ok
20:47:31.0025 0x0168  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:47:31.0025 0x0168  IRENUM - ok
20:47:31.0072 0x0168  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:47:31.0088 0x0168  isapnp - ok
20:47:31.0525 0x0168  [ 691B9B7C0CC1653732717D292D6B305D, 4385B4B686A78912018EF974134FDD71FBE9843DDEDF1E6C305B2AAB342D5902 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:47:31.0541 0x0168  JavaQuickStarterService - ok
20:47:31.0588 0x0168  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:47:31.0588 0x0168  Kbdclass - ok
20:47:31.0619 0x0168  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:47:31.0635 0x0168  kbdhid - ok
20:47:31.0744 0x0168  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:47:31.0838 0x0168  kmixer - ok
20:47:31.0900 0x0168  [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:47:31.0916 0x0168  KSecDD - ok
20:47:32.0010 0x0168  [ F385F4B02C535BFFE1D70CAB80838123, A1695E161673BCB77CE150C2D98A07FCB454C53F10EEBECD754D2CC40DEAA1E0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
20:47:32.0025 0x0168  LanmanServer - ok
20:47:32.0135 0x0168  [ 1B67B632786FEF1C1BBAEF46C2F3F2E6, 48A6DB1EC7515F0DDD0639AEE3056F32C273B4D541F3647915A32ABA140DA34A ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:47:32.0182 0x0168  lanmanworkstation - ok
20:47:32.0213 0x0168  lbrtfdc - ok
20:47:32.0385 0x0168  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:47:32.0385 0x0168  LmHosts - ok
20:47:32.0432 0x0168  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
20:47:32.0432 0x0168  MBAMProtector - ok
20:47:32.0744 0x0168  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:47:32.0760 0x0168  MBAMScheduler - ok
20:47:33.0244 0x0168  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:47:33.0322 0x0168  MBAMService - ok
20:47:33.0432 0x0168  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:47:33.0432 0x0168  mdmxsdk - ok
20:47:33.0478 0x0168  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:47:33.0494 0x0168  Messenger - ok
20:47:33.0619 0x0168  [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:47:33.0619 0x0168  Microsoft Office Groove Audit Service - ok
20:47:33.0650 0x0168  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:47:33.0666 0x0168  mnmdd - ok
20:47:33.0697 0x0168  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
20:47:33.0697 0x0168  mnmsrvc - ok
20:47:33.0760 0x0168  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:47:33.0760 0x0168  Modem - ok
20:47:33.0775 0x0168  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:47:33.0775 0x0168  Mouclass - ok
20:47:33.0807 0x0168  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:47:33.0807 0x0168  mouhid - ok
20:47:33.0853 0x0168  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:47:33.0853 0x0168  MountMgr - ok
20:47:33.0947 0x0168  [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:47:33.0963 0x0168  MozillaMaintenance - ok
20:47:33.0963 0x0168  mraid35x - ok
20:47:34.0072 0x0168  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:47:34.0072 0x0168  MRxDAV - ok
20:47:34.0541 0x0168  [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:47:34.0541 0x0168  MRxSmb - ok
20:47:34.0572 0x0168  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
20:47:34.0572 0x0168  MSDTC - ok
20:47:34.0588 0x0168  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:47:34.0588 0x0168  Msfs - ok
20:47:34.0603 0x0168  MSIServer - ok
20:47:34.0619 0x0168  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:47:34.0619 0x0168  MSKSSRV - ok
20:47:34.0619 0x0168  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:47:34.0619 0x0168  MSPCLOCK - ok
20:47:34.0650 0x0168  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:47:34.0650 0x0168  MSPQM - ok
20:47:34.0713 0x0168  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:47:34.0713 0x0168  mssmbios - ok
20:47:34.0728 0x0168  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
20:47:34.0728 0x0168  MSTEE - ok
20:47:34.0791 0x0168  [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:47:34.0791 0x0168  Mup - ok
20:47:34.0838 0x0168  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:47:34.0838 0x0168  NABTSFEC - ok
20:47:35.0025 0x0168  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:47:35.0041 0x0168  napagent - ok
20:47:35.0150 0x0168  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:47:35.0166 0x0168  NDIS - ok
20:47:35.0385 0x0168  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:47:35.0385 0x0168  NdisIP - ok
20:47:35.0416 0x0168  [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:47:35.0416 0x0168  NdisTapi - ok
20:47:35.0463 0x0168  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:47:35.0463 0x0168  Ndisuio - ok
20:47:35.0525 0x0168  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:47:35.0525 0x0168  NdisWan - ok
20:47:35.0557 0x0168  [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:47:35.0557 0x0168  NDProxy - ok
20:47:35.0619 0x0168  [ 69C503C004F49AEE8B8E3067CC047BA7, 0E7A2FB0CC7669E6400EDA4D2220BBB1A85CF3D3529739DA5AE2C073FFA08313 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
20:47:35.0619 0x0168  Net Driver HPZ12 - ok
20:47:35.0666 0x0168  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:47:35.0666 0x0168  NetBIOS - ok
20:47:35.0760 0x0168  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:47:35.0775 0x0168  NetBT - ok
20:47:35.0838 0x0168  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:47:35.0853 0x0168  NetDDE - ok
20:47:35.0900 0x0168  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:47:35.0900 0x0168  NetDDEdsdm - ok
20:47:35.0932 0x0168  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:47:35.0947 0x0168  Netlogon - ok
20:47:36.0072 0x0168  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
20:47:36.0463 0x0168  Netman - ok
20:47:36.0572 0x0168  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:47:36.0588 0x0168  NetTcpPortSharing - ok
20:47:36.0650 0x0168  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:47:36.0650 0x0168  NIC1394 - ok
20:47:36.0853 0x0168  [ B4138E99236F0F57D4CF49BAE98A0746, DDEAE046C1165C41F06933E808B143118208B02BB83FA80BEF8F550D4DC78149 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:47:37.0025 0x0168  Nla - ok
20:47:37.0072 0x0168  [ F6C40E0A565EE3CE5AEEB325E10054F2, 30C8BA41B1C235ECB2C7F29CD76C8F41B8D705BE7DD44F66666C28275EA56BAC ] nmwcd           C:\WINDOWS\system32\drivers\ccdcmb.sys
20:47:37.0072 0x0168  nmwcd - ok
20:47:37.0135 0x0168  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B, 879BE61C4256C9B855AA269C241A0D24E9ECE3CA0F3AFFB2E11D9340C0428D31 ] nmwcdc          C:\WINDOWS\system32\drivers\ccdcmbo.sys
20:47:37.0135 0x0168  nmwcdc - ok
20:47:37.0416 0x0168  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:47:37.0416 0x0168  Npfs - ok
20:47:37.0713 0x0168  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:47:37.0728 0x0168  Ntfs - ok
20:47:37.0744 0x0168  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
20:47:37.0744 0x0168  NtLmSsp - ok
20:47:37.0947 0x0168  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:47:37.0947 0x0168  NtmsSvc - ok
20:47:37.0994 0x0168  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:47:37.0994 0x0168  Null - ok
20:47:38.0010 0x0168  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:47:38.0010 0x0168  NwlnkFlt - ok
20:47:38.0025 0x0168  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:47:38.0041 0x0168  NwlnkFwd - ok
20:47:38.0572 0x0168  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:47:38.0588 0x0168  odserv - ok
20:47:38.0619 0x0168  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:47:38.0619 0x0168  ohci1394 - ok
20:47:38.0713 0x0168  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:47:38.0713 0x0168  ose - ok
20:47:38.0838 0x0168  [ 93E4D6184B772A861F91F98A064390AE, 1EC8F4EEA421DE5D83B381254F657389583883BE2E91C82D78AC1BE0A933C7E0 ] OTFSDMS         C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe
20:47:38.0900 0x0168  OTFSDMS - ok
20:47:38.0963 0x0168  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
20:47:38.0963 0x0168  Parport - ok
20:47:38.0978 0x0168  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:47:38.0978 0x0168  PartMgr - ok
20:47:39.0010 0x0168  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:47:39.0010 0x0168  ParVdm - ok
20:47:39.0057 0x0168  [ F451DCACBAA67F3307305EBD4A39EA07, C4435BF4C2D16F3DC0B35732BE3602FFA28DB0A5BC5576F45E0D32E5F4CD2DEA ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
20:47:39.0057 0x0168  pccsmcfd - ok
20:47:39.0119 0x0168  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:47:39.0119 0x0168  PCI - ok
20:47:39.0119 0x0168  PCIDump - ok
20:47:39.0135 0x0168  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:47:39.0135 0x0168  PCIIde - ok
20:47:39.0213 0x0168  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:47:39.0213 0x0168  Pcmcia - ok
20:47:39.0213 0x0168  PDCOMP - ok
20:47:39.0228 0x0168  PDFRAME - ok
20:47:39.0228 0x0168  PDRELI - ok
20:47:39.0228 0x0168  PDRFRAME - ok
20:47:39.0244 0x0168  perc2 - ok
20:47:39.0244 0x0168  perc2hib - ok
20:47:39.0338 0x0168  [ 0E776ED5F7CC9F94299E70461B7B8185, 22750B3829133D1D4BB3CE2FA6247BE2373B5D15A6ED1C8A71673AA1CE7D9530 ] PlugPlay        C:\WINDOWS\system32\services.exe
20:47:39.0338 0x0168  PlugPlay - ok
20:47:39.0385 0x0168  [ 12B4549D515CB26BB8D375038017CA65, B09ED2BED994D2B04862BBF62EF56F110235D3489D3B1762432F22A3A8F97BB8 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
20:47:39.0400 0x0168  Pml Driver HPZ12 - ok
20:47:39.0416 0x0168  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:47:39.0432 0x0168  PolicyAgent - ok
20:47:39.0463 0x0168  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:47:39.0463 0x0168  PptpMiniport - ok
20:47:39.0478 0x0168  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:47:39.0478 0x0168  ProtectedStorage - ok
20:47:39.0510 0x0168  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:47:39.0525 0x0168  PSched - ok
20:47:39.0541 0x0168  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:47:39.0541 0x0168  Ptilink - ok
20:47:39.0572 0x0168  [ 153D02480A0A2F45785522E814C634B6, 02B7590F2F4A8FA0B031CDA7A28BD55E7C04A080C1EA810BF3AC3212A62153A6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:47:39.0572 0x0168  PxHelp20 - ok
20:47:39.0572 0x0168  ql1080 - ok
20:47:39.0588 0x0168  Ql10wnt - ok
20:47:39.0603 0x0168  ql12160 - ok
20:47:39.0619 0x0168  ql1240 - ok
20:47:39.0619 0x0168  ql1280 - ok
20:47:39.0682 0x0168  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:47:39.0682 0x0168  RasAcd - ok
20:47:39.0791 0x0168  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:47:39.0791 0x0168  RasAuto - ok
20:47:39.0869 0x0168  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:47:39.0869 0x0168  Rasl2tp - ok
20:47:40.0057 0x0168  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:47:40.0166 0x0168  RasMan - ok
20:47:40.0244 0x0168  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:47:40.0244 0x0168  RasPppoe - ok
20:47:40.0322 0x0168  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:47:40.0322 0x0168  Raspti - ok
20:47:40.0478 0x0168  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:47:40.0478 0x0168  Rdbss - ok
20:47:40.0572 0x0168  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:47:40.0572 0x0168  RDPCDD - ok
20:47:40.0791 0x0168  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:47:40.0807 0x0168  rdpdr - ok
20:47:40.0885 0x0168  [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:47:40.0885 0x0168  RDPWD - ok
20:47:40.0963 0x0168  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:47:40.0963 0x0168  RDSessMgr - ok
20:47:41.0025 0x0168  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:47:41.0025 0x0168  redbook - ok
20:47:41.0103 0x0168  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:47:41.0103 0x0168  RemoteAccess - ok
20:47:41.0182 0x0168  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:47:41.0182 0x0168  RemoteRegistry - ok
20:47:41.0228 0x0168  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:47:41.0244 0x0168  RpcLocator - ok
20:47:41.0478 0x0168  [ 2589FE6015A316C0F5D5112B4DA7B509, 2753785BA07A1A7A25E275332F5F9F403F6E8CBF396FD0905D6BA84B98C403A6 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:47:41.0478 0x0168  RpcSs - ok
20:47:41.0588 0x0168  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:47:41.0588 0x0168  RSVP - ok
20:47:41.0619 0x0168  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:47:41.0619 0x0168  SamSs - ok
20:47:41.0682 0x0168  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:47:41.0682 0x0168  SCardSvr - ok
20:47:41.0822 0x0168  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:47:41.0838 0x0168  Schedule - ok
20:47:41.0885 0x0168  [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:47:41.0885 0x0168  sdbus - ok
20:47:41.0900 0x0168  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:47:41.0900 0x0168  Secdrv - ok
20:47:41.0932 0x0168  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:47:41.0932 0x0168  seclogon - ok
20:47:41.0963 0x0168  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
20:47:41.0978 0x0168  SENS - ok
20:47:42.0010 0x0168  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
20:47:42.0010 0x0168  Serial - ok
20:47:42.0353 0x0168  [ C3BB6CF8F9EE199005A2AAE2815AD756, 7A817599C2F3AD819D643223AA714CCCB790EE5983096D8D9CD2D626D6924837 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:47:42.0369 0x0168  ServiceLayer - ok
20:47:42.0400 0x0168  [ 0FA803C64DF0914B41F807EA276BF2A6, 847B1CD47ADF9E4AE298E74CC53A7F9DB4E58F43919D3A2BBFFE07244134778D ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
20:47:42.0400 0x0168  sffdisk - ok
20:47:42.0416 0x0168  [ C17C331E435ED8737525C86A7557B3AC, F1DEB2CA5D8E02280782B354A31E148E3A2F2B5F57AD6C575875DE20F6D3C930 ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
20:47:42.0416 0x0168  sffp_sd - ok
20:47:42.0447 0x0168  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:47:42.0447 0x0168  Sfloppy - ok
20:47:42.0650 0x0168  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:47:42.0807 0x0168  SharedAccess - ok
20:47:42.0885 0x0168  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:47:42.0900 0x0168  ShellHWDetection - ok
20:47:42.0900 0x0168  Simbad - ok
20:47:42.0916 0x0168  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:47:42.0916 0x0168  SLIP - ok
20:47:42.0978 0x0168  [ FF35C2D01AC36B446A1B997F305F0FC2, 43A0E30835DB49E89F87AD871F7792FCC342F5DA4EE82B2E15592A00D7DC5A81 ] Soluto          C:\WINDOWS\system32\DRIVERS\Soluto.sys
20:47:42.0978 0x0168  Soluto - ok
20:47:43.0135 0x0168  [ 5F931716CC5DA2406D56F3BC1308E6AE, 8500545EC9844176E5EFD69B20E74D26410896283DE15AA95D663320173203FA ] SolutoLauncherService C:\Program Files\Soluto\SolutoLauncherService.exe
20:47:43.0135 0x0168  SolutoLauncherService - ok
20:47:43.0541 0x0168  [ 94DD8FDB569EFC1CCC2C68B32C1CDF01, DA119ED52D6ED2A48C046E09A037BF52243D3B638492EE9AFD15E6C583A15808 ] SolutoService   C:\Program Files\Soluto\SolutoService.exe
20:47:43.0838 0x0168  SolutoService - ok
20:47:43.0853 0x0168  Sparrow - ok
20:47:43.0869 0x0168  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:47:43.0869 0x0168  splitter - ok
20:47:43.0932 0x0168  [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B, 130D686A220AF97EBF33DD481B79990F259B4EE38DD95A35CD3D0F0517790FF0 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:47:43.0932 0x0168  Spooler - ok
20:47:43.0978 0x0168  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:47:43.0978 0x0168  sr - ok
20:47:44.0088 0x0168  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:47:44.0150 0x0168  srservice - ok
20:47:44.0322 0x0168  [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:47:44.0322 0x0168  Srv - ok
20:47:44.0385 0x0168  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:47:44.0385 0x0168  SSDPSRV - ok
20:47:44.0494 0x0168  [ 6F855B5625A47F3AC731A262FDC379A6, 230B7ACC80C18AF0F4184E3F55458CD0BEE620768CB1247E33226798BD2F5257 ] STacSV          C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
20:47:44.0510 0x0168  STacSV - ok
20:47:44.0963 0x0168  [ 951801DFB54D86F611F0AF47825476F9, 96A4453AB42953E6FE57377D125AFEB98B18901E1D8450CA96CE3304FBF79A90 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
20:47:44.0994 0x0168  STHDA - ok
20:47:45.0213 0x0168  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:47:45.0369 0x0168  stisvc - ok
20:47:45.0385 0x0168  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:47:45.0385 0x0168  streamip - ok
20:47:45.0416 0x0168  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:47:45.0416 0x0168  swenum - ok
20:47:45.0463 0x0168  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:47:45.0463 0x0168  swmidi - ok
20:47:45.0463 0x0168  SwPrv - ok
20:47:45.0478 0x0168  symc810 - ok
20:47:45.0478 0x0168  symc8xx - ok
20:47:45.0494 0x0168  sym_hi - ok
20:47:45.0494 0x0168  sym_u3 - ok
20:47:45.0541 0x0168  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:47:45.0541 0x0168  sysaudio - ok
20:47:45.0588 0x0168  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:47:45.0603 0x0168  SysmonLog - ok
20:47:45.0760 0x0168  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:47:45.0869 0x0168  TapiSrv - ok
20:47:46.0041 0x0168  [ ACCF5A9A1FFAA490F33DBA1C632B95E1, 286A5114870E9C05E8F588F4F0BE33B66FCE6F7352F5B28EBB2225E5E870F58F ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:47:46.0057 0x0168  Tcpip - ok
20:47:46.0088 0x0168  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:47:46.0088 0x0168  TDPIPE - ok
20:47:46.0119 0x0168  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:47:46.0119 0x0168  TDTCP - ok
20:47:46.0150 0x0168  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:47:46.0150 0x0168  TermDD - ok
20:47:46.0338 0x0168  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
20:47:46.0478 0x0168  TermService - ok
20:47:46.0572 0x0168  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:47:46.0572 0x0168  Themes - ok
20:47:46.0635 0x0168  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
20:47:46.0650 0x0168  TlntSvr - ok
20:47:46.0650 0x0168  TosIde - ok
20:47:46.0728 0x0168  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:47:46.0744 0x0168  TrkWks - ok
20:47:46.0791 0x0168  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:47:46.0791 0x0168  Udfs - ok
20:47:46.0807 0x0168  ultra - ok
20:47:47.0072 0x0168  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:47:47.0088 0x0168  Update - ok
20:47:47.0197 0x0168  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:47:47.0197 0x0168  upnphost - ok
20:47:47.0228 0x0168  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
20:47:47.0228 0x0168  UPS - ok
20:47:47.0260 0x0168  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:47:47.0260 0x0168  usbccgp - ok
20:47:47.0307 0x0168  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:47:47.0307 0x0168  usbehci - ok
20:47:47.0338 0x0168  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:47:47.0338 0x0168  usbhub - ok
20:47:47.0385 0x0168  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:47:47.0385 0x0168  usbprint - ok
20:47:47.0432 0x0168  [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:47:47.0432 0x0168  usbscan - ok
20:47:47.0478 0x0168  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:47:47.0478 0x0168  USBSTOR - ok
20:47:47.0494 0x0168  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:47:47.0494 0x0168  usbuhci - ok
20:47:47.0572 0x0168  [ 63BBFCA7F390F4C49ED4B96BFB1633E0, AEB89CF43376709CDD715D844E8CBB8F2BE24D39795F45F7C84F21962F3A52AB ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
20:47:47.0572 0x0168  usbvideo - ok
20:47:47.0603 0x0168  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:47:47.0603 0x0168  VgaSave - ok
20:47:47.0603 0x0168  ViaIde - ok
20:47:47.0650 0x0168  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:47:47.0650 0x0168  VolSnap - ok
20:47:47.0760 0x0168  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
20:47:47.0775 0x0168  VSS - ok
20:47:47.0885 0x0168  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
20:47:47.0947 0x0168  W32Time - ok
20:47:47.0978 0x0168  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:47:47.0978 0x0168  Wanarp - ok
20:47:48.0213 0x0168  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:47:48.0228 0x0168  Wdf01000 - ok
20:47:48.0228 0x0168  WDICA - ok
20:47:48.0291 0x0168  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:47:48.0307 0x0168  wdmaud - ok
20:47:48.0369 0x0168  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:47:48.0369 0x0168  WebClient - ok
20:47:48.0666 0x0168  [ A8596CF86D445269A42ECC08B7066A4C, 027AFC49E4008BB5A2B595E3BF6C04042F4596795D6F0C23B32AA6E58D2BE2B2 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:47:48.0682 0x0168  winachsf - ok
20:47:48.0822 0x0168  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:47:48.0869 0x0168  winmgmt - ok
20:47:48.0916 0x0168  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:47:48.0932 0x0168  WmdmPmSN - ok
20:47:49.0307 0x0168  [ BAB489A5FE26F2D0C910CF7AF7E4CF92, 700325258CA7A2BC2D7AA6E3176194D21229BEA76EA37BEAE117BBF87CE4ECD4 ] Wmi             C:\WINDOWS\System32\advapi32.dll
20:47:49.0666 0x0168  Wmi - ok
20:47:49.0697 0x0168  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:47:49.0697 0x0168  WmiAcpi - ok
20:47:49.0760 0x0168  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:47:49.0760 0x0168  WmiApSrv - ok
20:47:49.0807 0x0168  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
20:47:49.0807 0x0168  WpdUsb - ok
20:47:49.0822 0x0168  WSearch - ok
20:47:49.0838 0x0168  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:47:49.0838 0x0168  WSTCODEC - ok
20:47:49.0869 0x0168  [ D29AD7484B98279ED21877DE051A180F, F132BEED68960D4D3A1A731CDD48C17390FCFF89746E642272D778ECF23B30EA ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:47:49.0885 0x0168  wuauserv - ok
20:47:49.0947 0x0168  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:47:49.0947 0x0168  WudfPf - ok
20:47:49.0994 0x0168  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:47:49.0994 0x0168  WudfRd - ok
20:47:50.0025 0x0168  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:47:50.0025 0x0168  WudfSvc - ok
20:47:50.0338 0x0168  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:47:50.0588 0x0168  WZCSVC - ok
20:47:50.0650 0x0168  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:47:50.0650 0x0168  xmlprov - ok
20:47:50.0807 0x0168  [ D57A909F1A9114D5D18A2EACB1AFECD5, 6F49F233DC84A08A443CA0B964E51E24F3DE241C70D657D359F72EE174057795 ] yukonwxp        C:\WINDOWS\system32\DRIVERS\yk51x86.sys
20:47:50.0807 0x0168  yukonwxp - ok
20:47:50.0838 0x0168  ================ Scan global ===============================
20:47:50.0900 0x0168  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
20:47:51.0119 0x0168  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C, 1ED920E475221228EF215708701EC166A0B1BBCBD236E5B047420EBD0FF1371A ] C:\WINDOWS\system32\winsrv.dll
20:47:51.0447 0x0168  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C, 1ED920E475221228EF215708701EC166A0B1BBCBD236E5B047420EBD0FF1371A ] C:\WINDOWS\system32\winsrv.dll
20:47:51.0541 0x0168  [ 0E776ED5F7CC9F94299E70461B7B8185, 22750B3829133D1D4BB3CE2FA6247BE2373B5D15A6ED1C8A71673AA1CE7D9530 ] C:\WINDOWS\system32\services.exe
20:47:51.0541 0x0168  [ Global ] - ok
20:47:51.0541 0x0168  ================ Scan MBR ==================================
20:47:51.0572 0x0168  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:47:51.0978 0x0168  \Device\Harddisk0\DR0 - ok
20:47:51.0978 0x0168  ================ Scan VBR ==================================
20:47:51.0994 0x0168  [ 1A3E3AB675BF91457A3580FE353A98AC ] \Device\Harddisk0\DR0\Partition1
20:47:52.0025 0x0168  \Device\Harddisk0\DR0\Partition1 - ok
20:47:52.0041 0x0168  [ D68839CB228D308B48D5965B7868EE84 ] \Device\Harddisk0\DR0\Partition2
20:47:52.0072 0x0168  \Device\Harddisk0\DR0\Partition2 - ok
20:47:52.0072 0x0168  Waiting for KSN requests completion. In queue: 238
20:47:53.0072 0x0168  Waiting for KSN requests completion. In queue: 238
20:47:54.0088 0x0168  Waiting for KSN requests completion. In queue: 238
20:47:55.0088 0x0168  Waiting for KSN requests completion. In queue: 238
20:47:56.0322 0x0168  Win FW state via NFM: enabled
20:47:59.0072 0x0168  ============================================================
20:47:59.0072 0x0168  Scan finished
20:47:59.0072 0x0168  ============================================================
20:47:59.0150 0x03fc  Detected object count: 0
20:47:59.0150 0x03fc  Actual detected object count: 0
20:49:27.0728 0x16c4  Deinitialize success


#6 yoniarmon

yoniarmon
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 18 March 2014 - 01:56 AM

when i followed this post: http://www.bleepingcomputer.com/forums/t/526786/help-infected-with-a-trojan/  , before asking for your help, I tried the Fix option and in this last TDSSkiller scan it didn't show me any malicious objects..



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 18 March 2014 - 03:58 AM

Yes, you´ve followed the advice for another user - what is really dangerous.

 

TDSS-Killer produced logs at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please attach these logs to your next reply.

 

Also, run FRST again.

 

Ensure a checkmark is placed next to Addition.txt and hit Scan.

Post up the content of addition.txt


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 yoniarmon

yoniarmon
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 18 March 2014 - 04:36 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Administrator at 2014-03-17 23:34:10
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AudibleManager (HKLM\...\AudibleManager) (Version: 1244056.1312632.1244652.2089871616 - Audible, Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.103.4 - Alps Electric)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FastStone Image Viewer 3.9 (HKLM\...\FastStone Image Viewer) (Version: 3.9 - FastStone Soft)
File Shredder 2.0 (HKLM\...\File Shredder_is1) (Version:  - WipeSoft)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Talk Plugin (HKLM\...\{F8B67DF7-B543-3DE0-BCEF-F844F891FD48}) (Version: 5.1.7.17873 - Google)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
InternetHelper3.1 Toolbar (HKLM\...\InternetHelper3.1 Toolbar) (Version: 6.13.50.9 - InternetHelper3.1)
Java™ 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Player Classic - Home Cinema v. 1.3.1249.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
Nokia Software Updater (HKLM\...\{7130468A-F53F-4698-8C09-A339EA3B05E6}) (Version: 3.0.655 - Nokia)
Nokia_Multimedia_Common_Components_2_5 (HKLM\...\{25F61E72-AAA4-4607-95D2-1E5139C98FFB}) (Version: 2.7.69 - Nokia)
PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Skype™ 6.1 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.1.129 - Skype Technologies S.A.)
Soluto (HKLM\...\{6B6D25BD-0680-486E-AA7B-C67BA1CA64B5}) (Version: 1.3.1095.0 - Soluto)
SProtector 1.62 (HKLM\...\SProtector) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3400 - Dell)
Winamp (HKLM\...\Winamp) (Version: 5.56  - Nullsoft, Inc)
Windows Desktop Search: Add-in for Files on Microsoft Networks (HKLM\...\{05487065-50A6-44A4-BEAC-3C1B5EACB0EE}) (Version: 1.0.2.0 - Microsoft Corporation)
Windows Driver Package - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
wxDownload Fast 0.6.0 (HKLM\...\wxDownload Fast_is1) (Version:  - Max Velasques)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Xvid 1.2.1 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
 
==================== Restore Points  =========================
 
20-12-2013 22:22:56 System Checkpoint
04-01-2014 23:34:57 System Checkpoint
27-01-2014 01:56:09 System Checkpoint
28-01-2014 22:19:36 System Checkpoint
30-01-2014 01:30:58 System Checkpoint
31-01-2014 02:47:55 System Checkpoint
02-02-2014 23:02:15 System Checkpoint
13-02-2014 19:27:14 Installed AVG 2014
13-02-2014 19:30:27 Removed AVG 2014
14-03-2014 14:46:40 System Checkpoint
15-03-2014 23:23:27 System Checkpoint
16-03-2014 04:46:15 avast! antivirus system restore point
16-03-2014 19:40:52 Removed AVG 2014
16-03-2014 19:45:29 Removed AVG 2014
16-03-2014 19:57:03 Removed Nokia Music Player.
18-03-2014 07:31:33 System Checkpoint
 
==================== Hosts content: ==========================
 
2008-05-06 02:00 - 2008-05-06 02:00 - 00000734 ___AC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GBoxUpdaterTask{0B44B617-A003-4DB7-8258-F4364938B8A8}.job => C:\Documents and Settings\All Users\Application Data\GBox\GBox.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1202660629-1801674531-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1202660629-1801674531-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-18.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-484763869-1202660629-1801674531-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-18.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-1202660629-1801674531-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\WxDFastUpdaterTask{9AE96FE6-4C67-4528-94BA-3D56554BF0F4}.job => C:\Documents and Settings\All Users\Application Data\WxDFast\WxDFast.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-17 23:25 - 2014-03-17 21:19 - 02188800 _____ () C:\Program Files\AVAST Software\Avast\defs\14031800\algo.dll
2014-03-17 19:51 - 2014-03-17 09:34 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031701\algo.dll
2012-11-22 08:31 - 2012-11-22 08:31 - 00178688 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\d6607d38bf1b34a0c2ca9a9d7d4ce7af\PCGAppControlPluginLoader.ni.dll
2012-11-22 08:31 - 2012-11-22 08:31 - 02845696 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\a9a15eaecfe9da804eb9e67bc5dd5449\PCGPreCompiled.ni.dll
2012-11-21 12:43 - 2012-11-21 12:43 - 00077880 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2014-03-15 18:50 - 2014-03-15 18:51 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2008-05-06 02:00 - 2008-05-06 02:00 - 00059904 ____C () C:\WINDOWS\system32\devenum.dll
2008-05-06 02:00 - 2008-05-06 02:00 - 00014336 ____C () C:\WINDOWS\system32\msdmo.dll
2007-05-17 03:52 - 2007-05-17 03:52 - 02842624 _____ () C:\WINDOWS\system32\btwicons.dll
2007-05-17 03:31 - 2007-05-17 03:31 - 00040960 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-03-15 10:16 - 2014-03-14 14:50 - 00051016 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 10:16 - 2014-03-14 14:50 - 04061000 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 10:17 - 2014-03-14 14:50 - 00394568 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 10:16 - 2014-03-14 14:50 - 01647432 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Base System Device
Description: Base System Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Base System Device
Description: Base System Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/17/2014 11:34:23 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: The specified module could not be found.  .
 
Error: (03/17/2014 11:34:23 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.FileHandler.1 cannot be loaded. Error description: The specified module could not be found.  .
 
Error: (03/17/2014 11:28:17 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: The specified module could not be found.  .
 
Error: (03/17/2014 11:28:17 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.FileHandler.1 cannot be loaded. Error description: The specified module could not be found.  .
 
Error: (03/17/2014 11:21:33 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: The specified module could not be found.  .
 
Error: (03/17/2014 11:21:33 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.FileHandler.1 cannot be loaded. Error description: The specified module could not be found.  .
 
Error: (03/17/2014 09:13:58 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: The specified module could not be found.  .
 
Error: (03/17/2014 09:13:58 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.FileHandler.1 cannot be loaded. Error description: The specified module could not be found.  .
 
Error: (03/17/2014 09:01:03 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: The specified module could not be found.  .
 
Error: (03/17/2014 09:01:03 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.FileHandler.1 cannot be loaded. Error description: The specified module could not be found.  .
 
 
System errors:
=============
Error: (03/17/2014 11:26:42 PM) (Source: Service Control Manager) (User: )
Description: The Soluto PCGenome Core Service service failed to start due to the following error: 
%%1053
 
Error: (03/17/2014 11:26:42 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Soluto PCGenome Core Service service to connect.
 
Error: (03/17/2014 11:26:12 PM) (Source: Service Control Manager) (User: )
Description: The Soluto PCGenome Core Service service failed to start due to the following error: 
%%1053
 
Error: (03/17/2014 11:26:12 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Soluto PCGenome Core Service service to connect.
 
Error: (03/17/2014 11:25:42 PM) (Source: Service Control Manager) (User: )
Description: The Soluto PCGenome Core Service service failed to start due to the following error: 
%%1053
 
Error: (03/17/2014 11:25:42 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Soluto PCGenome Core Service service to connect.
 
Error: (03/17/2014 11:20:53 PM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service failed to start due to the following error: 
%%1053
 
Error: (03/17/2014 11:20:21 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
 
Error: (03/17/2014 11:19:49 PM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service failed to start due to the following error: 
%%1053
 
Error: (03/17/2014 11:19:49 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (09/19/2013 10:06:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 텀턨㪟褀䕰㪦習Ꞩ㪥尘٠䖊㪦А, Microsoft Office Version: 12.0.4518.1014. This session lasted 84454 seconds with 2700 seconds of active time.  This session ended with a crash.
 
Error: (09/14/2013 03:34:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 931 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/19/2011 11:05:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/06/2009 09:10:30 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 100 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (11/06/2009 09:08:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 404 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (07/27/2009 05:42:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 260 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (07/03/2009 09:49:08 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 196 seconds with 180 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 47%
Total physical RAM: 2037.97 MB
Available physical RAM: 1074.95 MB
Total Pagefile: 3930.6 MB
Available Pagefile: 2967.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.16 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:29.29 GB) (Free:15.39 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:119.75 GB) (Free:54.83 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 00000080)
Partition 1: (Active) - (Size=29 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=120 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#9 yoniarmon

yoniarmon
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 18 March 2014 - 04:38 AM

20:46:22.0182 0x09e8  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
20:46:27.0400 0x09e8  ============================================================
20:46:27.0400 0x09e8  Current date / time: 2014/03/17 20:46:27.0400
20:46:27.0400 0x09e8  SystemInfo:
20:46:27.0400 0x09e8  
20:46:27.0400 0x09e8  OS Version: 5.1.2600 ServicePack: 3.0
20:46:27.0400 0x09e8  Product type: Workstation
20:46:27.0400 0x09e8  ComputerName: EXPERIEN-19D2EE
20:46:27.0400 0x09e8  UserName: Administrator
20:46:27.0400 0x09e8  Windows directory: C:\WINDOWS
20:46:27.0400 0x09e8  System windows directory: C:\WINDOWS
20:46:27.0400 0x09e8  Processor architecture: Intel x86
20:46:27.0400 0x09e8  Number of processors: 2
20:46:27.0400 0x09e8  Page size: 0x1000
20:46:27.0400 0x09e8  Boot type: Normal boot
20:46:27.0400 0x09e8  ============================================================
20:46:32.0603 0x09e8  KLMD registered as C:\WINDOWS\system32\drivers\71003158.sys
20:46:35.0666 0x09e8  System UUID: {705E860E-699C-44CE-83E3-2CFB1B34E3E5}
20:46:41.0994 0x09e8  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:46:41.0994 0x09e8  ============================================================
20:46:41.0994 0x09e8  \Device\Harddisk0\DR0:
20:46:42.0010 0x09e8  MBR partitions:
20:46:42.0010 0x09e8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
20:46:42.0010 0x09e8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xEF82792
20:46:42.0010 0x09e8  ============================================================
20:46:42.0057 0x09e8  D: <-> \Device\Harddisk0\DR0\Partition2
20:46:42.0322 0x09e8  C: <-> \Device\Harddisk0\DR0\Partition1
20:46:42.0322 0x09e8  ============================================================
20:46:42.0322 0x09e8  Initialize success
20:46:42.0322 0x09e8  ============================================================
20:47:10.0635 0x0168  ============================================================
20:47:10.0635 0x0168  Scan started
20:47:10.0635 0x0168  Mode: Manual; 
20:47:10.0635 0x0168  ============================================================
20:47:10.0635 0x0168  KSN ping started
20:47:13.0603 0x0168  KSN ping finished: true
20:47:15.0557 0x0168  ================ Scan system memory ========================
20:47:15.0557 0x0168  System memory - ok
20:47:15.0557 0x0168  ================ Scan services =============================
20:47:15.0947 0x0168  Abiosdsk - ok
20:47:15.0947 0x0168  abp480n5 - ok
20:47:16.0057 0x0168  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:47:16.0057 0x0168  ACPI - ok
20:47:16.0338 0x0168  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:47:16.0338 0x0168  ACPIEC - ok
20:47:16.0510 0x0168  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:47:16.0525 0x0168  AdobeFlashPlayerUpdateSvc - ok
20:47:16.0525 0x0168  adpu160m - ok
20:47:16.0635 0x0168  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:47:16.0728 0x0168  aec - ok
20:47:16.0807 0x0168  [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:47:16.0807 0x0168  AFD - ok
20:47:16.0822 0x0168  Aha154x - ok
20:47:16.0822 0x0168  aic78u2 - ok
20:47:16.0838 0x0168  aic78xx - ok
20:47:16.0869 0x0168  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:47:16.0869 0x0168  Alerter - ok
20:47:16.0916 0x0168  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
20:47:16.0916 0x0168  ALG - ok
20:47:16.0916 0x0168  AliIde - ok
20:47:16.0932 0x0168  amsint - ok
20:47:17.0025 0x0168  [ A80230BD04F0B8BF05185B369BB1CBB8, 8B167D2E31E7687E3B8E166938095DD7E5D77D270CDD78332CA68199A041F72F ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:47:17.0025 0x0168  ApfiltrService - ok
20:47:17.0322 0x0168  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
20:47:17.0338 0x0168  AppMgmt - ok
20:47:17.0385 0x0168  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:47:17.0385 0x0168  Arp1394 - ok
20:47:17.0400 0x0168  asc - ok
20:47:17.0400 0x0168  asc3350p - ok
20:47:17.0416 0x0168  asc3550 - ok
20:47:17.0557 0x0168  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:47:17.0588 0x0168  aspnet_state - ok
20:47:17.0666 0x0168  [ 7021F01CCAC1538CCF9AE004723AF033, 698B199D378426D9A07B01600BA265B8E8EDBEB29BEE223FB22592E59FB5B92E ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
20:47:17.0666 0x0168  aswMonFlt - ok
20:47:17.0728 0x0168  [ 98C18C78B0C3E7EFBDDA7BD0C35F5903, 92128EA70472EBA8804C2972DAA8557F460C2E082084E29B40CE93A05447592F ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
20:47:17.0728 0x0168  aswRdr - ok
20:47:17.0791 0x0168  [ F385467DF95D0A73775CB3B076B8B969, D427A5F4FB4D1DAB04AFC29E7EC510844F907ABBA053538995E65747BAD37422 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
20:47:17.0791 0x0168  aswRvrt - ok
20:47:18.0494 0x0168  [ 8CD8710457FCC1CDE88CBFA3AA119B92, B750481B2D44E2D01DEF500276A7253731EDD2BCB117B083EE10FAA7A8FFF729 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
20:47:18.0525 0x0168  aswSnx - ok
20:47:18.0775 0x0168  [ C1F95C9481F46B96E23A276639C55AC9, 75F7BCF74E46E3A8EC9AF0DB5D7FCA280DCAF97BD932767DCBDE66E26BF0E7CE ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
20:47:18.0791 0x0168  aswSP - ok
20:47:18.0838 0x0168  [ E6390554DCB2A730702188547267093C, 1F97F23A2C1767ABD52041DFA0EF9065567CDB02B12F674CF4EE4E8FBA69773B ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
20:47:18.0853 0x0168  aswTdi - ok
20:47:18.0994 0x0168  [ 1B0662514A68C3A42E60D240C5ABEF28, 71301759C135895C72CAED297A669BA58B3F73E0B7E46DB981F6559D5D5E2B89 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
20:47:19.0025 0x0168  aswVmm - ok
20:47:19.0541 0x0168  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:47:19.0541 0x0168  AsyncMac - ok
20:47:19.0619 0x0168  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:47:19.0619 0x0168  atapi - ok
20:47:19.0635 0x0168  Atdisk - ok
20:47:19.0666 0x0168  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:47:19.0666 0x0168  Atmarpc - ok
20:47:19.0713 0x0168  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:47:19.0713 0x0168  AudioSrv - ok
20:47:19.0728 0x0168  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:47:19.0728 0x0168  audstub - ok
20:47:19.0885 0x0168  [ CC42F104172B4A62793083D380867317, 0B09823419B328E29EB9FFBD033B3295590E414F31E7B37F11F62BD4B7EBAF06 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:47:19.0885 0x0168  avast! Antivirus - ok
20:47:20.0369 0x0168  [ 30D20FC98BCFD52E1DA778CF19B223D4, 4B035071CEF9BBD32EEA16E6A14F9908DCB89687632E8CB8420FA8EE0DB075C4 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:47:20.0385 0x0168  BCM43XX - ok
20:47:20.0416 0x0168  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:47:20.0416 0x0168  Beep - ok
20:47:20.0603 0x0168  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:47:20.0869 0x0168  BITS - ok
20:47:20.0932 0x0168  [ A06CE3399D16DB864F55FAEB1F1927A9, 3430FA8552D91670D9FB0A921C735ADBE2DA7FF108C199DDEEF2FB2E50713AF3 ] Browser         C:\WINDOWS\System32\browser.dll
20:47:20.0947 0x0168  Browser - ok
20:47:21.0057 0x0168  [ ECDC40CC54603C711E1A7A1C9255184A, 7F109180AAC41D79036085A5725544BFA3895CAF791B272D9460133A0868AECB ] btaudio         C:\WINDOWS\system32\drivers\btaudio.sys
20:47:21.0088 0x0168  btaudio - ok
20:47:21.0385 0x0168  [ 58A49BD10E08D3D4333A60DEDCB1CED8, 2110462BDD51BCEB661C089376E60E5ECE5F5908CF80A09035190529C9F306A4 ] BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
20:47:21.0400 0x0168  BTDriver - ok
20:47:21.0588 0x0168  [ 885B6D0F826A216EEE4C3AD883809012, C0C1DFE0E076464721C116CAF7193F3E5A3747097B4CAAD165511C2D391B3C58 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:47:21.0619 0x0168  BTKRNL - ok
20:47:21.0791 0x0168  [ 467BC618DEBA4F8DB5A1A5E87510C335, 720F130465A71A7A643ED9F09AC90773BADBCD266EEEEB087282FD2C783F46C0 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
20:47:21.0791 0x0168  btwdins - ok
20:47:21.0869 0x0168  [ B1D350F3F13CF340FCE93912D2BA1EBF, ADB2F5F70CB094AA0E582AD67A4D77F68B27DA6115722A2B9DD472C19BFB9DD0 ] BTWDNDIS        C:\WINDOWS\system32\DRIVERS\btwdndis.sys
20:47:21.0885 0x0168  BTWDNDIS - ok
20:47:21.0932 0x0168  [ E48668B4A6A5CF68B33AECAD18EE8E1E, CC190DCED4B71FDCC113E90B4FCAC4975830C6C86C04F9CDDF2C4E9F2661AA30 ] btwhid          C:\WINDOWS\system32\DRIVERS\btwhid.sys
20:47:21.0932 0x0168  btwhid - ok
20:47:21.0978 0x0168  [ 8BCD7BFE9C70A8FF7444263435B18AA1, CD260090E88D75C5F277403075FA43BA71166E9C65B9ECD3E2D767E67D92374D ] btwmodem        C:\WINDOWS\system32\DRIVERS\btwmodem.sys
20:47:21.0978 0x0168  btwmodem - ok
20:47:22.0041 0x0168  [ 57E91E9925976BBC98984EEBAAF1D84C, 7AC67CE1026D589F66C31F9B30D65C4F94EE5F56FA1FE4992023AE31F6D142D2 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
20:47:22.0041 0x0168  BTWUSB - ok
20:47:22.0103 0x0168  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:47:22.0103 0x0168  cbidf2k - ok
20:47:22.0369 0x0168  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:47:22.0369 0x0168  CCDECODE - ok
20:47:22.0385 0x0168  cd20xrnt - ok
20:47:22.0416 0x0168  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:47:22.0416 0x0168  Cdaudio - ok
20:47:22.0478 0x0168  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:47:22.0478 0x0168  Cdfs - ok
20:47:22.0510 0x0168  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:47:22.0525 0x0168  Cdrom - ok
20:47:22.0525 0x0168  Changer - ok
20:47:22.0588 0x0168  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:47:22.0588 0x0168  ClipSrv - ok
20:47:22.0666 0x0168  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:47:22.0822 0x0168  clr_optimization_v2.0.50727_32 - ok
20:47:22.0838 0x0168  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:47:22.0838 0x0168  CmBatt - ok
20:47:22.0838 0x0168  CmdIde - ok
20:47:22.0853 0x0168  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:47:22.0869 0x0168  Compbatt - ok
20:47:22.0869 0x0168  COMSysApp - ok
20:47:22.0885 0x0168  Cpqarray - ok
20:47:23.0557 0x0168  cpuz135 - ok
20:47:23.0557 0x0168  cpuz136 - ok
20:47:23.0650 0x0168  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:47:23.0650 0x0168  CryptSvc - ok
20:47:23.0650 0x0168  dac2w2k - ok
20:47:23.0666 0x0168  dac960nt - ok
20:47:23.0932 0x0168  [ 2589FE6015A316C0F5D5112B4DA7B509, 2753785BA07A1A7A25E275332F5F9F403F6E8CBF396FD0905D6BA84B98C403A6 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:47:23.0963 0x0168  DcomLaunch - ok
20:47:24.0072 0x0168  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:47:24.0103 0x0168  Dhcp - ok
20:47:24.0353 0x0168  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:47:24.0353 0x0168  Disk - ok
20:47:24.0353 0x0168  dmadmin - ok
20:47:24.0525 0x0168  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:47:24.0541 0x0168  dmboot - ok
20:47:24.0619 0x0168  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:47:24.0619 0x0168  dmio - ok
20:47:24.0635 0x0168  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:47:24.0650 0x0168  dmload - ok
20:47:24.0682 0x0168  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:47:24.0682 0x0168  dmserver - ok
20:47:24.0728 0x0168  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:47:24.0728 0x0168  DMusic - ok
20:47:24.0775 0x0168  [ 474B4DC3983173E4B4C9740B0DAC98A6, C0B1B5B3A87529FFA93BCFCC2BC013A96CAD7F5049ED4D999E8D5D9AC91F95B7 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:47:24.0775 0x0168  Dnscache - ok
20:47:24.0853 0x0168  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:47:24.0853 0x0168  Dot3svc - ok
20:47:24.0869 0x0168  dpti2o - ok
20:47:24.0885 0x0168  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:47:24.0885 0x0168  drmkaud - ok
20:47:24.0932 0x0168  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:47:24.0932 0x0168  EapHost - ok
20:47:25.0025 0x0168  [ 0E776ED5F7CC9F94299E70461B7B8185, 22750B3829133D1D4BB3CE2FA6247BE2373B5D15A6ED1C8A71673AA1CE7D9530 ] Eventlog        C:\WINDOWS\system32\services.exe
20:47:25.0025 0x0168  Eventlog - ok
20:47:25.0213 0x0168  [ 19A799805B24990867B00C120D300C3A, 3C8CB64BE0508B5136D4F4919DA665AB86366EFFFFDD890A9B27E7CE39DCF098 ] EventSystem     C:\WINDOWS\system32\es.dll
20:47:25.0525 0x0168  EventSystem - ok
20:47:25.0619 0x0168  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:47:25.0635 0x0168  Fastfat - ok
20:47:25.0728 0x0168  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:47:25.0728 0x0168  FastUserSwitchingCompatibility - ok
20:47:25.0760 0x0168  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
20:47:25.0760 0x0168  Fdc - ok
20:47:25.0791 0x0168  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:47:25.0791 0x0168  Fips - ok
20:47:25.0822 0x0168  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
20:47:25.0822 0x0168  Flpydisk - ok
20:47:25.0916 0x0168  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:47:25.0916 0x0168  FltMgr - ok
20:47:26.0025 0x0168  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:47:26.0025 0x0168  FontCache3.0.0.0 - ok
20:47:26.0041 0x0168  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:47:26.0041 0x0168  Fs_Rec - ok
20:47:26.0135 0x0168  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:47:26.0150 0x0168  Ftdisk - ok
20:47:26.0385 0x0168  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:47:26.0385 0x0168  Gpc - ok
20:47:26.0478 0x0168  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:47:26.0478 0x0168  HDAudBus - ok
20:47:26.0541 0x0168  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
20:47:26.0541 0x0168  HidServ - ok
20:47:26.0572 0x0168  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:47:26.0572 0x0168  hidusb - ok
20:47:26.0635 0x0168  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:47:26.0650 0x0168  hkmsvc - ok
20:47:26.0650 0x0168  hpn - ok
20:47:26.0713 0x0168  [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:47:26.0713 0x0168  HPZid412 - ok
20:47:26.0728 0x0168  [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:47:26.0744 0x0168  HPZipr12 - ok
20:47:26.0760 0x0168  [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:47:26.0760 0x0168  HPZius12 - ok
20:47:26.0885 0x0168  [ 290CDBB05903742EA06B7203C5A662F5, C6788E3C18A072F23F4FD77A9F8B95672C13F2AB0F55652D82DED064C5FC98B6 ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:47:26.0900 0x0168  HSFHWAZL - ok
20:47:27.0603 0x0168  [ 7AB812355F98858B9ECDD46E6FCC221F, 1F3F727CC9D02EABA1D5EB1878CDDBC1C7AC135534661A058A2676B50974A943 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:47:27.0619 0x0168  HSF_DPV - ok
20:47:27.0775 0x0168  [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:47:27.0963 0x0168  HTTP - ok
20:47:27.0994 0x0168  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:47:27.0994 0x0168  HTTPFilter - ok
20:47:28.0010 0x0168  i2omgmt - ok
20:47:28.0025 0x0168  i2omp - ok
20:47:28.0072 0x0168  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:47:28.0072 0x0168  i8042prt - ok
20:47:28.0947 0x0168  [ BFFA387180121DF1E4646C4CED3E16CA, D94C94DB7F90FAB681E28F81C346CED009F1E6104F5BB1F3EB2F467A34D0221E ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:47:29.0869 0x0168  ialm - ok
20:47:30.0432 0x0168  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:47:30.0463 0x0168  idsvc - ok
20:47:30.0510 0x0168  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:47:30.0510 0x0168  Imapi - ok
20:47:30.0603 0x0168  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:47:30.0603 0x0168  ImapiService - ok
20:47:30.0619 0x0168  ini910u - ok
20:47:30.0697 0x0168  [ 99D47D1CF700982B37CCE16B068449F0, C10C1BF5B2DDDC2C56BB8C27DD84E1D7595B6A8D1A89F91FB133AE49EA71816E ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
20:47:30.0697 0x0168  IntcHdmiAddService - ok
20:47:30.0697 0x0168  IntelIde - ok
20:47:30.0728 0x0168  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:47:30.0728 0x0168  intelppm - ok
20:47:30.0760 0x0168  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:47:30.0760 0x0168  Ip6Fw - ok
20:47:30.0822 0x0168  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:47:30.0838 0x0168  IpFilterDriver - ok
20:47:30.0853 0x0168  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:47:30.0853 0x0168  IpInIp - ok
20:47:30.0932 0x0168  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:47:30.0932 0x0168  IpNat - ok
20:47:30.0978 0x0168  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:47:30.0994 0x0168  IPSec - ok
20:47:31.0025 0x0168  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:47:31.0025 0x0168  IRENUM - ok
20:47:31.0072 0x0168  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:47:31.0088 0x0168  isapnp - ok
20:47:31.0525 0x0168  [ 691B9B7C0CC1653732717D292D6B305D, 4385B4B686A78912018EF974134FDD71FBE9843DDEDF1E6C305B2AAB342D5902 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:47:31.0541 0x0168  JavaQuickStarterService - ok
20:47:31.0588 0x0168  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:47:31.0588 0x0168  Kbdclass - ok
20:47:31.0619 0x0168  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:47:31.0635 0x0168  kbdhid - ok
20:47:31.0744 0x0168  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:47:31.0838 0x0168  kmixer - ok
20:47:31.0900 0x0168  [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:47:31.0916 0x0168  KSecDD - ok
20:47:32.0010 0x0168  [ F385F4B02C535BFFE1D70CAB80838123, A1695E161673BCB77CE150C2D98A07FCB454C53F10EEBECD754D2CC40DEAA1E0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
20:47:32.0025 0x0168  LanmanServer - ok
20:47:32.0135 0x0168  [ 1B67B632786FEF1C1BBAEF46C2F3F2E6, 48A6DB1EC7515F0DDD0639AEE3056F32C273B4D541F3647915A32ABA140DA34A ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:47:32.0182 0x0168  lanmanworkstation - ok
20:47:32.0213 0x0168  lbrtfdc - ok
20:47:32.0385 0x0168  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:47:32.0385 0x0168  LmHosts - ok
20:47:32.0432 0x0168  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
20:47:32.0432 0x0168  MBAMProtector - ok
20:47:32.0744 0x0168  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:47:32.0760 0x0168  MBAMScheduler - ok
20:47:33.0244 0x0168  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:47:33.0322 0x0168  MBAMService - ok
20:47:33.0432 0x0168  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:47:33.0432 0x0168  mdmxsdk - ok
20:47:33.0478 0x0168  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:47:33.0494 0x0168  Messenger - ok
20:47:33.0619 0x0168  [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:47:33.0619 0x0168  Microsoft Office Groove Audit Service - ok
20:47:33.0650 0x0168  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:47:33.0666 0x0168  mnmdd - ok
20:47:33.0697 0x0168  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
20:47:33.0697 0x0168  mnmsrvc - ok
20:47:33.0760 0x0168  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:47:33.0760 0x0168  Modem - ok
20:47:33.0775 0x0168  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:47:33.0775 0x0168  Mouclass - ok
20:47:33.0807 0x0168  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:47:33.0807 0x0168  mouhid - ok
20:47:33.0853 0x0168  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:47:33.0853 0x0168  MountMgr - ok
20:47:33.0947 0x0168  [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:47:33.0963 0x0168  MozillaMaintenance - ok
20:47:33.0963 0x0168  mraid35x - ok
20:47:34.0072 0x0168  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:47:34.0072 0x0168  MRxDAV - ok
20:47:34.0541 0x0168  [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:47:34.0541 0x0168  MRxSmb - ok
20:47:34.0572 0x0168  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
20:47:34.0572 0x0168  MSDTC - ok
20:47:34.0588 0x0168  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:47:34.0588 0x0168  Msfs - ok
20:47:34.0603 0x0168  MSIServer - ok
20:47:34.0619 0x0168  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:47:34.0619 0x0168  MSKSSRV - ok
20:47:34.0619 0x0168  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:47:34.0619 0x0168  MSPCLOCK - ok
20:47:34.0650 0x0168  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:47:34.0650 0x0168  MSPQM - ok
20:47:34.0713 0x0168  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:47:34.0713 0x0168  mssmbios - ok
20:47:34.0728 0x0168  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
20:47:34.0728 0x0168  MSTEE - ok
20:47:34.0791 0x0168  [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:47:34.0791 0x0168  Mup - ok
20:47:34.0838 0x0168  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:47:34.0838 0x0168  NABTSFEC - ok
20:47:35.0025 0x0168  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:47:35.0041 0x0168  napagent - ok
20:47:35.0150 0x0168  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:47:35.0166 0x0168  NDIS - ok
20:47:35.0385 0x0168  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:47:35.0385 0x0168  NdisIP - ok
20:47:35.0416 0x0168  [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:47:35.0416 0x0168  NdisTapi - ok
20:47:35.0463 0x0168  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:47:35.0463 0x0168  Ndisuio - ok
20:47:35.0525 0x0168  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:47:35.0525 0x0168  NdisWan - ok
20:47:35.0557 0x0168  [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:47:35.0557 0x0168  NDProxy - ok
20:47:35.0619 0x0168  [ 69C503C004F49AEE8B8E3067CC047BA7, 0E7A2FB0CC7669E6400EDA4D2220BBB1A85CF3D3529739DA5AE2C073FFA08313 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
20:47:35.0619 0x0168  Net Driver HPZ12 - ok
20:47:35.0666 0x0168  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:47:35.0666 0x0168  NetBIOS - ok
20:47:35.0760 0x0168  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:47:35.0775 0x0168  NetBT - ok
20:47:35.0838 0x0168  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:47:35.0853 0x0168  NetDDE - ok
20:47:35.0900 0x0168  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:47:35.0900 0x0168  NetDDEdsdm - ok
20:47:35.0932 0x0168  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:47:35.0947 0x0168  Netlogon - ok
20:47:36.0072 0x0168  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
20:47:36.0463 0x0168  Netman - ok
20:47:36.0572 0x0168  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:47:36.0588 0x0168  NetTcpPortSharing - ok
20:47:36.0650 0x0168  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:47:36.0650 0x0168  NIC1394 - ok
20:47:36.0853 0x0168  [ B4138E99236F0F57D4CF49BAE98A0746, DDEAE046C1165C41F06933E808B143118208B02BB83FA80BEF8F550D4DC78149 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:47:37.0025 0x0168  Nla - ok
20:47:37.0072 0x0168  [ F6C40E0A565EE3CE5AEEB325E10054F2, 30C8BA41B1C235ECB2C7F29CD76C8F41B8D705BE7DD44F66666C28275EA56BAC ] nmwcd           C:\WINDOWS\system32\drivers\ccdcmb.sys
20:47:37.0072 0x0168  nmwcd - ok
20:47:37.0135 0x0168  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B, 879BE61C4256C9B855AA269C241A0D24E9ECE3CA0F3AFFB2E11D9340C0428D31 ] nmwcdc          C:\WINDOWS\system32\drivers\ccdcmbo.sys
20:47:37.0135 0x0168  nmwcdc - ok
20:47:37.0416 0x0168  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:47:37.0416 0x0168  Npfs - ok
20:47:37.0713 0x0168  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:47:37.0728 0x0168  Ntfs - ok
20:47:37.0744 0x0168  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
20:47:37.0744 0x0168  NtLmSsp - ok
20:47:37.0947 0x0168  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:47:37.0947 0x0168  NtmsSvc - ok
20:47:37.0994 0x0168  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:47:37.0994 0x0168  Null - ok
20:47:38.0010 0x0168  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:47:38.0010 0x0168  NwlnkFlt - ok
20:47:38.0025 0x0168  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:47:38.0041 0x0168  NwlnkFwd - ok
20:47:38.0572 0x0168  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:47:38.0588 0x0168  odserv - ok
20:47:38.0619 0x0168  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:47:38.0619 0x0168  ohci1394 - ok
20:47:38.0713 0x0168  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:47:38.0713 0x0168  ose - ok
20:47:38.0838 0x0168  [ 93E4D6184B772A861F91F98A064390AE, 1EC8F4EEA421DE5D83B381254F657389583883BE2E91C82D78AC1BE0A933C7E0 ] OTFSDMS         C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe
20:47:38.0900 0x0168  OTFSDMS - ok
20:47:38.0963 0x0168  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
20:47:38.0963 0x0168  Parport - ok
20:47:38.0978 0x0168  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:47:38.0978 0x0168  PartMgr - ok
20:47:39.0010 0x0168  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:47:39.0010 0x0168  ParVdm - ok
20:47:39.0057 0x0168  [ F451DCACBAA67F3307305EBD4A39EA07, C4435BF4C2D16F3DC0B35732BE3602FFA28DB0A5BC5576F45E0D32E5F4CD2DEA ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
20:47:39.0057 0x0168  pccsmcfd - ok
20:47:39.0119 0x0168  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:47:39.0119 0x0168  PCI - ok
20:47:39.0119 0x0168  PCIDump - ok
20:47:39.0135 0x0168  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:47:39.0135 0x0168  PCIIde - ok
20:47:39.0213 0x0168  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:47:39.0213 0x0168  Pcmcia - ok
20:47:39.0213 0x0168  PDCOMP - ok
20:47:39.0228 0x0168  PDFRAME - ok
20:47:39.0228 0x0168  PDRELI - ok
20:47:39.0228 0x0168  PDRFRAME - ok
20:47:39.0244 0x0168  perc2 - ok
20:47:39.0244 0x0168  perc2hib - ok
20:47:39.0338 0x0168  [ 0E776ED5F7CC9F94299E70461B7B8185, 22750B3829133D1D4BB3CE2FA6247BE2373B5D15A6ED1C8A71673AA1CE7D9530 ] PlugPlay        C:\WINDOWS\system32\services.exe
20:47:39.0338 0x0168  PlugPlay - ok
20:47:39.0385 0x0168  [ 12B4549D515CB26BB8D375038017CA65, B09ED2BED994D2B04862BBF62EF56F110235D3489D3B1762432F22A3A8F97BB8 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
20:47:39.0400 0x0168  Pml Driver HPZ12 - ok
20:47:39.0416 0x0168  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:47:39.0432 0x0168  PolicyAgent - ok
20:47:39.0463 0x0168  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:47:39.0463 0x0168  PptpMiniport - ok
20:47:39.0478 0x0168  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:47:39.0478 0x0168  ProtectedStorage - ok
20:47:39.0510 0x0168  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:47:39.0525 0x0168  PSched - ok
20:47:39.0541 0x0168  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:47:39.0541 0x0168  Ptilink - ok
20:47:39.0572 0x0168  [ 153D02480A0A2F45785522E814C634B6, 02B7590F2F4A8FA0B031CDA7A28BD55E7C04A080C1EA810BF3AC3212A62153A6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:47:39.0572 0x0168  PxHelp20 - ok
20:47:39.0572 0x0168  ql1080 - ok
20:47:39.0588 0x0168  Ql10wnt - ok
20:47:39.0603 0x0168  ql12160 - ok
20:47:39.0619 0x0168  ql1240 - ok
20:47:39.0619 0x0168  ql1280 - ok
20:47:39.0682 0x0168  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:47:39.0682 0x0168  RasAcd - ok
20:47:39.0791 0x0168  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:47:39.0791 0x0168  RasAuto - ok
20:47:39.0869 0x0168  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:47:39.0869 0x0168  Rasl2tp - ok
20:47:40.0057 0x0168  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:47:40.0166 0x0168  RasMan - ok
20:47:40.0244 0x0168  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:47:40.0244 0x0168  RasPppoe - ok
20:47:40.0322 0x0168  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:47:40.0322 0x0168  Raspti - ok
20:47:40.0478 0x0168  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:47:40.0478 0x0168  Rdbss - ok
20:47:40.0572 0x0168  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:47:40.0572 0x0168  RDPCDD - ok
20:47:40.0791 0x0168  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:47:40.0807 0x0168  rdpdr - ok
20:47:40.0885 0x0168  [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:47:40.0885 0x0168  RDPWD - ok
20:47:40.0963 0x0168  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:47:40.0963 0x0168  RDSessMgr - ok
20:47:41.0025 0x0168  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:47:41.0025 0x0168  redbook - ok
20:47:41.0103 0x0168  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:47:41.0103 0x0168  RemoteAccess - ok
20:47:41.0182 0x0168  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:47:41.0182 0x0168  RemoteRegistry - ok
20:47:41.0228 0x0168  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:47:41.0244 0x0168  RpcLocator - ok
20:47:41.0478 0x0168  [ 2589FE6015A316C0F5D5112B4DA7B509, 2753785BA07A1A7A25E275332F5F9F403F6E8CBF396FD0905D6BA84B98C403A6 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:47:41.0478 0x0168  RpcSs - ok
20:47:41.0588 0x0168  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:47:41.0588 0x0168  RSVP - ok
20:47:41.0619 0x0168  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:47:41.0619 0x0168  SamSs - ok
20:47:41.0682 0x0168  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:47:41.0682 0x0168  SCardSvr - ok
20:47:41.0822 0x0168  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:47:41.0838 0x0168  Schedule - ok
20:47:41.0885 0x0168  [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:47:41.0885 0x0168  sdbus - ok
20:47:41.0900 0x0168  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:47:41.0900 0x0168  Secdrv - ok
20:47:41.0932 0x0168  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:47:41.0932 0x0168  seclogon - ok
20:47:41.0963 0x0168  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
20:47:41.0978 0x0168  SENS - ok
20:47:42.0010 0x0168  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
20:47:42.0010 0x0168  Serial - ok
20:47:42.0353 0x0168  [ C3BB6CF8F9EE199005A2AAE2815AD756, 7A817599C2F3AD819D643223AA714CCCB790EE5983096D8D9CD2D626D6924837 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:47:42.0369 0x0168  ServiceLayer - ok
20:47:42.0400 0x0168  [ 0FA803C64DF0914B41F807EA276BF2A6, 847B1CD47ADF9E4AE298E74CC53A7F9DB4E58F43919D3A2BBFFE07244134778D ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
20:47:42.0400 0x0168  sffdisk - ok
20:47:42.0416 0x0168  [ C17C331E435ED8737525C86A7557B3AC, F1DEB2CA5D8E02280782B354A31E148E3A2F2B5F57AD6C575875DE20F6D3C930 ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
20:47:42.0416 0x0168  sffp_sd - ok
20:47:42.0447 0x0168  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:47:42.0447 0x0168  Sfloppy - ok
20:47:42.0650 0x0168  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:47:42.0807 0x0168  SharedAccess - ok
20:47:42.0885 0x0168  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:47:42.0900 0x0168  ShellHWDetection - ok
20:47:42.0900 0x0168  Simbad - ok
20:47:42.0916 0x0168  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:47:42.0916 0x0168  SLIP - ok
20:47:42.0978 0x0168  [ FF35C2D01AC36B446A1B997F305F0FC2, 43A0E30835DB49E89F87AD871F7792FCC342F5DA4EE82B2E15592A00D7DC5A81 ] Soluto          C:\WINDOWS\system32\DRIVERS\Soluto.sys
20:47:42.0978 0x0168  Soluto - ok
20:47:43.0135 0x0168  [ 5F931716CC5DA2406D56F3BC1308E6AE, 8500545EC9844176E5EFD69B20E74D26410896283DE15AA95D663320173203FA ] SolutoLauncherService C:\Program Files\Soluto\SolutoLauncherService.exe
20:47:43.0135 0x0168  SolutoLauncherService - ok
20:47:43.0541 0x0168  [ 94DD8FDB569EFC1CCC2C68B32C1CDF01, DA119ED52D6ED2A48C046E09A037BF52243D3B638492EE9AFD15E6C583A15808 ] SolutoService   C:\Program Files\Soluto\SolutoService.exe
20:47:43.0838 0x0168  SolutoService - ok
20:47:43.0853 0x0168  Sparrow - ok
20:47:43.0869 0x0168  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:47:43.0869 0x0168  splitter - ok
20:47:43.0932 0x0168  [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B, 130D686A220AF97EBF33DD481B79990F259B4EE38DD95A35CD3D0F0517790FF0 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:47:43.0932 0x0168  Spooler - ok
20:47:43.0978 0x0168  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:47:43.0978 0x0168  sr - ok
20:47:44.0088 0x0168  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:47:44.0150 0x0168  srservice - ok
20:47:44.0322 0x0168  [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:47:44.0322 0x0168  Srv - ok
20:47:44.0385 0x0168  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:47:44.0385 0x0168  SSDPSRV - ok
20:47:44.0494 0x0168  [ 6F855B5625A47F3AC731A262FDC379A6, 230B7ACC80C18AF0F4184E3F55458CD0BEE620768CB1247E33226798BD2F5257 ] STacSV          C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
20:47:44.0510 0x0168  STacSV - ok
20:47:44.0963 0x0168  [ 951801DFB54D86F611F0AF47825476F9, 96A4453AB42953E6FE57377D125AFEB98B18901E1D8450CA96CE3304FBF79A90 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
20:47:44.0994 0x0168  STHDA - ok
20:47:45.0213 0x0168  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:47:45.0369 0x0168  stisvc - ok
20:47:45.0385 0x0168  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:47:45.0385 0x0168  streamip - ok
20:47:45.0416 0x0168  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:47:45.0416 0x0168  swenum - ok
20:47:45.0463 0x0168  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:47:45.0463 0x0168  swmidi - ok
20:47:45.0463 0x0168  SwPrv - ok
20:47:45.0478 0x0168  symc810 - ok
20:47:45.0478 0x0168  symc8xx - ok
20:47:45.0494 0x0168  sym_hi - ok
20:47:45.0494 0x0168  sym_u3 - ok
20:47:45.0541 0x0168  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:47:45.0541 0x0168  sysaudio - ok
20:47:45.0588 0x0168  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:47:45.0603 0x0168  SysmonLog - ok
20:47:45.0760 0x0168  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:47:45.0869 0x0168  TapiSrv - ok
20:47:46.0041 0x0168  [ ACCF5A9A1FFAA490F33DBA1C632B95E1, 286A5114870E9C05E8F588F4F0BE33B66FCE6F7352F5B28EBB2225E5E870F58F ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:47:46.0057 0x0168  Tcpip - ok
20:47:46.0088 0x0168  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:47:46.0088 0x0168  TDPIPE - ok
20:47:46.0119 0x0168  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:47:46.0119 0x0168  TDTCP - ok
20:47:46.0150 0x0168  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:47:46.0150 0x0168  TermDD - ok
20:47:46.0338 0x0168  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
20:47:46.0478 0x0168  TermService - ok
20:47:46.0572 0x0168  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:47:46.0572 0x0168  Themes - ok
20:47:46.0635 0x0168  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
20:47:46.0650 0x0168  TlntSvr - ok
20:47:46.0650 0x0168  TosIde - ok
20:47:46.0728 0x0168  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:47:46.0744 0x0168  TrkWks - ok
20:47:46.0791 0x0168  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:47:46.0791 0x0168  Udfs - ok
20:47:46.0807 0x0168  ultra - ok
20:47:47.0072 0x0168  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:47:47.0088 0x0168  Update - ok
20:47:47.0197 0x0168  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:47:47.0197 0x0168  upnphost - ok
20:47:47.0228 0x0168  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
20:47:47.0228 0x0168  UPS - ok
20:47:47.0260 0x0168  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:47:47.0260 0x0168  usbccgp - ok
20:47:47.0307 0x0168  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:47:47.0307 0x0168  usbehci - ok
20:47:47.0338 0x0168  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:47:47.0338 0x0168  usbhub - ok
20:47:47.0385 0x0168  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:47:47.0385 0x0168  usbprint - ok
20:47:47.0432 0x0168  [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:47:47.0432 0x0168  usbscan - ok
20:47:47.0478 0x0168  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:47:47.0478 0x0168  USBSTOR - ok
20:47:47.0494 0x0168  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:47:47.0494 0x0168  usbuhci - ok
20:47:47.0572 0x0168  [ 63BBFCA7F390F4C49ED4B96BFB1633E0, AEB89CF43376709CDD715D844E8CBB8F2BE24D39795F45F7C84F21962F3A52AB ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
20:47:47.0572 0x0168  usbvideo - ok
20:47:47.0603 0x0168  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:47:47.0603 0x0168  VgaSave - ok
20:47:47.0603 0x0168  ViaIde - ok
20:47:47.0650 0x0168  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:47:47.0650 0x0168  VolSnap - ok
20:47:47.0760 0x0168  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
20:47:47.0775 0x0168  VSS - ok
20:47:47.0885 0x0168  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
20:47:47.0947 0x0168  W32Time - ok
20:47:47.0978 0x0168  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:47:47.0978 0x0168  Wanarp - ok
20:47:48.0213 0x0168  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:47:48.0228 0x0168  Wdf01000 - ok
20:47:48.0228 0x0168  WDICA - ok
20:47:48.0291 0x0168  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:47:48.0307 0x0168  wdmaud - ok
20:47:48.0369 0x0168  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:47:48.0369 0x0168  WebClient - ok
20:47:48.0666 0x0168  [ A8596CF86D445269A42ECC08B7066A4C, 027AFC49E4008BB5A2B595E3BF6C04042F4596795D6F0C23B32AA6E58D2BE2B2 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:47:48.0682 0x0168  winachsf - ok
20:47:48.0822 0x0168  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:47:48.0869 0x0168  winmgmt - ok
20:47:48.0916 0x0168  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:47:48.0932 0x0168  WmdmPmSN - ok
20:47:49.0307 0x0168  [ BAB489A5FE26F2D0C910CF7AF7E4CF92, 700325258CA7A2BC2D7AA6E3176194D21229BEA76EA37BEAE117BBF87CE4ECD4 ] Wmi             C:\WINDOWS\System32\advapi32.dll
20:47:49.0666 0x0168  Wmi - ok
20:47:49.0697 0x0168  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:47:49.0697 0x0168  WmiAcpi - ok
20:47:49.0760 0x0168  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:47:49.0760 0x0168  WmiApSrv - ok
20:47:49.0807 0x0168  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
20:47:49.0807 0x0168  WpdUsb - ok
20:47:49.0822 0x0168  WSearch - ok
20:47:49.0838 0x0168  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:47:49.0838 0x0168  WSTCODEC - ok
20:47:49.0869 0x0168  [ D29AD7484B98279ED21877DE051A180F, F132BEED68960D4D3A1A731CDD48C17390FCFF89746E642272D778ECF23B30EA ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:47:49.0885 0x0168  wuauserv - ok
20:47:49.0947 0x0168  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:47:49.0947 0x0168  WudfPf - ok
20:47:49.0994 0x0168  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:47:49.0994 0x0168  WudfRd - ok
20:47:50.0025 0x0168  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:47:50.0025 0x0168  WudfSvc - ok
20:47:50.0338 0x0168  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:47:50.0588 0x0168  WZCSVC - ok
20:47:50.0650 0x0168  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:47:50.0650 0x0168  xmlprov - ok
20:47:50.0807 0x0168  [ D57A909F1A9114D5D18A2EACB1AFECD5, 6F49F233DC84A08A443CA0B964E51E24F3DE241C70D657D359F72EE174057795 ] yukonwxp        C:\WINDOWS\system32\DRIVERS\yk51x86.sys
20:47:50.0807 0x0168  yukonwxp - ok
20:47:50.0838 0x0168  ================ Scan global ===============================
20:47:50.0900 0x0168  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
20:47:51.0119 0x0168  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C, 1ED920E475221228EF215708701EC166A0B1BBCBD236E5B047420EBD0FF1371A ] C:\WINDOWS\system32\winsrv.dll
20:47:51.0447 0x0168  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C, 1ED920E475221228EF215708701EC166A0B1BBCBD236E5B047420EBD0FF1371A ] C:\WINDOWS\system32\winsrv.dll
20:47:51.0541 0x0168  [ 0E776ED5F7CC9F94299E70461B7B8185, 22750B3829133D1D4BB3CE2FA6247BE2373B5D15A6ED1C8A71673AA1CE7D9530 ] C:\WINDOWS\system32\services.exe
20:47:51.0541 0x0168  [ Global ] - ok
20:47:51.0541 0x0168  ================ Scan MBR ==================================
20:47:51.0572 0x0168  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:47:51.0978 0x0168  \Device\Harddisk0\DR0 - ok
20:47:51.0978 0x0168  ================ Scan VBR ==================================
20:47:51.0994 0x0168  [ 1A3E3AB675BF91457A3580FE353A98AC ] \Device\Harddisk0\DR0\Partition1
20:47:52.0025 0x0168  \Device\Harddisk0\DR0\Partition1 - ok
20:47:52.0041 0x0168  [ D68839CB228D308B48D5965B7868EE84 ] \Device\Harddisk0\DR0\Partition2
20:47:52.0072 0x0168  \Device\Harddisk0\DR0\Partition2 - ok
20:47:52.0072 0x0168  Waiting for KSN requests completion. In queue: 238
20:47:53.0072 0x0168  Waiting for KSN requests completion. In queue: 238
20:47:54.0088 0x0168  Waiting for KSN requests completion. In queue: 238
20:47:55.0088 0x0168  Waiting for KSN requests completion. In queue: 238
20:47:56.0322 0x0168  Win FW state via NFM: enabled
20:47:59.0072 0x0168  ============================================================
20:47:59.0072 0x0168  Scan finished
20:47:59.0072 0x0168  ============================================================
20:47:59.0150 0x03fc  Detected object count: 0
20:47:59.0150 0x03fc  Actual detected object count: 0
20:49:27.0728 0x16c4  Deinitialize success


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 18 March 2014 - 07:05 AM

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    SProtector
    
    HKLM\...\Run: [Onylonymfysumo] - "C:\Documents and Settings\Administrator\Application Data\Immozaa\usices.exe"
    HKLM\...\Run: [Ymafovegruogure] - "C:\Documents and Settings\Administrator\Application Data\Ohezoc\itdah.exe"
    HKLM\...\Run: [Ozleoxoxaq] - "C:\Documents and Settings\Administrator\Application Data\Xoekme\ubomb.exe"
    KU\S-1-5-21-484763869-1202660629-1801674531-500\...\Run: [Wouvqozeufy] - "C:\Documents and Settings\Administrator\Application Data\Nobeoneq\bovau.exe"
    HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Run: [Ymafovegruogure] - "C:\Documents and Settings\Administrator\Application Data\Ohezoc\itdah.exe"
    HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Run: [Ozleoxoxaq] - "C:\Documents and Settings\Administrator\Application Data\Xoekme\ubomb.exe"
    URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
    URLSearchHook: HKCU - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN14327630561203089&UM=2&SSPV=TB_TS7
    SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={9BA992CB-EF86-433B-80D8-23A037F15F00}&mid=11e7302ffc1ca9522f3c05c5c64ffdce-c4dd17ed79106b14b779fcd4583f3e37fbf6c161&lang=en&ds=AVG&pr=fr&d=2012-09-26 08:59:12&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
    SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN14327630561203089&UM=2&SSPV=TB_TS7
    BHO: InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
    BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File
    BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
    Toolbar: HKLM - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
    FF DefaultSearchEngine: Search
    FF SelectedSearchEngine: Search
    FF Homepage: hxxp://www.mysearchresults.com/?c=9003&t=08
    FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN31271347572204921&UM=2&q=
    FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\conduit.xml
    FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\search-here.xml
    FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\search.xml
    FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\Search_Results.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
    FF Extension: wxDfast - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\503610f485be1@503610f485c24.info [2012-09-15]
    FF Extension: InternetHelper3.1  - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3} [2013-12-17]
    FF Extension: mediaplayerconnectivity - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-09-15]
    FF Extension: Search-Results Toolbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2013-02-10]
    FF Extension: Default Tab - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\addon@defaulttab.com.xpi [2013-07-29]
    CHR HKLM\...\Chrome\Extension: [afcloefbcmhdigbnbmlilbgaklhjceoc] - C:\Documents and Settings\All Users\Application Data\wxDfast\afcloefbcmhdigbnbmlilbgaklhjceoc.crx [2011-12-18]
    CHR HKLM\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx [2011-12-18]
    CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx [2014-03-15]
    CHR HKLM\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-07-22]
    CHR HKCU\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx [2013-07-22]
    CHR HKCU\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-07-22]
    
    C:\Documents and Settings\Administrator\Local Settings\Application Data\gcuscjrp
    C:\Documents and Settings\Administrator\Local Settings\Application Data\eqxuvbld
    C:\Documents and Settings\Administrator\Local Settings\Application Data\krfeeogg
    C:\Documents and Settings\Administrator\Application Data\Immozaa
    C:\Documents and Settings\Administrator\Application Data\Ohezoc
    C:\Documents and Settings\Administrator\Application Data\Xoekme
    C:\Program Files\InternetHelper3.1
    C:\Program Files\AVG
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 yoniarmon

yoniarmon
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 18 March 2014 - 02:12 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Administrator at 2014-03-18 09:11:17 Run:3
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
SProtector
 
HKLM\...\Run: [Onylonymfysumo] - "C:\Documents and Settings\Administrator\Application Data\Immozaa\usices.exe"
HKLM\...\Run: [Ymafovegruogure] - "C:\Documents and Settings\Administrator\Application Data\Ohezoc\itdah.exe"
HKLM\...\Run: [Ozleoxoxaq] - "C:\Documents and Settings\Administrator\Application Data\Xoekme\ubomb.exe"
KU\S-1-5-21-484763869-1202660629-1801674531-500\...\Run: [Wouvqozeufy] - "C:\Documents and Settings\Administrator\Application Data\Nobeoneq\bovau.exe"
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Run: [Ymafovegruogure] - "C:\Documents and Settings\Administrator\Application Data\Ohezoc\itdah.exe"
HKU\S-1-5-21-484763869-1202660629-1801674531-500\...\Run: [Ozleoxoxaq] - "C:\Documents and Settings\Administrator\Application Data\Xoekme\ubomb.exe"
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={9BA992CB-EF86-433B-80D8-23A037F15F00}&mid=11e7302ffc1ca9522f3c05c5c64ffdce-c4dd17ed79106b14b779fcd4583f3e37fbf6c161&lang=en&ds=AVG&pr=fr&d=2012-09-26 08:59:12&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKLM - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: hxxp://www.mysearchresults.com/?c=9003&t=08
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN31271347572204921&UM=2&q=
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\search-here.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\search.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: wxDfast - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\503610f485be1@503610f485c24.info [2012-09-15]
FF Extension: InternetHelper3.1  - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3} [2013-12-17]
FF Extension: mediaplayerconnectivity - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2012-09-15]
FF Extension: Search-Results Toolbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2013-02-10]
FF Extension: Default Tab - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\addon@defaulttab.com.xpi [2013-07-29]
CHR HKLM\...\Chrome\Extension: [afcloefbcmhdigbnbmlilbgaklhjceoc] - C:\Documents and Settings\All Users\Application Data\wxDfast\afcloefbcmhdigbnbmlilbgaklhjceoc.crx [2011-12-18]
CHR HKLM\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx [2011-12-18]
CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx [2014-03-15]
CHR HKLM\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-07-22]
CHR HKCU\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx [2013-07-22]
CHR HKCU\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-07-22]
 
C:\Documents and Settings\Administrator\Local Settings\Application Data\gcuscjrp
C:\Documents and Settings\Administrator\Local Settings\Application Data\eqxuvbld
C:\Documents and Settings\Administrator\Local Settings\Application Data\krfeeogg
C:\Documents and Settings\Administrator\Application Data\Immozaa
C:\Documents and Settings\Administrator\Application Data\Ohezoc
C:\Documents and Settings\Administrator\Application Data\Xoekme
C:\Program Files\InternetHelper3.1
C:\Program Files\AVG
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Onylonymfysumo => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ymafovegruogure => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ozleoxoxaq => Value deleted successfully.
HKU\S-1-5-21-484763869-1202660629-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Run\\Ymafovegruogure => Value deleted successfully.
HKU\S-1-5-21-484763869-1202660629-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Run\\Ozleoxoxaq => Value deleted successfully.
Default URLSearchHook was restored successfully .
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => Value deleted successfully.
HKCR\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => Key deleted successfully.
HKCR\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => Value deleted successfully.
HKCR\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\conduit.xml => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\search-here.xml => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\search.xml => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\searchplugins\Search_Results.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\503610f485be1@503610f485c24.info => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} => Moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\addon@defaulttab.com.xpi => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\afcloefbcmhdigbnbmlilbgaklhjceoc => Key deleted successfully.
"C:\Documents and Settings\All Users\Application Data\wxDfast\afcloefbcmhdigbnbmlilbgaklhjceoc.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\cfffenfdjeibfomfbppoljahojkbbobb => Key deleted successfully.
"C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc => Key deleted successfully.
"C:\Program Files\DefaultTab\DefaultTab.crx" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim => Key deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\nemfjadlboooiffmcelkafilagddogim.crx => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\cfffenfdjeibfomfbppoljahojkbbobb => Key deleted successfully.
"C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx" => File/Directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim => Key deleted successfully.
"C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\nemfjadlboooiffmcelkafilagddogim.crx" => File/Directory not found.
C:\Documents and Settings\Administrator\Local Settings\Application Data\gcuscjrp => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\eqxuvbld => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\krfeeogg => Moved successfully.
"C:\Documents and Settings\Administrator\Application Data\Immozaa" => File/Directory not found.
"C:\Documents and Settings\Administrator\Application Data\Ohezoc" => File/Directory not found.
C:\Documents and Settings\Administrator\Application Data\Xoekme => Moved successfully.
C:\Program Files\InternetHelper3.1 => Moved successfully.
C:\Program Files\AVG => Moved successfully.
 
==== End of Fixlog ====


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 18 March 2014 - 03:37 PM

OK, then run MBAM as explained, please.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 yoniarmon

yoniarmon
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 18 March 2014 - 05:23 PM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.18.07
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.2096
Administrator :: EXPERIEN-19D2EE [administrator]
 
Protection: Enabled
 
3/18/2014 9:16:40 AM
mbam-log-2014-03-18 (09-16-40).txt
 
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278732
Time elapsed: 3 hour(s), 6 minute(s), 26 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 19 March 2014 - 03:21 AM

Looks good!

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 yoniarmon

yoniarmon
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 19 March 2014 - 06:29 PM

C:\Documents and Settings\Administrator\Local Settings\Application Data\InternetHelper3.1\hk64tbInte.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\Documents and Settings\Administrator\Local Settings\Application Data\InternetHelper3.1\hktbInte.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Documents and Settings\Administrator\Local Settings\Application Data\InternetHelper3.1\ldrtbInte.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Documents and Settings\Administrator\Local Settings\Application Data\InternetHelper3.1\tbInte.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Documents and Settings\Administrator\Local Settings\Temp\air655.exe Win32/Toolbar.Conduit.S potentially unwanted application
C:\Documents and Settings\All Users\Application Data\GBox\runtime.dll Win32/GenUpdater potentially unwanted application
C:\Documents and Settings\All Users\Application Data\GBox\runtime_AVG_RESTORED.dll Win32/GenUpdater potentially unwanted application
C:\Documents and Settings\All Users\Application Data\GBox\runtime_AVG_RESTORED_1.dll Win32/GenUpdater potentially unwanted application
C:\Documents and Settings\All Users\Application Data\GBox\runtime_AVG_RESTORED_2.dll Win32/GenUpdater potentially unwanted application
C:\Documents and Settings\All Users\Application Data\GBox\runtime_AVG_RESTORED_3.dll Win32/GenUpdater potentially unwanted application
C:\Documents and Settings\All Users\Application Data\GBox\runtime_AVG_RESTORED_4.dll Win32/GenUpdater potentially unwanted application
C:\Documents and Settings\All Users\Application Data\GBox\runtime_AVG_RESTORED_5.dll Win32/GenUpdater potentially unwanted application
C:\FRST\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\96fl69b1.default\Extensions\503610f485be1@503610f485c24.info\content\bg.js Win32/Adware.MultiPlug.H application
C:\FRST\Quarantine\C\Program Files\InternetHelper3.1\hk64tbInte.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files\InternetHelper3.1\hktbInte.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\FRST\Quarantine\C\Program Files\InternetHelper3.1\ldrtbInte.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\FRST\Quarantine\C\Program Files\InternetHelper3.1\prxtbInte.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\FRST\Quarantine\C\Program Files\InternetHelper3.1\tbInte.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\WINDOWS\system32\cmdow.exe Win32/CMDOW.143 potentially unsafe application





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users