Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinXP Unknown Malware Slowed Machine and Reset Proxy settings-Help!!


  • This topic is locked This topic is locked
46 replies to this topic

#1 stonemanjr

stonemanjr

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 17 March 2014 - 05:03 PM

WinXP just slowed down dramatically, proxy servings were reset in Firefox to prohibit internet access. Something called "grusskarten"showed on a scan, and system restore did not take care of. This machine had zero issues before this and was lightning fast

BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:59 PM

Posted 17 March 2014 - 11:44 PM

Hello again stonemanjr,

 

Just FYI, "grusskarten" translates to "Greeting Cards" which is most likely an adware, or otherwise "Potentially Unwanted Program"...but we'll see :wink:

 

Before making any other changes to the machine, please post me a FRST log and the Addition.txt as we've done before and we'll go from there.

 

Here is the FRST download page. I assume you don't need the full set of instructions for running a scan, correct? :)

 

bloopie



#3 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 18 March 2014 - 12:22 AM

:smash:  I promise this will be the last!!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by owner (administrator) on A-AC6ECF08BE344 on 18-03-2014 01:05:15
Running from C:\Documents and Settings\owner\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Documents and Settings\owner\Desktop\FRST(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2008-12-11] (Analog Devices, Inc.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk.disabled
ShortcutTarget: Secunia PSI Tray.lnk.disabled -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x32D972AAFF61CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1368732929304
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zpxdu57c.default
FF NewTab: user_pref("browser.newtab.url", "");
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zpxdu57c.default\Extensions\firefox1@myibay.com.xpi [2013-05-18]
FF Extension: Public Fox - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zpxdu57c.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi [2013-05-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2008-07-23] (Infineon Technologies AG)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsld43c96e5; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D33F5000-BE11-485D-B110-A883A35A5F91}\MpKsld43c96e5.sys [39464 2014-03-18] (Microsoft Corporation)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-05-16] (Avira GmbH)
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================



#4 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 18 March 2014 - 12:26 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by owner (administrator) on A-AC6ECF08BE344 on 18-03-2014 01:23:32
Running from C:\Documents and Settings\owner\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Documents and Settings\owner\Desktop\FRST(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2008-12-11] (Analog Devices, Inc.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1085031214-2139871995-1417001333-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk.disabled
ShortcutTarget: Secunia PSI Tray.lnk.disabled -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x32D972AAFF61CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1368732929304
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zpxdu57c.default
FF NewTab: user_pref("browser.newtab.url", "");
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zpxdu57c.default\Extensions\firefox1@myibay.com.xpi [2013-05-18]
FF Extension: Public Fox - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zpxdu57c.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-6665170634FE}.xpi [2013-05-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2008-07-23] (Infineon Technologies AG)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsld43c96e5; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D33F5000-BE11-485D-B110-A883A35A5F91}\MpKsld43c96e5.sys [39464 2014-03-18] (Microsoft Corporation)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-05-16] (Avira GmbH)
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-18 01:22 - 2014-03-18 01:23 - 00022883 _____ () C:\Documents and Settings\owner\Desktop\Addition.txt
2014-03-18 01:11 - 2014-03-18 01:11 - 03901952 _____ () C:\Documents and Settings\owner\Desktop\RogueKiller.exe
2014-03-18 01:05 - 2014-03-18 01:23 - 00009720 _____ () C:\Documents and Settings\owner\Desktop\FRST.txt
2014-03-18 01:04 - 2014-03-18 01:23 - 00000000 ____D () C:\FRST
2014-03-18 01:01 - 2014-03-18 01:01 - 01145856 _____ (Farbar) C:\Documents and Settings\owner\Desktop\FRST(1).exe
2014-03-18 01:00 - 2014-03-18 01:00 - 01145856 _____ (Farbar) C:\Documents and Settings\owner\Desktop\FRST.exe
2014-03-17 19:25 - 2013-08-28 14:17 - 01898112 _____ (Bleeping Computer, LLC) C:\Documents and Settings\owner\Desktop\rkill.exe
2014-03-17 19:18 - 2014-03-17 19:18 - 00204896 _____ (Kaspersky Lab, Yury Parshin) C:\WINDOWS\system32\Drivers\29930846.sys
2014-03-17 19:16 - 2014-03-17 19:16 - 04130656 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\owner\Desktop\tdsskiller.exe
2014-03-17 18:03 - 2014-02-23 12:20 - 00001627 _____ () C:\Documents and Settings\owner\Desktop\System Restore.lnk
2014-03-17 16:31 - 2014-03-17 16:31 - 05190594 _____ (Swearware) C:\Documents and Settings\owner\Desktop\ComboFix.exe
2014-03-17 16:29 - 2014-03-17 16:30 - 00380416 _____ () C:\Documents and Settings\owner\My Documents\dnwtb085.exe
2014-03-17 16:16 - 2014-03-17 16:16 - 01216302 _____ () C:\VIRUS scan HitMan.bmp
2014-03-17 14:39 - 2014-03-17 14:39 - 00003836 _____ () C:\Documents and Settings\owner\My Documents\Rkill2.txt
2014-03-17 14:19 - 2014-03-17 18:23 - 00000000 ____D () C:\AdwCleaner
2014-03-17 14:18 - 2014-03-17 14:18 - 01950720 _____ () C:\Documents and Settings\owner\Desktop\AdwCleaner.exe
2014-03-17 14:10 - 2014-03-17 14:10 - 00004470 _____ () C:\Documents and Settings\owner\My Documents\Rkill.txt
2014-03-17 14:07 - 2014-03-17 14:07 - 00000000 ____D () C:\Documents and Settings\owner\My Documents\rkill
2014-03-17 14:06 - 2014-03-17 19:36 - 00003678 _____ () C:\Documents and Settings\owner\Desktop\Rkill.txt
2014-03-17 14:04 - 2014-03-17 14:04 - 00000000 __SHD () C:\WINDOWS\CSC
2014-03-17 13:09 - 2014-03-17 13:10 - 00001152 _____ () C:\AdwCleaner[S1].txt
2014-03-17 13:08 - 2014-03-17 13:09 - 00001087 _____ () C:\AdwCleaner[R1].txt
2014-03-14 00:11 - 2014-03-14 00:11 - 00000000 ____D () C:\Payroll 2014
2014-03-13 23:31 - 2014-03-14 13:25 - 00049664 _____ () C:\Documents and Settings\owner\Desktop\time.xls
2014-03-13 15:57 - 2014-03-03 13:03 - 00449915 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140313-155720.backup
2014-03-13 15:55 - 2014-03-03 13:03 - 00449915 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140313-155525.backup
2014-03-12 13:10 - 2014-03-12 13:10 - 00024339 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 13:10 - 2014-03-12 13:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 13:10 - 2014-03-12 13:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 09:36 - 2014-03-12 13:10 - 00031139 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 09:36 - 2014-03-12 13:10 - 00029724 _____ () C:\WINDOWS\KB2929961.log
2014-03-11 15:19 - 2014-03-11 15:19 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-03-10 00:58 - 2014-03-03 13:03 - 00449915 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140310-005837.backup
2014-03-10 00:57 - 2014-03-03 13:03 - 00449915 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140310-005709.backup
2014-03-09 23:04 - 2014-03-17 14:39 - 00032768 ___SH () C:\Thumbs.db
2014-03-06 17:57 - 2014-03-06 18:16 - 00014848 _____ () C:\Documents and Settings\owner\Desktop\Notes Corrections.xls
2014-03-03 19:08 - 2014-03-03 19:08 - 00098394 _____ () C:\WINDOWS\2181269352_n.jpeg
2014-03-03 13:04 - 2014-03-03 13:03 - 00449915 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140303-120418.backup
2014-03-03 13:03 - 2014-02-26 14:00 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140303-120315.backup
2014-03-03 13:01 - 2014-02-26 14:00 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140303-120158.backup
2014-03-03 12:59 - 2014-03-03 12:59 - 00000944 _____ () C:\Documents and Settings\owner\Desktop\Spybot - Search & Destroy.lnk
2014-03-03 12:59 - 2014-03-03 12:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
2014-03-01 14:22 - 2014-03-01 19:01 - 00000000 ____D () C:\WINDOWS\New Folder
2014-03-01 11:58 - 2014-02-26 14:00 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140301-105837.backup
2014-02-28 12:45 - 2014-02-28 12:45 - 00000727 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
2014-02-28 12:45 - 2014-02-28 12:45 - 00000000 ____D () C:\Program Files\Secunia
2014-02-28 12:45 - 2014-02-28 12:45 - 00000000 ____D () C:\Documents and Settings\owner\Local Settings\Application Data\Secunia PSI
2014-02-28 12:45 - 2014-02-28 12:45 - 00000000 ____D () C:\Documents and Settings\owner\Application Data\LavasoftStatistics
2014-02-28 12:38 - 2014-02-28 12:38 - 00000440 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-02-28 12:36 - 2014-02-28 12:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-02-28 12:24 - 2014-02-28 12:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-02-28 12:23 - 2014-02-28 12:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-02-27 22:55 - 2014-02-27 22:55 - 00000000 ____D () C:\Program Files\ESET
2014-02-26 13:50 - 2014-02-26 13:50 - 00000000 _RSHD () C:\cmdcons
2014-02-26 13:50 - 2014-02-23 12:05 - 00000245 _____ () C:\Boot.bak
2014-02-26 13:50 - 2004-08-04 00:00 - 00260272 __RSH () C:\cmldr
2014-02-26 13:48 - 2014-02-28 01:29 - 00000000 ____D () C:\Qoobox
2014-02-26 13:48 - 2014-02-26 14:01 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-25 01:32 - 2014-02-25 01:32 - 00000000 __SHD () C:\Documents and Settings\owner\IECompatCache
2014-02-22 21:47 - 2014-02-22 21:47 - 00000751 _____ () C:\Documents and Settings\owner\Desktop\Eusing Free Registry Cleaner.lnk
2014-02-22 21:47 - 2014-02-22 21:47 - 00000000 ____D () C:\Documents and Settings\owner\Application Data\Eusing
2014-02-22 21:24 - 2013-10-11 09:33 - 00450604 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140222-202422.backup
2014-02-22 17:27 - 2014-02-22 17:27 - 00000000 ____D () C:\Program Files\Trend Micro
2014-02-22 17:27 - 2014-02-22 17:27 - 00000000 ____D () C:\Documents and Settings\owner\Start Menu\Programs\HiJackThis
2014-02-21 15:49 - 2014-02-26 13:48 - 05185084 ____R (Swearware) C:\Documents and Settings\owner\My Documents\ComboFix.exe
2014-02-20 11:57 - 2014-03-17 19:32 - 00000000 ____D () C:\Documents and Settings\owner\Desktop\Granger

==================== One Month Modified Files and Folders =======

2014-03-18 01:23 - 2014-03-18 01:22 - 00022883 _____ () C:\Documents and Settings\owner\Desktop\Addition.txt
2014-03-18 01:23 - 2014-03-18 01:05 - 00009720 _____ () C:\Documents and Settings\owner\Desktop\FRST.txt
2014-03-18 01:23 - 2014-03-18 01:04 - 00000000 ____D () C:\FRST
2014-03-18 01:19 - 2013-05-16 17:25 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-18 01:11 - 2014-03-18 01:11 - 03901952 _____ () C:\Documents and Settings\owner\Desktop\RogueKiller.exe
2014-03-18 01:01 - 2014-03-18 01:01 - 01145856 _____ (Farbar) C:\Documents and Settings\owner\Desktop\FRST(1).exe
2014-03-18 01:00 - 2014-03-18 01:00 - 01145856 _____ (Farbar) C:\Documents and Settings\owner\Desktop\FRST.exe
2014-03-18 00:50 - 2013-11-20 10:26 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-03-18 00:50 - 2001-08-23 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-18 00:46 - 2013-03-01 14:50 - 01594030 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-18 00:44 - 2013-10-11 08:02 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-03-18 00:41 - 2013-03-01 09:42 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-18 00:41 - 2013-03-01 09:42 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-18 00:39 - 2013-03-01 14:54 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-18 00:22 - 2013-08-15 03:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 00:16 - 2013-10-11 08:02 - 00262144 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-03-18 00:16 - 2013-03-01 14:55 - 00000000 ____D () C:\Documents and Settings\owner
2014-03-18 00:16 - 2013-03-01 14:54 - 00032520 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-17 23:29 - 2013-03-01 14:55 - 00000278 ___SH () C:\Documents and Settings\owner\ntuser.ini
2014-03-17 20:19 - 2013-03-01 14:55 - 00001610 _____ () C:\Documents and Settings\owner\Start Menu\Programs\Remote Assistance.lnk
2014-03-17 20:03 - 2013-05-16 16:28 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-17 19:48 - 2013-11-12 14:08 - 00000000 ____D () C:\Documents and Settings\owner\Desktop\EVALS
2014-03-17 19:36 - 2014-03-17 14:06 - 00003678 _____ () C:\Documents and Settings\owner\Desktop\Rkill.txt
2014-03-17 19:34 - 2013-03-01 14:51 - 00001618 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-03-17 19:32 - 2014-02-20 11:57 - 00000000 ____D () C:\Documents and Settings\owner\Desktop\Granger
2014-03-17 19:32 - 2013-08-23 10:59 - 00000000 ____D () C:\Documents and Settings\owner\Desktop\Staff EMPLOY Info
2014-03-17 19:29 - 2013-08-08 13:48 - 00000000 ____D () C:\Documents and Settings\owner\Desktop\Autism
2014-03-17 19:18 - 2014-03-17 19:18 - 00204896 _____ (Kaspersky Lab, Yury Parshin) C:\WINDOWS\system32\Drivers\29930846.sys
2014-03-17 19:16 - 2014-03-17 19:16 - 04130656 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\owner\Desktop\tdsskiller.exe
2014-03-17 19:14 - 2013-10-21 22:49 - 00000000 ____D () C:\Documents and Settings\owner\Desktop\Paperwork Staff Various
2014-03-17 18:23 - 2014-03-17 14:19 - 00000000 ____D () C:\AdwCleaner
2014-03-17 16:41 - 2014-02-13 23:41 - 00000000 ____D () C:\Movavi Library
2014-03-17 16:31 - 2014-03-17 16:31 - 05190594 _____ (Swearware) C:\Documents and Settings\owner\Desktop\ComboFix.exe
2014-03-17 16:30 - 2014-03-17 16:29 - 00380416 _____ () C:\Documents and Settings\owner\My Documents\dnwtb085.exe
2014-03-17 16:16 - 2014-03-17 16:16 - 01216302 _____ () C:\VIRUS scan HitMan.bmp
2014-03-17 14:39 - 2014-03-17 14:39 - 00003836 _____ () C:\Documents and Settings\owner\My Documents\Rkill2.txt
2014-03-17 14:39 - 2014-03-09 23:04 - 00032768 ___SH () C:\Thumbs.db
2014-03-17 14:18 - 2014-03-17 14:18 - 01950720 _____ () C:\Documents and Settings\owner\Desktop\AdwCleaner.exe
2014-03-17 14:10 - 2014-03-17 14:10 - 00004470 _____ () C:\Documents and Settings\owner\My Documents\Rkill.txt
2014-03-17 14:07 - 2014-03-17 14:07 - 00000000 ____D () C:\Documents and Settings\owner\My Documents\rkill
2014-03-17 14:04 - 2014-03-17 14:04 - 00000000 __SHD () C:\WINDOWS\CSC
2014-03-17 13:51 - 2013-05-23 13:33 - 00002497 _____ () C:\Documents and Settings\owner\Desktop\Word.lnk
2014-03-17 13:10 - 2014-03-17 13:09 - 00001152 _____ () C:\AdwCleaner[S1].txt
2014-03-17 13:09 - 2014-03-17 13:08 - 00001087 _____ () C:\AdwCleaner[R1].txt
2014-03-17 11:13 - 2013-03-01 09:40 - 00513832 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-14 13:25 - 2014-03-13 23:31 - 00049664 _____ () C:\Documents and Settings\owner\Desktop\time.xls
2014-03-14 10:17 - 2013-12-16 15:34 - 00008192 ___SH () C:\WINDOWS\Thumbs.db
2014-03-14 00:11 - 2014-03-14 00:11 - 00000000 ____D () C:\Payroll 2014
2014-03-13 13:25 - 2013-10-02 13:33 - 00000000 ____D () C:\Documents and Settings\owner\My Documents\DEMO Notes Tx Plans
2014-03-13 11:07 - 2013-03-01 09:40 - 00212880 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-12 15:00 - 2013-05-23 13:33 - 00002495 _____ () C:\Documents and Settings\owner\Desktop\Excel.lnk
2014-03-12 13:10 - 2014-03-12 13:10 - 00024339 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 13:10 - 2014-03-12 13:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 13:10 - 2014-03-12 13:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 13:10 - 2014-03-12 09:36 - 00031139 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 13:10 - 2014-03-12 09:36 - 00029724 _____ () C:\WINDOWS\KB2929961.log
2014-03-12 13:10 - 2013-05-16 16:30 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-12 13:10 - 2013-05-16 16:15 - 00111845 _____ () C:\WINDOWS\updspapi.log
2014-03-12 13:10 - 2013-03-01 09:40 - 01260764 _____ () C:\WINDOWS\iis6.log
2014-03-12 13:10 - 2013-03-01 09:40 - 01130610 _____ () C:\WINDOWS\FaxSetup.log
2014-03-12 13:10 - 2013-03-01 09:40 - 00549808 _____ () C:\WINDOWS\ocgen.log
2014-03-12 13:10 - 2013-03-01 09:40 - 00521445 _____ () C:\WINDOWS\tsoc.log
2014-03-12 13:10 - 2013-03-01 09:40 - 00388299 _____ () C:\WINDOWS\comsetup.log
2014-03-12 13:10 - 2013-03-01 09:40 - 00352750 _____ () C:\WINDOWS\msmqinst.log
2014-03-12 13:10 - 2013-03-01 09:40 - 00233888 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-12 13:10 - 2013-03-01 09:40 - 00198813 _____ () C:\WINDOWS\netfxocm.log
2014-03-12 13:10 - 2013-03-01 09:40 - 00078412 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-12 13:10 - 2013-03-01 09:40 - 00062787 _____ () C:\WINDOWS\ocmsn.log
2014-03-12 13:10 - 2013-03-01 09:40 - 00057543 _____ () C:\WINDOWS\tabletoc.log
2014-03-12 13:10 - 2013-03-01 09:40 - 00056800 _____ () C:\WINDOWS\msgsocm.log
2014-03-12 13:10 - 2013-03-01 09:40 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-12 13:10 - 2013-03-01 09:40 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-12 12:56 - 2013-03-01 09:35 - 00000000 ___RD () C:\WINDOWS\Web
2014-03-11 15:19 - 2014-03-11 15:19 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-03-11 15:19 - 2013-05-16 17:25 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-11 15:19 - 2013-05-16 17:25 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-11 12:59 - 2013-03-01 09:40 - 00630779 _____ () C:\WINDOWS\setupapi.log
2014-03-10 21:31 - 2013-05-16 16:58 - 00000000 ____D () C:\Documents and Settings\owner\My Documents\Utility
2014-03-10 00:02 - 2013-11-26 13:00 - 00000000 ____D () C:\Documents and Settings\owner\Desktop\Magellan
2014-03-06 18:16 - 2014-03-06 17:57 - 00014848 _____ () C:\Documents and Settings\owner\Desktop\Notes Corrections.xls
2014-03-03 19:08 - 2014-03-03 19:08 - 00098394 _____ () C:\WINDOWS\2181269352_n.jpeg
2014-03-03 13:04 - 2013-05-16 16:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-03-03 13:03 - 2014-03-13 15:57 - 00449915 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140313-155720.backup
2014-03-03 13:03 - 2014-03-13 15:55 - 00449915 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140313-155525.backup
2014-03-03 13:03 - 2014-03-10 00:58 - 00449915 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140310-005837.backup
2014-03-03 13:03 - 2014-03-10 00:57 - 00449915 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140310-005709.backup
2014-03-03 13:03 - 2014-03-03 13:04 - 00449915 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140303-120418.backup
2014-03-03 13:01 - 2013-05-16 16:57 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-03-03 12:59 - 2014-03-03 12:59 - 00000944 _____ () C:\Documents and Settings\owner\Desktop\Spybot - Search & Destroy.lnk
2014-03-03 12:59 - 2014-03-03 12:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
2014-03-01 19:01 - 2014-03-01 14:22 - 00000000 ____D () C:\WINDOWS\New Folder
2014-03-01 11:52 - 2013-03-01 09:38 - 00000361 __RSH () C:\boot.ini
2014-02-28 12:45 - 2014-02-28 12:45 - 00000727 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
2014-02-28 12:45 - 2014-02-28 12:45 - 00000000 ____D () C:\Program Files\Secunia
2014-02-28 12:45 - 2014-02-28 12:45 - 00000000 ____D () C:\Documents and Settings\owner\Local Settings\Application Data\Secunia PSI
2014-02-28 12:45 - 2014-02-28 12:45 - 00000000 ____D () C:\Documents and Settings\owner\Application Data\LavasoftStatistics
2014-02-28 12:38 - 2014-02-28 12:38 - 00000440 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-02-28 12:36 - 2014-02-28 12:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-02-28 12:24 - 2014-02-28 12:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-02-28 12:24 - 2013-03-01 09:35 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-02-28 12:23 - 2014-02-28 12:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-02-28 02:02 - 2013-03-01 15:42 - 00047224 _____ () C:\Documents and Settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-02-28 01:29 - 2014-02-26 13:48 - 00000000 ____D () C:\Qoobox
2014-02-27 22:55 - 2014-02-27 22:55 - 00000000 ____D () C:\Program Files\ESET
2014-02-27 22:42 - 2013-03-01 14:54 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-02-27 16:14 - 2001-08-23 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-02-26 15:08 - 2013-12-20 16:45 - 00002521 _____ () C:\Documents and Settings\owner\Desktop\Microsoft Office Outlook 2003.lnk
2014-02-26 14:01 - 2014-02-26 13:48 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-26 14:00 - 2014-03-03 13:03 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140303-120315.backup
2014-02-26 14:00 - 2014-03-03 13:01 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140303-120158.backup
2014-02-26 14:00 - 2014-03-01 11:58 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140301-105837.backup
2014-02-26 13:50 - 2014-02-26 13:50 - 00000000 _RSHD () C:\cmdcons
2014-02-26 13:48 - 2014-02-21 15:49 - 05185084 ____R (Swearware) C:\Documents and Settings\owner\My Documents\ComboFix.exe
2014-02-25 01:32 - 2014-02-25 01:32 - 00000000 __SHD () C:\Documents and Settings\owner\IECompatCache
2014-02-24 16:24 - 2008-04-14 05:42 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-24 16:24 - 2008-04-14 05:42 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-24 07:46 - 2013-05-16 16:30 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-24 07:46 - 2013-03-01 14:49 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-24 07:46 - 2008-04-14 05:42 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-24 07:46 - 2008-04-14 05:42 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-24 07:46 - 2008-04-14 05:42 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-24 07:46 - 2008-04-14 05:42 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-24 07:46 - 2008-04-14 05:42 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-24 07:46 - 2008-04-14 05:42 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-24 07:46 - 2008-04-14 05:42 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-24 07:46 - 2008-04-14 05:42 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-24 07:46 - 2008-04-14 05:42 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-24 07:46 - 2008-04-14 05:42 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-24 07:46 - 2008-04-14 05:42 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-24 07:46 - 2008-04-14 05:42 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-24 07:46 - 2008-04-14 05:42 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-24 07:46 - 2008-04-14 05:42 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-24 07:45 - 2013-05-16 16:31 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-24 07:45 - 2013-05-16 16:30 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-24 07:45 - 2013-05-16 16:30 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-24 07:45 - 2013-05-16 16:30 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-24 07:45 - 2013-05-16 16:30 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-24 07:45 - 2013-05-16 16:30 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-24 07:45 - 2013-05-16 16:30 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-24 07:45 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-24 07:45 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-24 07:45 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-24 07:45 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-24 07:45 - 2008-04-14 05:42 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-24 07:45 - 2008-04-14 05:42 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-24 07:45 - 2008-04-14 05:41 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-24 07:45 - 2008-04-14 05:41 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-24 07:45 - 2008-04-14 05:41 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-24 07:45 - 2008-04-14 05:41 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-24 07:45 - 2008-04-14 05:41 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-24 07:45 - 2008-04-14 05:41 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-24 07:45 - 2008-04-14 05:41 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-24 07:45 - 2008-04-14 05:41 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-24 07:45 - 2008-04-14 05:41 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-24 07:45 - 2008-04-14 05:41 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-24 06:54 - 2008-04-14 00:07 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-23 12:20 - 2014-03-17 18:03 - 00001627 _____ () C:\Documents and Settings\owner\Desktop\System Restore.lnk
2014-02-23 12:05 - 2014-02-26 13:50 - 00000245 _____ () C:\Boot.bak
2014-02-23 11:43 - 2013-05-16 16:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2508429$
2014-02-22 21:52 - 2013-07-10 19:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\YTD Video Downloader
2014-02-22 21:47 - 2014-02-22 21:47 - 00000751 _____ () C:\Documents and Settings\owner\Desktop\Eusing Free Registry Cleaner.lnk
2014-02-22 21:47 - 2014-02-22 21:47 - 00000000 ____D () C:\Documents and Settings\owner\Application Data\Eusing
2014-02-22 21:47 - 2013-05-16 17:09 - 00000000 ____D () C:\Program Files\Eusing Free Registry Cleaner
2014-02-22 17:27 - 2014-02-22 17:27 - 00000000 ____D () C:\Program Files\Trend Micro
2014-02-22 17:27 - 2014-02-22 17:27 - 00000000 ____D () C:\Documents and Settings\owner\Start Menu\Programs\HiJackThis
2014-02-22 17:24 - 2013-05-16 17:17 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 14:29 - 2013-03-01 14:49 - 00000000 ____D () C:\WINDOWS\Registration
2014-02-20 11:39 - 2013-03-01 09:35 - 00000000 ____D () C:\WINDOWS\system
2014-02-20 02:10 - 2013-03-01 14:58 - 00000000 ____D () C:\Intel
2014-02-18 13:27 - 2013-05-16 16:18 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Documents and Settings\owner\Local Settings\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by owner at 2014-03-18 01:22:04
Running from C:\Documents and Settings\owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 2.5 - Auslogics Software Pty Ltd)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
DuckCapture Standard 2.7 (HKLM\...\DuckCapture_is1) (Version: 2.7 - DuckLink)
Embedded Security for HP ProtectTools Driver (Version: 5.5.100 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Eusing Free Registry Cleaner (HKLM\...\Eusing Free Registry Cleaner) (Version:  - Eusing Software)
Free Internet Window Washer (HKLM\...\Free Internet Window Washer) (Version:  - )
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections 15.2.89.2 (HKLM\...\{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}) (Version: 15.2.89.2 - Intel)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Longbow (HKLM\...\InstallShield_{EF08AF39-BE53-4308-A97C-0327C0F5AA23}) (Version: 1.00.0000 - Activision Value)
Longbow (Version: 1.00.0000 - Activision Value) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-GB)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Musicnotes Player V1.32.2 and Viewer V1.19.0 (HKLM\...\Musicnotes Player_is1) (Version: 1.32.2 - Musicnotes Inc.)
MWSnap 3 (HKLM\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5880 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Wise Folder Hider 1.35 (HKLM\...\Wise Folder Hider_is1) (Version: 1.35 - WiseCleaner.com, Inc.)
Wise Registry Cleaner 7.93 (HKLM\...\Wise Registry Cleaner_is1) (Version: 7.93 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

18-12-2013 03:56:20 Software Distribution Service 3.0
18-12-2013 13:49:09 Software Distribution Service 3.0
18-12-2013 17:13:01 Installed Windows Media Player 11
18-12-2013 17:14:35 Software Distribution Service 3.0
19-12-2013 18:27:27 Software Distribution Service 3.0
19-12-2013 18:37:41 Software Distribution Service 3.0
20-12-2013 17:32:54 Software Distribution Service 3.0
20-12-2013 19:05:27 Software Distribution Service 3.0
23-12-2013 13:43:15 Software Distribution Service 3.0
24-12-2013 15:18:02 Software Distribution Service 3.0
26-12-2013 15:29:03 Software Distribution Service 3.0
29-12-2013 16:27:59 Software Distribution Service 3.0
30-12-2013 18:40:22 Software Distribution Service 3.0
31-12-2013 03:51:49 Revo Uninstaller's restore point - Malwarebytes Anti-Exploit version 0.09.4.2000
31-12-2013 04:00:56 Revo Uninstaller's restore point - Malwarebytes Anti-Exploit version 0.09.4.2000
31-12-2013 19:01:24 Software Distribution Service 3.0
01-01-2014 19:51:11 Software Distribution Service 3.0
02-01-2014 20:01:50 System Checkpoint
02-01-2014 22:53:33 Software Distribution Service 3.0
04-01-2014 04:24:51 Software Distribution Service 3.0
05-01-2014 15:50:03 Software Distribution Service 3.0
06-01-2014 15:55:56 System Checkpoint
06-01-2014 19:03:02 Software Distribution Service 3.0
07-01-2014 19:16:32 Software Distribution Service 3.0
08-01-2014 19:59:20 Software Distribution Service 3.0
09-01-2014 21:52:34 Software Distribution Service 3.0
10-01-2014 22:42:14 System Checkpoint
11-01-2014 15:02:27 Software Distribution Service 3.0
12-01-2014 15:58:52 Software Distribution Service 3.0
13-01-2014 17:20:08 Software Distribution Service 3.0
14-01-2014 17:48:09 Software Distribution Service 3.0
15-01-2014 16:47:40 Software Distribution Service 3.0
15-01-2014 21:55:02 Software Distribution Service 3.0
16-01-2014 15:58:57 Software Distribution Service 3.0
17-01-2014 13:23:34 Software Distribution Service 3.0
18-01-2014 14:20:48 Software Distribution Service 3.0
20-01-2014 00:01:33 Software Distribution Service 3.0
22-01-2014 01:54:36 Software Distribution Service 3.0
23-01-2014 14:40:22 System Checkpoint
23-01-2014 19:28:22 Software Distribution Service 3.0
23-01-2014 21:36:27 Installed Java 7 Update 51
25-01-2014 01:52:41 Software Distribution Service 3.0
27-01-2014 13:49:54 Software Distribution Service 3.0
28-01-2014 13:53:36 Software Distribution Service 3.0
29-01-2014 17:14:29 Software Distribution Service 3.0
30-01-2014 19:57:49 Software Distribution Service 3.0
31-01-2014 20:02:29 System Checkpoint
01-02-2014 14:13:41 Software Distribution Service 3.0
03-02-2014 17:57:04 Software Distribution Service 3.0
04-02-2014 18:36:58 Software Distribution Service 3.0
05-02-2014 23:14:52 Software Distribution Service 3.0
06-02-2014 23:38:05 System Checkpoint
08-02-2014 14:15:57 Software Distribution Service 3.0
09-02-2014 17:01:31 Software Distribution Service 3.0
10-02-2014 17:21:34 System Checkpoint
10-02-2014 20:29:04 Software Distribution Service 3.0
11-02-2014 21:10:45 Software Distribution Service 3.0
12-02-2014 22:14:38 System Checkpoint
12-02-2014 23:02:09 Software Distribution Service 3.0
13-02-2014 15:58:28 Software Distribution Service 3.0
14-02-2014 03:51:13 Revo Uninstaller's restore point - Movavi Screen Capture 4
14-02-2014 16:16:47 Software Distribution Service 3.0
15-02-2014 17:30:49 System Checkpoint
15-02-2014 19:56:35 Software Distribution Service 3.0
16-02-2014 20:20:14 Software Distribution Service 3.0
17-02-2014 20:47:43 Software Distribution Service 3.0
18-02-2014 22:51:52 System Checkpoint
19-02-2014 14:42:33 Software Distribution Service 3.0
20-02-2014 15:50:46 Software Distribution Service 3.0
21-02-2014 18:10:14 System Checkpoint
21-02-2014 18:21:11 Software Distribution Service 3.0
22-02-2014 21:27:23 Installed HiJackThis
22-02-2014 21:49:30 Software Distribution Service 3.0
23-02-2014 16:20:19 PERFECT CLEAN MASTER
24-02-2014 20:01:49 Software Distribution Service 3.0
25-02-2014 05:32:07 MASTER VERY CLEAN
25-02-2014 22:55:57 Software Distribution Service 3.0
27-02-2014 00:09:10 System Checkpoint
27-02-2014 14:27:50 Software Distribution Service 3.0
28-02-2014 16:07:10 Software Distribution Service 3.0
28-02-2014 16:24:22 Installed Windows XP KB942288-v3.
28-02-2014 16:24:35 AA11
28-02-2014 23:28:04 MASTER RESET CLEAN!!!
01-03-2014 22:20:37 Software Distribution Service 3.0
01-03-2014 22:21:57 Revo Uninstaller's restore point - Ad-Aware Antivirus
01-03-2014 22:24:20 AA11
03-03-2014 16:50:31 Software Distribution Service 3.0
05-03-2014 15:21:28 Software Distribution Service 3.0
06-03-2014 16:42:08 Software Distribution Service 3.0
07-03-2014 18:59:32 Software Distribution Service 3.0
09-03-2014 15:41:12 Software Distribution Service 3.0
10-03-2014 16:25:11 System Checkpoint
10-03-2014 17:29:56 Software Distribution Service 3.0
11-03-2014 18:44:06 System Checkpoint
11-03-2014 20:32:25 Software Distribution Service 3.0
12-03-2014 17:09:49 Software Distribution Service 3.0
13-03-2014 15:18:28 Software Distribution Service 3.0
14-03-2014 18:04:33 System Checkpoint
14-03-2014 21:25:19 Software Distribution Service 3.0
16-03-2014 18:57:29 Software Distribution Service 3.0
17-03-2014 15:51:57 Restore Operation
17-03-2014 21:12:42 Restore Operation
17-03-2014 22:45:08 Restore Operation
17-03-2014 23:41:09 Software Distribution Service 3.0
17-03-2014 23:59:32 Software Distribution Service 3.0
18-03-2014 03:48:02 RECENT
18-03-2014 04:10:33 Restore Operation
18-03-2014 04:36:11 Restore Operation

==================== Hosts content: ==========================

2001-08-23 07:00 - 2014-03-03 13:03 - 00449915 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2013-05-16 16:20 - 2013-05-16 16:17 - 00397704 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2013-10-11 08:02 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-10-11 08:02 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-13 23:38 - 2014-02-13 23:38 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2014 01:16:48 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.4.304.0, P3 timeout, P4 1.1.10401.0, P5 fixed, P6 2 _ 2049+, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/17/2014 09:06:23 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.4.304.0, P3 timeout, P4 1.1.10401.0, P5 fixed, P6 2 _ 2049+, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/13/2014 01:36:22 PM) (Source: Microsoft Office 11) (User: )
Description: Microsoft Office PublisherPublisher failed to start correctly last time.  Starting Publisher in safe mode will help you correct or isolate a startup problem in order to successfully start the program.  Some functionality may be disabled in this mode.

Do you want to start Publisher in safe mode?

Error: (03/13/2014 01:36:17 PM) (Source: Microsoft Office 11) (User: )
Description: mspub.exe11.0.8402.051560efamso.dll11.0.8405.051ede5680004bff01

Error: (03/05/2014 07:28:01 PM) (Source: Microsoft Office 11) (User: )
Description: excel.exe11.0.8404.051a52fcbexcel.exe11.0.8404.051a52fcb0000bf16f

Error: (02/24/2014 04:14:21 PM) (Source: Microsoft Office 11) (User: )
Description: excel.exe11.0.8404.051a52fcbexcel.exe11.0.8404.051a52fcb0000bf16f

Error: (02/21/2014 07:15:23 PM) (Source: Avira Antivirus) (User: NT AUTHORITY)
Description: Unable to load file AvShadow.
Returned error code: 0x3e5

Error: (01/18/2014 01:06:46 PM) (Source: Application Hang) (User: )
Description: Fault bucket -473805052.

Error: (01/18/2014 01:06:41 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 11.0.4.63, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/15/2014 06:35:39 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 26.0.0.5087, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (03/18/2014 00:51:16 AM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (03/18/2014 00:51:16 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (03/18/2014 00:43:35 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service hung on starting.

Error: (03/18/2014 00:43:29 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053

Error: (03/18/2014 00:43:29 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating Service service to connect.

Error: (03/18/2014 00:43:29 AM) (Source: Service Control Manager) (User: )
Description: The Secunia PSI Agent service failed to start due to the following error:
%%1053

Error: (03/18/2014 00:43:29 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Secunia PSI Agent service to connect.

Error: (03/18/2014 00:43:29 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (03/18/2014 00:43:29 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (03/18/2014 00:43:29 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (03/18/2014 01:16:48 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.4.304.0timeout1.1.10401.0fixed2 _ 2049+5 _ not bootNILNILNIL

Error: (03/17/2014 09:06:23 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.4.304.0timeout1.1.10401.0fixed2 _ 2049+5 _ not bootNILNILNIL

Error: (03/13/2014 01:36:22 PM) (Source: Microsoft Office 11)(User: )
Description: Microsoft Office PublisherPublisher failed to start correctly last time.  Starting Publisher in safe mode will help you correct or isolate a startup problem in order to successfully start the program.  Some functionality may be disabled in this mode.

Do you want to start Publisher in safe mode?

Error: (03/13/2014 01:36:17 PM) (Source: Microsoft Office 11)(User: )
Description: mspub.exe11.0.8402.051560efamso.dll11.0.8405.051ede5680004bff01

Error: (03/05/2014 07:28:01 PM) (Source: Microsoft Office 11)(User: )
Description: excel.exe11.0.8404.051a52fcbexcel.exe11.0.8404.051a52fcb0000bf16f

Error: (02/24/2014 04:14:21 PM) (Source: Microsoft Office 11)(User: )
Description: excel.exe11.0.8404.051a52fcbexcel.exe11.0.8404.051a52fcb0000bf16f

Error: (02/21/2014 07:15:23 PM) (Source: Avira Antivirus)(User: NT AUTHORITY)
Description: AvShadow0x3e5

Error: (01/18/2014 01:06:46 PM) (Source: Application Hang)(User: )
Description: -473805052

Error: (01/18/2014 01:06:41 PM) (Source: Application Hang)(User: )
Description: AcroRd32.exe11.0.4.63hungapp0.0.0.000000000

Error: (01/15/2014 06:35:39 PM) (Source: Application Hang)(User: )
Description: firefox.exe26.0.0.5087hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 3053.23 MB
Available physical RAM: 2312.22 MB
Total Pagefile: 4939.19 MB
Available Pagefile: 4204.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.36 MB

==================== Drives ================================

Drive c: (CORNERSTONE) (Fixed) (Total:232.88 GB) (Free:206.84 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: D1B5CA5A)

Partition: GPT Partition Type.

==================== End Of Log ============================



#5 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 18 March 2014 - 03:19 AM

Thank you again!!

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:59 PM

Posted 18 March 2014 - 05:53 PM

Hello again,

 

Thank you again!!

My pleasure! :)

 

Okay, a couple of things here:

 

Firstly, there is not much in the way of malware showing in your logs, so that's good. :)

 

Do you use this machine for work purposes?

 

Next, from the logs:

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

This could be an issue. When looking in the Device Manager, do you see any yellow exclamation points...maybe one next to this PS/2 Compatible Mouse entry?

 

Also, I see you have many programs installed that I would run on this machine (i.e. Combofix, Adware Cleaner, Kaspersky, etc...), could you provide any of the logs from the aformentioned programs and post them here? Most importantly, please post the Adware Cleaner log located at C:\AdwCleaner[S1].txt in your next reply (that may give us some insight into what has happened recently).

 

bloopie



#7 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 18 March 2014 - 08:25 PM

yes, it is used by staff with flash drives, etc. in a work setting. Ok, here's what was done earlier:

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/17/2014 02:06:54 PM in x86 mode. (Safe Mode)
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Active Proxy Server Detected

 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Backup Registry file created at:
 C:\Documents and Settings\owner\Desktop\rkill\rkill-03-17-2014-02-07-05.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Manual

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic

 * Automatic Updates (wuauserv) is not Running.
   Startup Type set to: Automatic

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    100888290cs.com
  127.0.0.1    www.100888290cs.com
  127.0.0.1    www.100sexlinks.com

  20 out of 15493 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 03/17/2014 02:10:17 PM
Execution time: 0 hours(s), 3 minute(s), and 22 seconds(s)

 

 

# AdwCleaner v2.306 - Logfile created 03/17/2014 at 13:09:57
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : owner - A-AC6ECF08BE344
# Boot Mode : Normal
# Running from : C:\Documents and Settings\owner\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v27.0.1 (en-GB)

File : C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\zpxdu57c.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1087 octets] - [17/03/2014 13:08:02]
AdwCleaner[S1].txt - [1023 octets] - [17/03/2014 13:09:57]

########## EOF - C:\AdwCleaner[S1].txt - [1083 octets] ##########

 

 

 

19:17:55.0843 0x0600  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
19:18:00.0218 0x0600  ============================================================
19:18:00.0218 0x0600  Current date / time: 2014/03/17 19:18:00.0218
19:18:00.0218 0x0600  SystemInfo:
19:18:00.0218 0x0600  
19:18:00.0218 0x0600  OS Version: 5.1.2600 ServicePack: 3.0
19:18:00.0218 0x0600  Product type: Workstation
19:18:00.0218 0x0600  ComputerName: A-AC6ECF08BE344
19:18:00.0218 0x0600  UserName: owner
19:18:00.0218 0x0600  Windows directory: C:\WINDOWS
19:18:00.0218 0x0600  System windows directory: C:\WINDOWS
19:18:00.0218 0x0600  Processor architecture: Intel x86
19:18:00.0218 0x0600  Number of processors: 2
19:18:00.0218 0x0600  Page size: 0x1000
19:18:00.0218 0x0600  Boot type: Normal boot
19:18:00.0218 0x0600  ============================================================
19:18:58.0234 0x0600  KLMD registered as C:\WINDOWS\system32\drivers\29930846.sys
19:19:21.0312 0x0600  System UUID: {7D560F48-6FDF-11EB-56AE-4A6B981392F1}
19:19:53.0234 0x0600  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:19:59.0406 0x0600  ============================================================
19:19:59.0406 0x0600  \Device\Harddisk0\DR0:
19:19:59.0562 0x0600  MBR partitions:
19:19:59.0562 0x0600  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
19:19:59.0562 0x0600  ============================================================
19:20:01.0296 0x0600  C: <-> \Device\Harddisk0\DR0\Partition1
19:20:01.0296 0x0600  ============================================================
19:20:01.0296 0x0600  Initialize success
19:20:01.0296 0x0600  ============================================================
19:20:07.0906 0x0d50  ============================================================
19:20:07.0906 0x0d50  Scan started
19:20:07.0906 0x0d50  Mode: Manual;
19:20:07.0906 0x0d50  ============================================================
19:20:07.0906 0x0d50  KSN ping started
19:20:08.0203 0x0d50  KSN ping finished: true
19:20:20.0734 0x0d50  ================ Scan system memory ========================
19:20:20.0734 0x0d50  System memory - ok
19:20:20.0734 0x0d50  ================ Scan services =============================
19:20:37.0500 0x0d50  Abiosdsk - ok
19:20:37.0500 0x0d50  abp480n5 - ok
19:20:37.0828 0x0d50  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:20:37.0828 0x0d50  ACPI - ok
19:20:39.0359 0x0d50  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
19:20:39.0421 0x0d50  ACPIEC - ok
19:20:39.0859 0x0d50  [ 2DC6FF5DA4EA7CA1D4128A7541734B9F, E92577C0F79F3C40B235790187CAAE670C1F53B43C6C2D84620C4AAF21AA0C41 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
19:20:39.0859 0x0d50  ADIHdAudAddService - ok
19:20:40.0484 0x0d50  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:20:40.0484 0x0d50  AdobeFlashPlayerUpdateSvc - ok
19:20:40.0484 0x0d50  adpu160m - ok
19:20:41.0000 0x0d50  [ 3BC9C8BAF983B583E14088E6FF74A8A1, 7500DABAF6BE6DF602C7143FA64567BDE519F75D6C3B22A53234CB8A4D2AAAC7 ] AEAudio         C:\WINDOWS\system32\drivers\AEAudio.sys
19:20:41.0000 0x0d50  AEAudio - ok
19:20:41.0250 0x0d50  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:20:41.0250 0x0d50  aec - ok
19:20:41.0500 0x0d50  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:20:41.0500 0x0d50  AFD - ok
19:20:41.0500 0x0d50  Aha154x - ok
19:20:41.0500 0x0d50  aic78u2 - ok
19:20:41.0500 0x0d50  aic78xx - ok
19:20:43.0187 0x0d50  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:20:43.0296 0x0d50  Alerter - ok
19:20:43.0500 0x0d50  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
19:20:43.0500 0x0d50  ALG - ok
19:20:43.0500 0x0d50  AliIde - ok
19:20:43.0500 0x0d50  amsint - ok
19:20:45.0750 0x0d50  [ 4D282B9C5BB05DF92C9F3977DFB9F916, E6D49ED0D5FA26F2936FC97A0F1DFA38D1066AAF2EEFCE2931AF21B2CBE54CAD ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:20:46.0265 0x0d50  AntiVirSchedulerService - ok
19:20:46.0703 0x0d50  [ 65AF41A7A2C5B6693E1B4164E7632C3E, BA1DC45D7BB5307BD418D2BDFDBD1DD593439245A0A3F65FE6287F6F5198B999 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:20:46.0703 0x0d50  AntiVirService - ok
19:20:46.0953 0x0d50  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:20:47.0593 0x0d50  AppMgmt - ok
19:20:47.0593 0x0d50  asc - ok
19:20:47.0593 0x0d50  asc3350p - ok
19:20:47.0593 0x0d50  asc3550 - ok
19:20:49.0328 0x0d50  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:20:49.0328 0x0d50  aspnet_state - ok
19:20:49.0531 0x0d50  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:20:49.0531 0x0d50  AsyncMac - ok
19:20:49.0703 0x0d50  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:20:49.0703 0x0d50  atapi - ok
19:20:49.0703 0x0d50  Atdisk - ok
19:20:51.0078 0x0d50  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:20:51.0078 0x0d50  Atmarpc - ok
19:20:51.0781 0x0d50  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:20:51.0937 0x0d50  AudioSrv - ok
19:20:52.0312 0x0d50  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:20:52.0312 0x0d50  audstub - ok
19:20:52.0687 0x0d50  [ B8C10FF9369394EB84993F331810CF29, 84D674EF4FB73FD9D1539DFCC52361C2FBAFD5A2DEF1FFF4F1F416721AA80F85 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:20:52.0687 0x0d50  avgntflt - ok
19:20:54.0593 0x0d50  [ 4189E5AB2CAD6F395D87DAAE73EB090F, 8A98667451F0A9E81204BC9DD34B7BDA147FB867F0969361ED6F9C0CD422E49C ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:20:54.0593 0x0d50  avipbb - ok
19:20:55.0921 0x0d50  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:20:55.0921 0x0d50  avkmgr - ok
19:20:56.0234 0x0d50  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:20:56.0328 0x0d50  Beep - ok
19:20:58.0875 0x0d50  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:21:02.0031 0x0d50  BITS - ok
19:21:02.0187 0x0d50  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
19:21:02.0187 0x0d50  Browser - ok
19:21:02.0421 0x0d50  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:21:03.0000 0x0d50  cbidf2k - ok
19:21:03.0000 0x0d50  cd20xrnt - ok
19:21:03.0140 0x0d50  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:21:03.0203 0x0d50  Cdaudio - ok
19:21:03.0468 0x0d50  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:21:03.0468 0x0d50  Cdfs - ok
19:21:03.0656 0x0d50  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:21:03.0656 0x0d50  Cdrom - ok
19:21:03.0671 0x0d50  Changer - ok
19:21:03.0859 0x0d50  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:21:03.0859 0x0d50  CiSvc - ok
19:21:04.0031 0x0d50  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:21:04.0031 0x0d50  ClipSrv - ok
19:21:04.0187 0x0d50  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:21:04.0453 0x0d50  clr_optimization_v2.0.50727_32 - ok
19:21:04.0453 0x0d50  CmdIde - ok
19:21:04.0453 0x0d50  COMSysApp - ok
19:21:04.0453 0x0d50  Cpqarray - ok
19:21:04.0656 0x0d50  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:21:04.0781 0x0d50  CryptSvc - ok
19:21:04.0781 0x0d50  dac2w2k - ok
19:21:04.0781 0x0d50  dac960nt - ok
19:21:05.0203 0x0d50  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:21:05.0203 0x0d50  DcomLaunch - ok
19:21:05.0406 0x0d50  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:21:05.0421 0x0d50  Dhcp - ok
19:21:05.0609 0x0d50  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:21:05.0609 0x0d50  Disk - ok
19:21:05.0609 0x0d50  dmadmin - ok
19:21:07.0765 0x0d50  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:21:08.0906 0x0d50  dmboot - ok
19:21:09.0906 0x0d50  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:21:09.0906 0x0d50  dmio - ok
19:21:10.0140 0x0d50  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:21:10.0140 0x0d50  dmload - ok
19:21:10.0671 0x0d50  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:21:10.0671 0x0d50  dmserver - ok
19:21:11.0046 0x0d50  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:21:11.0046 0x0d50  DMusic - ok
19:21:11.0453 0x0d50  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:21:11.0453 0x0d50  Dnscache - ok
19:21:11.0843 0x0d50  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:21:12.0468 0x0d50  Dot3svc - ok
19:21:12.0468 0x0d50  dpti2o - ok
19:21:12.0921 0x0d50  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:21:12.0921 0x0d50  drmkaud - ok
19:21:13.0531 0x0d50  [ 6DE32A9123EF60F9D423E9163AF0E305, 2C11222D998F6D8D870879BB50E85C4929BF51903118DD8A991B9A02FF84B79E ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
19:21:13.0531 0x0d50  e1express - ok
19:21:13.0828 0x0d50  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:21:13.0937 0x0d50  EapHost - ok
19:21:14.0187 0x0d50  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:21:14.0187 0x0d50  ERSvc - ok
19:21:14.0390 0x0d50  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
19:21:14.0390 0x0d50  Eventlog - ok
19:21:14.0687 0x0d50  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
19:21:14.0750 0x0d50  EventSystem - ok
19:21:14.0968 0x0d50  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:21:15.0484 0x0d50  Fastfat - ok
19:21:15.0734 0x0d50  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:21:15.0734 0x0d50  FastUserSwitchingCompatibility - ok
19:21:15.0875 0x0d50  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
19:21:15.0875 0x0d50  Fdc - ok
19:21:16.0125 0x0d50  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:21:16.0125 0x0d50  Fips - ok
19:21:16.0265 0x0d50  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
19:21:16.0375 0x0d50  Flpydisk - ok
19:21:16.0640 0x0d50  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:21:16.0640 0x0d50  FltMgr - ok
19:21:17.0203 0x0d50  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:21:17.0203 0x0d50  FontCache3.0.0.0 - ok
19:21:17.0296 0x0d50  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:21:17.0343 0x0d50  Fs_Rec - ok
19:21:17.0468 0x0d50  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:21:17.0468 0x0d50  Ftdisk - ok
19:21:17.0546 0x0d50  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:21:17.0546 0x0d50  Gpc - ok
19:21:17.0765 0x0d50  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:21:17.0765 0x0d50  HDAudBus - ok
19:21:17.0921 0x0d50  [ 0BF1D760B05CAAAF231123D53C4789E2, 53EB2FAEFC6267BA29831D2AFF6EDBF6916B25509D8C206D34FD52E76965856B ] HECI            C:\WINDOWS\system32\DRIVERS\HECI.sys
19:21:17.0921 0x0d50  HECI - ok
19:21:18.0406 0x0d50  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:21:18.0453 0x0d50  helpsvc - ok
19:21:18.0703 0x0d50  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
19:21:18.0718 0x0d50  HidServ - ok
19:21:18.0906 0x0d50  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:21:18.0906 0x0d50  hidusb - ok
19:21:19.0843 0x0d50  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:21:20.0562 0x0d50  hkmsvc - ok
19:21:20.0656 0x0d50  hpn - ok
19:21:23.0812 0x0d50  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:21:23.0812 0x0d50  HTTP - ok
19:21:24.0234 0x0d50  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:21:24.0406 0x0d50  HTTPFilter - ok
19:21:24.0406 0x0d50  i2omgmt - ok
19:21:24.0406 0x0d50  i2omp - ok
19:21:24.0500 0x0d50  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:21:24.0515 0x0d50  i8042prt - ok
19:21:31.0937 0x0d50  [ 66A685B05066683621920BC14A45CFE8, B1DA4E1083E1B60E29607BFEF62653E13A0A9DD5A2ED7074B43BC4185AE64959 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:21:38.0750 0x0d50  ialm - ok
19:21:39.0953 0x0d50  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:21:41.0312 0x0d50  idsvc - ok
19:21:41.0453 0x0d50  [ 91C5E9F49F32110CED27E2F902FAD607, 9B5F1B0996FA7E92DF02214470C77046BF35F13E21CA4AEFC2019B1191248A5E ] IFXTPM          C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
19:21:41.0453 0x0d50  IFXTPM - ok
19:21:41.0531 0x0d50  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:21:41.0531 0x0d50  Imapi - ok
19:21:41.0796 0x0d50  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:21:41.0796 0x0d50  ImapiService - ok
19:21:41.0812 0x0d50  ini910u - ok
19:21:41.0812 0x0d50  IntelIde - ok
19:21:41.0953 0x0d50  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:21:41.0953 0x0d50  intelppm - ok
19:21:42.0156 0x0d50  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:21:42.0156 0x0d50  Ip6Fw - ok
19:21:42.0375 0x0d50  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:21:42.0375 0x0d50  IpFilterDriver - ok
19:21:42.0531 0x0d50  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:21:42.0531 0x0d50  IpInIp - ok
19:21:42.0890 0x0d50  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:21:42.0890 0x0d50  IpNat - ok
19:21:43.0062 0x0d50  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:21:43.0062 0x0d50  IPSec - ok
19:21:43.0250 0x0d50  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:21:43.0265 0x0d50  IRENUM - ok
19:21:43.0406 0x0d50  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:21:43.0406 0x0d50  isapnp - ok
19:21:44.0406 0x0d50  [ B9436A665A8621073A12338B16D7BFD4, 1F1CB4758768BF7B7DDB27BF9DA944D869B561ABF7EC39CEC059044E10C1EA88 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:21:44.0406 0x0d50  JavaQuickStarterService - ok
19:21:45.0843 0x0d50  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:21:45.0843 0x0d50  Kbdclass - ok
19:21:47.0468 0x0d50  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:21:47.0468 0x0d50  kbdhid - ok
19:21:47.0625 0x0d50  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:21:47.0625 0x0d50  kmixer - ok
19:21:47.0828 0x0d50  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:21:47.0828 0x0d50  KSecDD - ok
19:21:48.0031 0x0d50  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
19:21:48.0046 0x0d50  LanmanServer - ok
19:21:48.0250 0x0d50  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:21:48.0265 0x0d50  lanmanworkstation - ok
19:21:48.0265 0x0d50  lbrtfdc - ok
19:21:48.0453 0x0d50  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:21:48.0546 0x0d50  LmHosts - ok
19:21:48.0546 0x0d50  MBAMSwissArmy - ok
19:21:48.0687 0x0d50  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:21:48.0796 0x0d50  Messenger - ok
19:21:48.0937 0x0d50  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:21:48.0984 0x0d50  mnmdd - ok
19:21:49.0203 0x0d50  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:21:49.0203 0x0d50  mnmsrvc - ok
19:21:49.0406 0x0d50  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:21:49.0562 0x0d50  Modem - ok
19:21:50.0250 0x0d50  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:21:50.0250 0x0d50  Mouclass - ok
19:21:50.0406 0x0d50  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:21:50.0406 0x0d50  mouhid - ok
19:21:51.0093 0x0d50  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:21:51.0109 0x0d50  MountMgr - ok
19:21:51.0984 0x0d50  [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:21:52.0000 0x0d50  MozillaMaintenance - ok
19:21:52.0921 0x0d50  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:21:52.0921 0x0d50  MpFilter - ok
19:21:54.0484 0x0d50  [ 65C34426C83EFA32D48380A97717997B, CD7EB6BFBB0BE382BA21055460D9A72323F09AF3194A22D8EDB28D5DB3BAE8E7 ] MpKslcc73b89d   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1B55B8EA-E64B-4109-BAB7-A4D09F410ADA}\MpKslcc73b89d.sys
19:21:54.0484 0x0d50  MpKslcc73b89d - ok
19:21:54.0484 0x0d50  mraid35x - ok
19:21:54.0671 0x0d50  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:21:54.0671 0x0d50  MRxDAV - ok
19:21:55.0093 0x0d50  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:21:55.0109 0x0d50  MRxSmb - ok
19:21:55.0406 0x0d50  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
19:21:55.0406 0x0d50  MSDTC - ok
19:21:55.0593 0x0d50  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:21:55.0593 0x0d50  Msfs - ok
19:21:55.0593 0x0d50  MSIServer - ok
19:21:55.0687 0x0d50  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:21:55.0687 0x0d50  MSKSSRV - ok
19:21:56.0015 0x0d50  [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:21:56.0015 0x0d50  MsMpSvc - ok
19:21:56.0156 0x0d50  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:21:56.0156 0x0d50  MSPCLOCK - ok
19:21:56.0453 0x0d50  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:21:56.0468 0x0d50  MSPQM - ok
19:21:56.0656 0x0d50  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:21:56.0656 0x0d50  mssmbios - ok
19:21:57.0234 0x0d50  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:21:57.0234 0x0d50  Mup - ok
19:21:57.0453 0x0d50  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:21:57.0453 0x0d50  NDIS - ok
19:21:57.0593 0x0d50  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:21:57.0593 0x0d50  NdisTapi - ok
19:21:57.0796 0x0d50  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:21:57.0796 0x0d50  Ndisuio - ok
19:21:58.0109 0x0d50  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:21:58.0109 0x0d50  NdisWan - ok
19:21:58.0671 0x0d50  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:21:58.0671 0x0d50  NDProxy - ok
19:21:58.0875 0x0d50  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:21:58.0875 0x0d50  NetBIOS - ok
19:21:59.0015 0x0d50  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:21:59.0015 0x0d50  NetBT - ok
19:21:59.0437 0x0d50  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:21:59.0437 0x0d50  NetDDE - ok
19:21:59.0515 0x0d50  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:21:59.0515 0x0d50  NetDDEdsdm - ok
19:21:59.0937 0x0d50  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:21:59.0937 0x0d50  Netlogon - ok
19:22:00.0156 0x0d50  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
19:22:00.0203 0x0d50  Netman - ok
19:22:00.0687 0x0d50  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:22:00.0687 0x0d50  NetTcpPortSharing - ok
19:22:01.0046 0x0d50  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:22:01.0046 0x0d50  Nla - ok
19:22:01.0203 0x0d50  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:22:01.0203 0x0d50  Npfs - ok
19:22:01.0781 0x0d50  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:22:02.0625 0x0d50  Ntfs - ok
19:22:02.0890 0x0d50  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
19:22:02.0890 0x0d50  NtLmSsp - ok
19:22:03.0578 0x0d50  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:22:04.0390 0x0d50  NtmsSvc - ok
19:22:04.0578 0x0d50  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:22:04.0640 0x0d50  Null - ok
19:22:04.0781 0x0d50  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:22:04.0781 0x0d50  NwlnkFlt - ok
19:22:04.0921 0x0d50  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:22:04.0921 0x0d50  NwlnkFwd - ok
19:22:05.0484 0x0d50  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:22:05.0484 0x0d50  ose - ok
19:22:06.0796 0x0d50  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
19:22:06.0812 0x0d50  Parport - ok
19:22:06.0906 0x0d50  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:22:06.0906 0x0d50  PartMgr - ok
19:22:07.0296 0x0d50  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:22:07.0593 0x0d50  ParVdm - ok
19:22:08.0953 0x0d50  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:22:08.0953 0x0d50  PCI - ok
19:22:08.0968 0x0d50  PCIDump - ok
19:22:09.0250 0x0d50  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:22:09.0250 0x0d50  PCIIde - ok
19:22:09.0921 0x0d50  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:22:10.0359 0x0d50  Pcmcia - ok
19:22:10.0359 0x0d50  PDCOMP - ok
19:22:10.0359 0x0d50  PDFRAME - ok
19:22:10.0375 0x0d50  PDRELI - ok
19:22:10.0375 0x0d50  PDRFRAME - ok
19:22:10.0375 0x0d50  perc2 - ok
19:22:10.0375 0x0d50  perc2hib - ok
19:22:10.0531 0x0d50  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
19:22:10.0531 0x0d50  PlugPlay - ok
19:22:10.0625 0x0d50  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:22:10.0625 0x0d50  PolicyAgent - ok
19:22:10.0734 0x0d50  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:22:10.0734 0x0d50  PptpMiniport - ok
19:22:11.0234 0x0d50  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:22:11.0234 0x0d50  ProtectedStorage - ok
19:22:11.0812 0x0d50  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:22:11.0812 0x0d50  PSched - ok
19:22:12.0687 0x0d50  [ 68B57D7C11277EA89F78255480376B4D, 5530B58126BF33E6BCDED99C73C41B90BA148587BDA3866FD4DAD12035B302B5 ] PSI             C:\WINDOWS\system32\DRIVERS\psi_mf_x86.sys
19:22:12.0687 0x0d50  PSI - ok
19:22:13.0390 0x0d50  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:22:13.0390 0x0d50  Ptilink - ok
19:22:13.0406 0x0d50  ql1080 - ok
19:22:13.0406 0x0d50  Ql10wnt - ok
19:22:13.0406 0x0d50  ql12160 - ok
19:22:13.0406 0x0d50  ql1240 - ok
19:22:13.0406 0x0d50  ql1280 - ok
19:22:13.0500 0x0d50  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:22:13.0500 0x0d50  RasAcd - ok
19:22:13.0703 0x0d50  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:22:13.0937 0x0d50  RasAuto - ok
19:22:14.0031 0x0d50  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:22:14.0031 0x0d50  Rasl2tp - ok
19:22:14.0421 0x0d50  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:22:16.0515 0x0d50  RasMan - ok
19:22:16.0671 0x0d50  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:22:16.0937 0x0d50  RasPppoe - ok
19:22:17.0031 0x0d50  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:22:17.0031 0x0d50  Raspti - ok
19:22:17.0312 0x0d50  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:22:17.0312 0x0d50  Rdbss - ok
19:22:17.0484 0x0d50  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:22:17.0484 0x0d50  Rdbss - ok
19:22:17.0562 0x0d50  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:22:17.0578 0x0d50  RDPCDD - ok
19:22:20.0265 0x0d50  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:22:20.0593 0x0d50  rdpdr - ok
19:22:21.0578 0x0d50  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:22:21.0625 0x0d50  RDPWD - ok
19:22:25.0546 0x0d50  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:22:25.0546 0x0d50  RDSessMgr - ok
19:22:25.0656 0x0d50  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:22:25.0656 0x0d50  redbook - ok
19:22:25.0828 0x0d50  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:22:26.0281 0x0d50  RemoteAccess - ok
19:22:26.0812 0x0d50  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:22:26.0921 0x0d50  RemoteRegistry - ok
19:22:27.0140 0x0d50  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:22:27.0140 0x0d50  RpcLocator - ok
19:22:28.0734 0x0d50  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
19:22:28.0750 0x0d50  RpcSs - ok
19:22:31.0156 0x0d50  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:22:31.0156 0x0d50  RSVP - ok
19:22:31.0296 0x0d50  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:22:31.0296 0x0d50  SamSs - ok
19:22:31.0468 0x0d50  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:22:31.0484 0x0d50  SCardSvr - ok
19:22:31.0937 0x0d50  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:22:32.0328 0x0d50  Schedule - ok
19:22:34.0609 0x0d50  [ 95AA9E165C7DE1B64A11E8B18E91E499, 505BB51F358EAE5835071A89069530DFDA99E9C5220EA6A648842C15E74E4907 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
19:22:34.0640 0x0d50  SDScannerService - ok
19:22:35.0812 0x0d50  [ D31398D4BB4907B517B6E784C2100C4A, 36BDB2BFAC2C0ADF8C6DF6D1511ECF43C8F6ED7D4D76244DC5232AD97BA5E9C9 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:22:35.0828 0x0d50  SDUpdateService - ok
19:22:36.0843 0x0d50  [ 6AE8E702D1027A9627DDE2B77BB9992B, 5EA68E2A487D252A68DB0861E7FAFA69956D266CBAA5A1D77751F7E6BD4169B7 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:22:36.0843 0x0d50  SDWSCService - ok
19:22:37.0250 0x0d50  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:22:37.0250 0x0d50  Secdrv - ok
19:22:37.0781 0x0d50  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:22:37.0781 0x0d50  seclogon - ok
19:22:42.0843 0x0d50  [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
19:22:42.0875 0x0d50  Secunia PSI Agent - ok
19:22:44.0250 0x0d50  [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
19:22:44.0265 0x0d50  Secunia Update Agent - ok
19:22:44.0359 0x0d50  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
19:22:44.0359 0x0d50  SENS - ok
19:22:44.0453 0x0d50  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
19:22:44.0453 0x0d50  serenum - ok
19:22:44.0562 0x0d50  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
19:22:44.0562 0x0d50  Serial - ok
19:22:44.0781 0x0d50  [ B6401608579B6431994425BA7653F774, 5C787A415A50BFBA84E8823EE135520C195356868FB6AAFDBCAE0D3C1F552164 ] SFAUDIO         C:\WINDOWS\system32\drivers\sfaudio.sys
19:22:44.0781 0x0d50  SFAUDIO - ok
19:22:45.0046 0x0d50  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:22:45.0109 0x0d50  Sfloppy - ok
19:22:45.0421 0x0d50  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:22:45.0593 0x0d50  SharedAccess - ok
19:22:45.0750 0x0d50  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:22:45.0750 0x0d50  ShellHWDetection - ok
19:22:45.0750 0x0d50  Simbad - ok
19:22:45.0750 0x0d50  Sparrow - ok
19:22:45.0890 0x0d50  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:22:45.0890 0x0d50  splitter - ok
19:22:46.0062 0x0d50  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:22:46.0078 0x0d50  Spooler - ok
19:22:46.0406 0x0d50  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:22:46.0406 0x0d50  sr - ok
19:22:46.0734 0x0d50  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:22:48.0468 0x0d50  srservice - ok
19:22:49.0031 0x0d50  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:22:49.0671 0x0d50  Srv - ok
19:22:49.0875 0x0d50  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:22:49.0890 0x0d50  SSDPSRV - ok
19:22:50.0125 0x0d50  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:22:50.0125 0x0d50  ssmdrv - ok
19:22:50.0500 0x0d50  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:22:51.0109 0x0d50  stisvc - ok
19:22:51.0203 0x0d50  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:22:51.0203 0x0d50  swenum - ok
19:22:51.0312 0x0d50  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:22:51.0312 0x0d50  swmidi - ok
19:22:51.0312 0x0d50  SwPrv - ok
19:22:51.0312 0x0d50  symc810 - ok
19:22:51.0312 0x0d50  symc8xx - ok
19:22:51.0312 0x0d50  sym_hi - ok
19:22:51.0312 0x0d50  sym_u3 - ok
19:22:51.0375 0x0d50  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:22:51.0375 0x0d50  sysaudio - ok
19:22:51.0546 0x0d50  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:22:51.0546 0x0d50  SysmonLog - ok
19:22:52.0265 0x0d50  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:22:52.0328 0x0d50  TapiSrv - ok
19:22:52.0593 0x0d50  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:22:52.0812 0x0d50  Tcpip - ok
19:22:52.0968 0x0d50  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:22:53.0125 0x0d50  TDPIPE - ok
19:22:53.0312 0x0d50  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:22:53.0421 0x0d50  TDTCP - ok
19:22:53.0625 0x0d50  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:22:53.0625 0x0d50  TermDD - ok
19:22:53.0984 0x0d50  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:22:54.0000 0x0d50  TermService - ok
19:22:54.0156 0x0d50  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:22:54.0156 0x0d50  Themes - ok
19:22:54.0359 0x0d50  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
19:22:54.0359 0x0d50  TlntSvr - ok
19:22:54.0359 0x0d50  TosIde - ok
19:22:54.0468 0x0d50  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:22:55.0218 0x0d50  TrkWks - ok
19:22:55.0640 0x0d50  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:22:55.0812 0x0d50  Udfs - ok
19:22:55.0812 0x0d50  ultra - ok
19:22:56.0234 0x0d50  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:22:56.0750 0x0d50  Update - ok
19:22:57.0093 0x0d50  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:22:57.0515 0x0d50  upnphost - ok
19:22:57.0609 0x0d50  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
19:22:57.0609 0x0d50  UPS - ok
19:22:57.0812 0x0d50  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:22:57.0812 0x0d50  usbccgp - ok
19:22:58.0015 0x0d50  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:22:58.0015 0x0d50  usbehci - ok
19:23:01.0906 0x0d50  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:23:01.0906 0x0d50  usbhub - ok
19:23:02.0062 0x0d50  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:23:02.0062 0x0d50  usbprint - ok
19:23:02.0328 0x0d50  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:23:02.0328 0x0d50  usbscan - ok
19:23:02.0515 0x0d50  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:23:02.0515 0x0d50  USBSTOR - ok
19:23:02.0703 0x0d50  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:23:02.0703 0x0d50  usbuhci - ok
19:23:02.0796 0x0d50  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:23:02.0796 0x0d50  VgaSave - ok
19:23:02.0796 0x0d50  ViaIde - ok
19:23:03.0000 0x0d50  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:23:03.0000 0x0d50  VolSnap - ok
19:23:03.0359 0x0d50  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
19:23:03.0484 0x0d50  VSS - ok
19:23:04.0031 0x0d50  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
19:23:04.0906 0x0d50  W32Time - ok
19:23:09.0703 0x0d50  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:23:09.0703 0x0d50  Wanarp - ok
19:23:09.0703 0x0d50  WDICA - ok
19:23:09.0812 0x0d50  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:23:09.0812 0x0d50  wdmaud - ok
19:23:09.0906 0x0d50  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:23:10.0078 0x0d50  WebClient - ok
19:23:12.0296 0x0d50  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:23:14.0906 0x0d50  winmgmt - ok
19:23:35.0843 0x0d50  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:23:36.0546 0x0d50  WmdmPmSN - ok
19:24:21.0062 0x0d50  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:24:21.0578 0x0d50  Wmi - ok
19:24:36.0562 0x0d50  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:24:36.0562 0x0d50  WmiAcpi - ok
19:24:37.0812 0x0d50  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:24:37.0812 0x0d50  WmiApSrv - ok
19:25:04.0531 0x0d50  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
19:25:06.0750 0x0d50  WMPNetworkSvc - ok



#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:59 PM

Posted 20 March 2014 - 10:34 PM

Hello again,

 

Sorry for the delay...I haven't forgotten about you. :wink:

 

My time is severely limited at the moment, but I should be back tomorrow with a full reply. Again, my apologies!

 

bloopie



#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:59 PM

Posted 21 March 2014 - 05:30 PM

Hello again,
 
Those logs are looking pretty good as well. Do you normally use a proxy, and if so, could you tell me what the settings were?

Please run this tool for me next:

Download RogueKiller from one of the following links and save it to your desktop:
  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)
      • The highest number of [X], is the most recent Scan
bloopie

#10 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 21 March 2014 - 10:18 PM

No never had run a proxy I had to reset that feature when it had changed it

#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:59 PM

Posted 22 March 2014 - 03:56 PM

Hello again,

 

No never had run a proxy I had to reset that feature when it had changed it

Sorry, I don't really understand what you mean there, could you elaborate a bit please?

 

Also, please run RogueKiller as requested in my previous post. :wink:

 

bloopie



#12 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 22 March 2014 - 08:09 PM

Sure. When this first starrted the machine had slowed to almost a crawl, and would not open browser saying internet proxy could not be found inthink. So I went to connections for internet and changed from the proxy setting to automatic i believe it said. I then ran Rkill amd it showed the grusskarten entry that it terminated
Adwcleaner showed this also if I remember correctly

#13 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 22 March 2014 - 08:16 PM

Adwcleaner showed this rather if I remember correctly. Im sorry, i thought you had asked me if we ran a proxy earlier. There does not seem to be an exclamation mark for the mouse though

#14 stonemanjr

stonemanjr
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 23 March 2014 - 12:04 PM

RogueKiller V8.8.12 [Mar 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : owner [Admin rights]
Mode : Scan -- Date : 03/23/2014 12:58:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x805BC564 -> HOOKED (Unknown @ 0xBA7159DC)
[Address] SSDT[41] : NtCreateKey @ 0x8062426A -> HOOKED (Unknown @ 0xBA715996)
[Address] SSDT[50] : NtCreateSection @ 0x805AB3FC -> HOOKED (Unknown @ 0xBA7159E6)
[Address] SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0xBA71598C)
[Address] SSDT[63] : NtDeleteKey @ 0x80624706 -> HOOKED (Unknown @ 0xBA71599B)
[Address] SSDT[65] : NtDeleteValueKey @ 0x806248D6 -> HOOKED (Unknown @ 0xBA7159A5)
[Address] SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0xBA7159D7)
[Address] SSDT[98] : NtLoadKey @ 0x8062648E -> HOOKED (Unknown @ 0xBA7159AA)
[Address] SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0xBA715978)
[Address] SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0xBA71597D)
[Address] SSDT[177] : NtQueryValueKey @ 0x8062248E -> HOOKED (Unknown @ 0xBA7159FF)
[Address] SSDT[193] : NtReplaceKey @ 0x8062633E -> HOOKED (Unknown @ 0xBA7159B4)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x805A2DAA -> HOOKED (Unknown @ 0xBA7159F0)
[Address] SSDT[204] : NtRestoreKey @ 0x80625C4A -> HOOKED (Unknown @ 0xBA7159AF)
[Address] SSDT[213] : NtSetContextThread @ 0x805D2C4A -> HOOKED (Unknown @ 0xBA7159EB)
[Address] SSDT[237] : NtSetSecurityObject @ 0x805C0662 -> HOOKED (Unknown @ 0xBA7159F5)
[Address] SSDT[247] : NtSetValueKey @ 0x806227DC -> HOOKED (Unknown @ 0xBA7159A0)
[Address] SSDT[255] : NtSystemDebugControl @ 0x8061823E -> HOOKED (Unknown @ 0xBA7159FA)
[Address] SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0xBA715987)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xBA715A0E)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xBA715A13)
[Inline] EAT @explorer.exe (@Mscorlib_tlb@CLASS_MethodAccessException) : Jcl150.bpl -> HOOKED (Unknown @ 0xF0E61B55)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3250318AS +++++
--- User ---
[MBR] cff575e4f2cd7d92206482ea4845fae8
[BSP] 906bbbb315efd472e527d60fb17e9265 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 MB3.....|.P.P....|...PW...........
8n.|.u.............It.8,t.........<.t...........N..F.s*.F..~..t..~..t....u..F...F...V...!.s.......>.}U.t..~..t.........W.......V.....r#..$?.....C..........B..9V.w#r.9F.s......
|.N..V...sQOtN2..V......V.`..U.A..r6..U.u0...t+a`j.j..v..v.j.h.|j.j..B....aas.Ot.2..V.....a..Invalid partition table.Error loading operating system.Missing operating system
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03232014_125841.txt >>



#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:59 PM

Posted 23 March 2014 - 04:20 PM

Hello again,
 
Thanks for the information! :)
 
Is the machine still running slowly (at a crawl's pace) now as well?
 
Please now run Combofix. Instructions again are below:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.

  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

==========

In addition to the Combofix Log, please let me know of any changes to the machine's performance after running the tool! Everything still okay??

bloopie






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users