Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removal of Syshost.exe trojan


  • This topic is locked This topic is locked
24 replies to this topic

#1 DDE12

DDE12

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 28 June 2014 - 11:55 AM

I believe my laptop is infected with the Syshost.exe trojan.  I discovered it when Comodo Firewall prevented it from connecting to the internet.  I would greatly appreciate assistance in removing it from my laptop.  I attempted to run dds.com several times but it stops after about 75% completion and then my laptop freezes, requiring a hard reset.  Please let me know what can be done to get dds.com to finish it's scan.  Thank you in advance for your advice.


Edited by DDE12, 28 June 2014 - 10:20 PM.


BC AdBot (Login to Remove)

 


m

#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 29 June 2014 - 09:25 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 DDE12

DDE12
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 30 June 2014 - 10:16 AM

Thank you for your help.  Just as FRST started to scan, Avira finally recognized Syshost.exe and denied access to it.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by User (administrator) on LAPTOP on 30-06-2014 11:04:14
Running from C:\Documents and Settings\User\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(COMODO) C:\Program Files\COMODO\Unite\EzVpnSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Roxio) C:\Program Files\Easy CD Creator\DragToDisc\DrgToDsc.exe
() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
() C:\WINDOWS\system32\TaskSwitch.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot SD\SDTray.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
() C:\Program Files\Launchy\Launchy.exe
(Glenn Delahoy) C:\Program Files\Calendar\Calendar.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot SD\SDUpdSvc.exe
() C:\WINDOWS\Installer\{1E3568DB-1D7F-210D-2B29-A2100AF8DC5F}\syshost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [176128 2005-10-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RoxioEngineUtility] => C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [69632 2003-02-27] (Roxio)
HKLM\...\Run: [RoxioDragToDisc] => C:\Program Files\Easy CD Creator\DragToDisc\DrgToDsc.exe [757760 2003-02-27] (Roxio)
HKLM\...\Run: [LogitechCommunicationsManager] => C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [563984 2007-10-25] ()
HKLM\...\Run: [CoolSwitch] => C:\WINDOWS\system32\taskswitch.exe [45632 2002-03-19] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1312848 2010-01-27] (Logitech, Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-07] (COMODO)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel® Corporation)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-06] (ATI Technologies, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot SD\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
AppInit_DLLs: C:\WINDOWS\system32\guard32.dll => C:\WINDOWS\system32\guard32.dll [301264 2012-11-07] (COMODO)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> C:\Program Files\Launchy\Launchy.exe ()
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Calendar.lnk
ShortcutTarget: Calendar.lnk -> C:\Program Files\Calendar\Calendar.exe (Glenn Delahoy)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

ProxyServer: 128.8.126.111:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
SearchScopes: HKCU - {88BA080D-DF1A-45D2-8CE2-8461E30FBFFE} URL = http://search.netzero.net/search?action=search&source=browserboxapp_isp&query={searchTerms}
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: NetZero Toolbar Helper - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files\NetZero\ucreg.dll (NetZero, Inc.)
Toolbar: HKLM - ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {4F07DA45-8170-4859-9B5F-037EF2970034} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CB1A17A4-E740-4B29-806C-7D5EDB76B21A}: [NameServer]8.26.56.26,156.154.70.22

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.gopher", ""
FF NetworkProxy: "backup.gopher_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "137.99.11.87"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "137.99.11.87"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "137.99.11.87"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "137.99.11.87"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "137.99.11.87"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @comodo.com/EasyvpnLvn - C:\Program Files\COMODO\Unite\npEasyVpnLVN.dll (COMODO)
FF Plugin: @comodo.com/EasyvpnRdp - C:\Program Files\COMODO\Unite\NpRdpView.dll ( )
FF Plugin: @comodo.com/EasyvpnVnc - C:\Program Files\COMODO\Unite\NpVncView.dll ( )
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\WINDOWS\system32\TVUAx\npTVUAx.dll No File
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 - C:\Program Files\Veetle\plugins\npVeetle.dll No File
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files\Veetle\Player\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\searchplugins\celebrity-movie-archive.undefined-lotr.undefined
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\searchplugins\celebrity-movie-archive.undefined-nbdo.undefined
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\searchplugins\celebrity-movie-archive.undefined.undefined
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\searchplugins\celebrity-movie-archive.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\searchplugins\primewire-movies.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\searchplugins\primewire-tv.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\searchplugins\rotten-tomatoes.undefined.undefined
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\searchplugins\rotten-tomatoes.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\searchplugins\xda-developers.xml
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\searchplugins\youtube.xml
FF Extension: United States English Spellchecker - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-29]
FF Extension: OptimizeGoogle - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\Extensions\optimizegoogle@optimizegoogle.com [2011-11-12]
FF Extension: Forecastfox - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-09]
FF Extension: All-in-One Gestures - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2013-05-27]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-06-22]
FF Extension: Add to Search Bar - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2013-11-03]
FF Extension: Enter Selects - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\Extensions\enter.selects@agadak.net.xpi [2012-03-29]
FF Extension: FindBar Tweak - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\Extensions\fbt@quicksaver.xpi [2013-11-04]
FF Extension: Toggle Find Bar - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\Extensions\togglefindbar@ashphy.com.xpi [2014-05-11]
FF Extension: Second Search - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\Extensions\{0AE5CAA4-8BAB-11DB-AF59-ED4B56D89593}.xpi [2012-03-12]
FF Extension: Web Developer - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-15]
FF Extension: Adblock Plus - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-30]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-11]

Chrome:
=======
CHR HomePage: hxxp://us.yahoo.com?fr=fpc-comodo
CHR RestoreOnStartup: "hxxp://us.yahoo.com?fr=fpc-comodo"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\pdf.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (Turner Media Plugin 1.0.0.10) - C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\User\Application Data\Move Networks\plugins\npqmp071701000008.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Picasa) - C:\Program Files\Picasa\npPicasa3.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File
CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\WINDOWS\system32\TVUAx\npTVUAx.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Adblock Plus (Beta)) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-01-20]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-09-24]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295 2006-05-24] (Broadcom Corporation.) [File not signed]
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-07] (COMODO)
R2 EzVpnSvc; C:\Program Files\COMODO\Unite\EzVpnSvc.exe [360752 2011-08-22] (COMODO)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2010-08-20] () [File not signed]
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-05-14] (Sonic Solutions)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel® Corporation) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot SD\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot SD\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot SD\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files\Secunia PSI\PSIA.exe [993848 2011-01-10] (Secunia)
R2 syshost32; C:\WINDOWS\Installer\{1E3568DB-1D7F-210D-2B29-A2100AF8DC5F}\syshost.exe [101376 2014-06-28] () [File not signed]
R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel® Corporation) [File not signed]
S3 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.) [File not signed]
S2 SessionLauncher; C:\DOCUME~1\User\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [23936 1997-12-22] (Adaptec) [File not signed]
R3 ATP; C:\WINDOWS\System32\DRIVERS\cmdatp.sys [17816 2011-04-14] (Comodo, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2007-03-16] (Broadcom Corporation)
S3 brfilt; C:\WINDOWS\System32\Drivers\Brfilt.sys [2944 2001-08-17] (Brother Industries Ltd.)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [328237 2006-05-24] (Broadcom Corporation.) [File not signed]
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30427 2006-05-24] (Broadcom Corporation.) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [851434 2006-05-24] (Broadcom Corporation.) [File not signed]
R2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [23271 2006-05-24] (Broadcom Corporation.) [File not signed]
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [148900 2006-05-24] (Broadcom Corporation.) [File not signed]
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [45683 2006-05-24] (Broadcom Corporation.) [File not signed]
R3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [30285 2006-05-24] (Broadcom Corporation.) [File not signed]
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [66488 2006-05-24] (Broadcom Corporation.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [9072 2008-03-12] (Sonic Solutions)
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [9200 2008-03-12] (Sonic Solutions)
R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [249344 2003-02-27] (Roxio) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [497952 2012-11-07] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [32640 2012-11-07] (COMODO)
S3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [21654 2003-02-27] (Roxio) [File not signed]
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [8704 2009-02-23] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [3072 2009-02-23] () [File not signed]
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2008-12-17] (Logitech Inc.)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2006-04-06] (Texas Instruments)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [99080 2012-11-07] (COMODO)
S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28560 2009-11-10] (Logitech, Inc.)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25624 2008-12-16] ()
S3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41752 2008-12-17] (Logitech Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-28] (Malwarebytes Corporation)
S3 memcard; C:\WINDOWS\System32\DRIVERS\memcard.sys [8320 2001-08-17] (Microsoft Corporation)
S3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2008-04-13] (Microsoft Corporation)
R3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [22758 2003-02-27] (Roxio) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R1 pwd_2k; C:\WINDOWS\system32\Drivers\pwd_2k.sys [118422 2003-02-27] (Roxio) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-04-01] (Avira GmbH)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
S3 SUSTUCAM; C:\WINDOWS\System32\DRIVERS\sustucam.sys [38016 2006-04-12] (Susteen, Inc.) [File not signed]
S3 SUSTUCAP; C:\WINDOWS\System32\DRIVERS\sustucap.sys [38016 2006-04-12] (Susteen, Inc.) [File not signed]
S3 SUSTUCAU; C:\WINDOWS\System32\DRIVERS\sustucau.sys [20096 2006-04-12] (Susteen, Inc.) [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26112 2010-08-20] (The OpenVPN Project) [File not signed]
R1 UdfReadr_xp; C:\WINDOWS\system32\Drivers\UdfReadr_xp.sys [206464 2003-02-27] (Roxio) [File not signed]
S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\17.tmp [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\drivers\UIUSys.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-30 11:04 - 2014-06-30 11:07 - 00031701 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-06-30 11:03 - 2014-06-30 11:05 - 00000000 ____D () C:\FRST
2014-06-30 11:02 - 2014-06-30 11:02 - 01073664 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-06-29 08:52 - 2014-06-29 08:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
2014-06-29 08:51 - 2014-06-29 08:58 - 00000000 ____D () C:\Program Files\Recuva
2014-06-29 08:37 - 2014-06-29 08:39 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Wexford stuff
2014-06-28 12:09 - 2014-06-28 12:10 - 00688992 ____R (Swearware) C:\Documents and Settings\User\Desktop\dds.com
2014-06-28 10:55 - 2014-06-28 10:55 - 00000000 ____D () C:\Documents and Settings\User\My Documents\ProcAlyzer Dumps
2014-06-28 10:42 - 2014-06-28 10:42 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-28 10:33 - 2014-06-28 10:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-06-28 10:33 - 2014-06-28 10:33 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-06-28 10:33 - 2014-06-28 10:33 - 00001680 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-28 10:33 - 2014-06-28 10:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-28 10:33 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-06-28 10:32 - 2014-06-28 10:42 - 00000000 ____D () C:\Program Files\Spybot SD
2014-06-28 10:09 - 2014-06-28 10:09 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Autoruns
2014-06-28 09:51 - 2014-06-28 09:51 - 00000073 _____ () C:\Documents and Settings\User\Application Data\mbam.context.scan
2014-06-28 09:42 - 2014-06-28 09:53 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 09:39 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-28 09:39 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-19 20:35 - 2014-06-19 20:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-10 21:04 - 2014-06-15 10:37 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-08 16:21 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-08 16:21 - 2014-05-07 14:42 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-06-08 16:20 - 2014-06-08 16:20 - 00004458 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-08 16:20 - 2014-06-08 16:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-08 16:20 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-08 16:20 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-08 16:20 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

==================== One Month Modified Files and Folders =======

2014-06-30 11:07 - 2014-06-30 11:04 - 00031701 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-06-30 11:07 - 2009-03-12 15:11 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Temp
2014-06-30 11:05 - 2014-06-30 11:03 - 00000000 ____D () C:\FRST
2014-06-30 11:02 - 2014-06-30 11:02 - 01073664 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-06-30 07:35 - 2014-05-19 08:02 - 00032025 _____ () C:\WINDOWS\setupapi.log
2014-06-29 10:39 - 2014-05-26 18:50 - 00008192 _____ () C:\WINDOWS\offitems.log
2014-06-29 08:58 - 2014-06-29 08:51 - 00000000 ____D () C:\Program Files\Recuva
2014-06-29 08:52 - 2014-06-29 08:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
2014-06-29 08:39 - 2014-06-29 08:37 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Wexford stuff
2014-06-28 20:43 - 2009-02-27 01:31 - 01300480 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-28 20:43 - 2004-08-04 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-28 20:42 - 2009-02-26 20:26 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-28 20:42 - 2009-02-26 20:26 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-28 20:40 - 2009-03-13 10:44 - 00000000 __SHD () C:\WINDOWS\CSC
2014-06-28 20:40 - 2009-02-27 01:37 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-28 12:18 - 2012-05-03 10:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-28 12:18 - 2011-03-29 13:28 - 00000000 ____D () C:\Program Files\MBAM
2014-06-28 12:10 - 2014-06-28 12:09 - 00688992 ____R (Swearware) C:\Documents and Settings\User\Desktop\dds.com
2014-06-28 11:34 - 2009-04-23 12:12 - 00000000 ____D () C:\Program Files\HijackThis
2014-06-28 10:55 - 2014-06-28 10:55 - 00000000 ____D () C:\Documents and Settings\User\My Documents\ProcAlyzer Dumps
2014-06-28 10:55 - 2009-02-26 20:21 - 00000245 ___SH () C:\boot.ini
2014-06-28 10:52 - 2014-06-28 10:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-06-28 10:42 - 2014-06-28 10:42 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-06-28 10:42 - 2014-06-28 10:32 - 00000000 ____D () C:\Program Files\Spybot SD
2014-06-28 10:33 - 2014-06-28 10:33 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-06-28 10:33 - 2014-06-28 10:33 - 00001680 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-28 10:33 - 2014-06-28 10:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-28 10:09 - 2014-06-28 10:09 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Autoruns
2014-06-28 09:53 - 2014-06-28 09:42 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 09:51 - 2014-06-28 09:51 - 00000073 _____ () C:\Documents and Settings\User\Application Data\mbam.context.scan
2014-06-28 09:40 - 2009-03-12 14:45 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Malwarebytes
2014-06-28 09:39 - 2009-03-11 11:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-26 20:35 - 2011-01-16 12:10 - 00000240 _____ () C:\WINDOWS\Tasks\Low Battery Alarm Program.job
2014-06-24 06:22 - 2013-04-01 20:50 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-06-19 20:36 - 2014-06-19 20:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-16 19:31 - 2013-01-24 23:23 - 00000266 _____ () C:\WINDOWS\Tasks\Erunt.job
2014-06-15 10:37 - 2014-06-10 21:04 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-08 16:21 - 2009-02-27 00:56 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-08 16:20 - 2014-06-08 16:20 - 00004458 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-08 16:20 - 2014-06-08 16:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-08 16:20 - 2009-02-27 00:56 - 00000000 ____D () C:\Program Files\Java
2014-06-08 16:11 - 2010-02-12 01:45 - 00000266 _____ () C:\WINDOWS\Tasks\Java Update.job
2014-06-03 08:55 - 2013-04-01 20:50 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys

Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-7u60-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\sfamcc00001.dll


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 30 June 2014 - 12:23 PM

You have several browser settings related to proxy servers.  Did you set those intentionally?  Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

() C:\WINDOWS\Installer\{1E3568DB-1D7F-210D-2B29-A2100AF8DC5F}\syshost.exe
HKLM\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
R2 syshost32; C:\WINDOWS\Installer\{1E3568DB-1D7F-210D-2B29-A2100AF8DC5F}\syshost.exe [101376 2014-06-28] () [File not signed]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 DDE12

DDE12
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 30 June 2014 - 07:53 PM

I did not intentionally set the proxy servers.  Firefox is set to "Use system proxy settings" which is not something I ever set one way or the other.  Do you think it best to remove them (set to "No proxy")?  Also, Avira said that it quarantined Syshost.  Please let me know if that has interfered with our process.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by User at 2014-06-30 20:34:13 Run:1
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
() C:\WINDOWS\Installer\{1E3568DB-1D7F-210D-2B29-A2100AF8DC5F}\syshost.exe
HKLM\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
R2 syshost32; C:\WINDOWS\Installer\{1E3568DB-1D7F-210D-2B29-A2100AF8DC5F}\syshost.exe [101376 2014-06-28] () [File not signed]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
*****************

C:\WINDOWS\Installer\{1E3568DB-1D7F-210D-2B29-A2100AF8DC5F}\syshost.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
syshost32 => Service not found.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":84098FD3" ADS removed successfully.

==== End of Fixlog ====



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 30 June 2014 - 10:46 PM

Avira removing that threat did not interfere with anything.  Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.gopher", ""
FF NetworkProxy: "backup.gopher_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "137.99.11.87"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "137.99.11.87"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "137.99.11.87"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "137.99.11.87"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "137.99.11.87"
FF NetworkProxy: "ssl_port", 3128
ProxyServer: 128.8.126.111:3128
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

icon11.gif  Download ComboFix from the link below:
Link 1

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

  • Once the Microsoft Windows Recovery Console is installed click on Yes[/b], to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please include the following in your next post:
  • fixlog.txt Report
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 DDE12

DDE12
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 01 July 2014 - 05:42 PM

ComboFix started downloaded and installed Windows Recovery, made a restore point, and then the computer froze on the screen that said it usually doesn't take longer than 10 minutes...  I allowed it to sit for 20 mintues before a hard reset.  I did not attempt to run ComboFix second time.  Please advise on the next step.  Thank you.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by User at 2014-07-01 17:40:10 Run:2
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.gopher", ""
FF NetworkProxy: "backup.gopher_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "137.99.11.87"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "137.99.11.87"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "137.99.11.87"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "137.99.11.87"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "137.99.11.87"
FF NetworkProxy: "ssl_port", 3128
ProxyServer: 128.8.126.111:3128
*****************

Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.

==== End of Fixlog ====



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 02 July 2014 - 10:18 AM

Please try running ComboFix again, this time from the Safe Mode


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 DDE12

DDE12
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 03 July 2014 - 08:26 PM

I ran ComboFix in Safe Mode and it gave me the message that Avira was running and to disable before clicking okay.  I opened Task Manager and there were no Avira processes running.  I opened Avira Conrol Center and it siad that real time scanning was disabled.  I closed Avira Control Center and clicked okay in the ComboFix window.  It gave me the message again saying that it would run but would be risky.  I let ComboFix run (scanning phase) for 25 minutes and then tried to open Notepad and could not.  I tried to close ComboFix via Task Manager and could not.  I don't know if ComboFix is actually running or is hanging.  What are your thoughts to try next?  Thank you.



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 05 July 2014 - 08:50 AM

My apologies for the delay.  Let's abandon ComboFix for now.  Please reboot, then do this:

icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 DDE12

DDE12
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 07 July 2014 - 08:48 AM

TDSSKiller did not find any threats or save a log so I copied and pasted the report.  Thank you.

 

09:34:02.0843 0x0f54  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
09:34:21.0093 0x0f54  

============================================================
09:34:21.0093 0x0f54  Current date / time: 2014/07/07 09:34:21.0093
09:34:21.0093 0x0f54  SystemInfo:
09:34:21.0093 0x0f54  
09:34:21.0093 0x0f54  OS Version: 5.1.2600 ServicePack: 3.0
09:34:21.0109 0x0f54  Product type: Workstation
09:34:21.0109 0x0f54  ComputerName: LAPTOP
09:34:21.0109 0x0f54  UserName: User
09:34:21.0109 0x0f54  Windows directory: C:\WINDOWS
09:34:21.0109 0x0f54  System windows directory: C:\WINDOWS
09:34:21.0109 0x0f54  Processor architecture: Intel x86
09:34:21.0109 0x0f54  Number of processors: 1
09:34:21.0140 0x0f54  Page size: 0x1000
09:34:21.0140 0x0f54  Boot type: Normal boot
09:34:21.0140 0x0f54  

============================================================
09:34:25.0390 0x0f54  KLMD registered as C:\WINDOWS\system32\drivers\23798731.sys
09:34:25.0937 0x0f54  System UUID: {A85EDC8D-ADF9-4D7C-1978-CC741EF8D2CA}
09:34:28.0218 0x0f54  Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 ( 37.26 Gb ), SectorSize:

0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags

0x00000054
09:34:28.0218 0x0f54  

============================================================
09:34:28.0218 0x0f54  \Device\Harddisk0\DR0:
09:34:28.0218 0x0f54  MBR partitions:
09:34:28.0218 0x0f54  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F,

BlocksNum 0x4285D37
09:34:28.0281 0x0f54  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4285DB5,

BlocksNum 0x7FF54B
09:34:28.0281 0x0f54  

============================================================
09:34:28.0453 0x0f54  D: <-> \Device\Harddisk0\DR0\Partition2
09:34:28.0515 0x0f54  C: <-> \Device\Harddisk0\DR0\Partition1
09:34:28.0515 0x0f54  

============================================================
09:34:28.0515 0x0f54  Initialize success
09:34:28.0515 0x0f54  

============================================================
09:34:52.0296 0x1f8c  

============================================================
09:34:52.0296 0x1f8c  Scan started
09:34:52.0296 0x1f8c  Mode: Manual; TDLFS;
09:34:52.0296 0x1f8c  

============================================================
09:34:52.0296 0x1f8c  KSN ping started
09:35:05.0750 0x1f8c  KSN ping finished: true
09:35:06.0703 0x1f8c  ================ Scan system memory ========================
09:35:10.0500 0x1f8c  System memory - ok
09:35:10.0500 0x1f8c  ================ Scan services =============================
09:35:10.0593 0x1f8c  Abiosdsk - ok
09:35:10.0609 0x1f8c  abp480n5 - ok
09:35:10.0625 0x1f8c  [ 8FD99680A539792A30E97944FDAECF17,

594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI      

      C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:35:10.0640 0x1f8c  ACPI - ok
09:35:10.0781 0x1f8c  [ 9859C0F6936E723E4892D7141B1327D5,

5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ]

ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
09:35:10.0796 0x1f8c  ACPIEC - ok
09:35:10.0796 0x1f8c  adpu160m - ok
09:35:10.0843 0x1f8c  [ 8BED39E3C35D6A489438B8141717A557,

1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             

C:\WINDOWS\system32\drivers\aec.sys
09:35:10.0859 0x1f8c  aec - ok
09:35:10.0921 0x1f8c  [ 1E44BC1E83D8FD2305F8D452DB109CF9,

CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD       

      C:\WINDOWS\System32\drivers\afd.sys
09:35:10.0937 0x1f8c  AFD - ok
09:35:10.0953 0x1f8c  Aha154x - ok
09:35:10.0953 0x1f8c  aic78u2 - ok
09:35:10.0968 0x1f8c  aic78xx - ok
09:35:11.0015 0x1f8c  [ A9A3DAA780CA6C9671A19D52456705B4,

67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter    

     C:\WINDOWS\system32\alrsvc.dll
09:35:11.0015 0x1f8c  Alerter - ok
09:35:11.0046 0x1f8c  [ 8C515081584A38AA007909CD02020B3D,

A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG    

         C:\WINDOWS\System32\alg.exe
09:35:11.0062 0x1f8c  ALG - ok
09:35:11.0078 0x1f8c  AliIde - ok
09:35:11.0078 0x1f8c  amsint - ok
09:35:11.0250 0x1f8c  [ 4C14746BCBF9985BDBF1CD1BEED96DF8,

8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ]

AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
09:35:11.0312 0x1f8c  AntiVirSchedulerService - ok
09:35:11.0375 0x1f8c  [ 4C14746BCBF9985BDBF1CD1BEED96DF8,

8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ]

AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
09:35:11.0437 0x1f8c  AntiVirService - ok
09:35:11.0484 0x1f8c  [ 090880E9BF20F928BC341F96D27C019E,

3544F2F8F006351B991994EBC1B0D56AEF55856790978E8CE6D4C8DD60E73F62 ]

ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
09:35:11.0500 0x1f8c  ApfiltrService - ok
09:35:11.0578 0x1f8c  [ D8849F77C0B66226335A59D26CB4EDC6,

4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt   

      C:\WINDOWS\System32\appmgmts.dll
09:35:11.0625 0x1f8c  AppMgmt - ok
09:35:11.0640 0x1f8c  asc - ok
09:35:11.0656 0x1f8c  asc3350p - ok
09:35:11.0656 0x1f8c  asc3550 - ok
09:35:11.0734 0x1f8c  [ 20D04091EBA710F6988F710507D85868,

487E125B0ECDB2F19D82B4DD6C91FE76F45DEE8D28324C64FDF0209EFD63DF2D ] Aspi32    

      C:\WINDOWS\system32\drivers\Aspi32.sys
09:35:11.0750 0x1f8c  Aspi32 - ok
09:35:11.0890 0x1f8c  [ 0E5E4957549056E2BF2C49F4F6B601AD,

F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ]

aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:35:11.0984 0x1f8c  aspnet_state - ok
09:35:12.0046 0x1f8c  [ B153AFFAC761E7F5FCFA822B9C4E97BC,

7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac  

      C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:35:12.0062 0x1f8c  AsyncMac - ok
09:35:12.0109 0x1f8c  [ 9F3A2F5AA6875C72BF062C712CFA2674,

B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           

C:\WINDOWS\system32\DRIVERS\atapi.sys
09:35:12.0125 0x1f8c  atapi - ok
09:35:12.0125 0x1f8c  Atdisk - ok
09:35:12.0218 0x1f8c  [ DFEA480EE09BDEB7F51244900170E173,

60B2D97DB6E806176D44A52707E7ED1E36C911B88FF36D0F43C24BD5DDE28CBD ] Ati

HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
09:35:12.0328 0x1f8c  Ati HotKey Poller - ok
09:35:12.0531 0x1f8c  [ 2A6C99CFDC23C9C26D0E30B1C99748D4,

ADA8FC9C0B308FC6175947AC716AC463B5A575D7F94720359BF7BBB4ED69F47F ] ati2mtag  

      C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:35:12.0750 0x1f8c  ati2mtag - ok
09:35:12.0812 0x1f8c  [ 9916C1225104BA14794209CFA8012159,

5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc   

      C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:35:12.0828 0x1f8c  Atmarpc - ok
09:35:12.0890 0x1f8c  [ A8ABF9CA3B8781A69CA5025BCDA42706,

E0511D3A916141E521A9B64C8B1EBE566F6634E8804873153270D06411EF3A38 ] ATP             

C:\WINDOWS\system32\DRIVERS\cmdatp.sys
09:35:12.0906 0x1f8c  ATP - ok
09:35:12.0968 0x1f8c  [ DEF7A7882BEC100FE0B2CE2549188F9D,

462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ]

AudioSrv        C:\WINDOWS\System32\audiosrv.dll
09:35:12.0984 0x1f8c  AudioSrv - ok
09:35:13.0031 0x1f8c  [ D9F724AA26C010A217C97606B160ED68,

329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub       

  C:\WINDOWS\system32\DRIVERS\audstub.sys
09:35:13.0031 0x1f8c  audstub - ok
09:35:13.0093 0x1f8c  [ B0A63DD71CB0CB597D8BD5C364E73F7C,

572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt       

 C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:35:13.0125 0x1f8c  avgntflt - ok
09:35:13.0171 0x1f8c  [ 05AF7CBF0BDA1571BBADC36703EB9CA4,

3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb      

    C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:35:13.0203 0x1f8c  avipbb - ok
09:35:13.0218 0x1f8c  [ D8C712305F73CD34D1B344810E522728,

49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr      

    C:\WINDOWS\system32\DRIVERS\avkmgr.sys
09:35:13.0234 0x1f8c  avkmgr - ok
09:35:13.0296 0x1f8c  [ 3A3A82FFD268BCFB7AE6A48CECF00AD9,

16F076B9816E28541C58FE9695EB883211C284AA025E9F49B19E7DD4E6BDA94D ] b57w2k      

    C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:35:13.0312 0x1f8c  b57w2k - ok
09:35:13.0421 0x1f8c  [ B89BCF0A25AEB3B47030AC83287F894A,

DEBA0B00D5E15D1F4AC014D3FD684115E48FE924DF0170F7F4273056DD854778 ]

BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
09:35:13.0562 0x1f8c  BCM43XX - ok
09:35:13.0640 0x1f8c  [ DA1F27D85E0D1525F6621372E7B685E9,

5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep    

        C:\WINDOWS\system32\drivers\Beep.sys
09:35:13.0656 0x1f8c  Beep - ok
09:35:13.0734 0x1f8c  [ 574738F61FCA2935F5265DC4E5691314,

3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS     

       C:\WINDOWS\system32\qmgr.dll
09:35:13.0890 0x1f8c  BITS - ok
09:35:13.0921 0x1f8c  [ 4BA311473E0D8557827E6F2FE33A8095,

5F4842802B6043119DD6C4D949559515B5FBD0B75A79FA56A8C4C70626050470 ] brfilt          

C:\WINDOWS\system32\Drivers\Brfilt.sys
09:35:13.0937 0x1f8c  brfilt - ok
09:35:13.0984 0x1f8c  [ CFD4E51402DA9838B5A04AE680AF54A0,

5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser      

   C:\WINDOWS\System32\browser.dll
09:35:13.0984 0x1f8c  Browser - ok
09:35:14.0031 0x1f8c  [ 37E2D0B12DDF536CD64AF6EB3B580EF8,

E100B68CA6815809BE96EECC449A0D641A5EBEA1F22A1A7E9880C28495717B49 ]

BrUsbMdm        C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
09:35:14.0031 0x1f8c  BrUsbMdm - ok
09:35:14.0109 0x1f8c  [ 8893AE0B6B9B60E0521A60E8B2160216,

993A9C0B76C1517DEBAFE6C312B22687691ED197B976E2FB4687260B0075405D ] btaudio        

 C:\WINDOWS\system32\drivers\btaudio.sys
09:35:14.0140 0x1f8c  btaudio - ok
09:35:14.0187 0x1f8c  [ FDE318E3569F57264AF74B7E431F60AE,

7B938D2019CA820A7437207C73913AC30DAFDC1F3B68AE14CD08773D7932D3DC ]

BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
09:35:14.0187 0x1f8c  BTDriver - ok
09:35:14.0296 0x1f8c  [ 9C3C8B9E2EDA516EB44B51DAB81DBD68,

E1F6D1C3CE48D2C5B37DCC960E0087DA836BE6DD554875DC9949033E57A380E6 ]

BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:35:14.0406 0x1f8c  BTKRNL - ok
09:35:14.0437 0x1f8c  [ 089F7526FF41C17B0A43896D0553D5A2,

1821B1E06BAD0ABAAA30CD94120419B80D45007F6A9AD9F4970A0125730F6DA3 ]

BTSERIAL        C:\WINDOWS\system32\drivers\btserial.sys
09:35:14.0453 0x1f8c  BTSERIAL - ok
09:35:14.0546 0x1f8c  [ 3A462EBA453D84D036046772104CFBCB,

4AE361F04B2FF7F6653834C7B57E573D84E83AE9036FA58151034F9236256ADA ] btwdins        

 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
09:35:14.0609 0x1f8c  btwdins - ok
09:35:14.0656 0x1f8c  [ 28531AB3183F498E58D93D585E6A6B70,

B92CA5B4D75C9D344E88F1B9E2607D881BE494B40F36C38E1C49BECBF018FB0F ]

BTWDNDIS        C:\WINDOWS\system32\DRIVERS\btwdndis.sys
09:35:14.0703 0x1f8c  BTWDNDIS - ok
09:35:14.0734 0x1f8c  [ C5C0E21C67089F053B964E0A8B8ADBAC,

1A2E34AFF514AE91E0255E79318F322B05560CD7DA2AB2E9A92DCD40C8ACB2D1 ] btwhid    

      C:\WINDOWS\system32\DRIVERS\btwhid.sys
09:35:14.0796 0x1f8c  btwhid - ok
09:35:14.0828 0x1f8c  [ 7D295223C172AB4D61DC256721B2F09E,

E6703A1737D67A35D8A15D1821654EEF4BD2980AFA20B6E08BC8BF4AFF2FA711 ]

btwmodem        C:\WINDOWS\system32\DRIVERS\btwmodem.sys
09:35:14.0828 0x1f8c  btwmodem - ok
09:35:14.0859 0x1f8c  [ 56C701580F2891952761362BA7594B3D,

815D09A2EEF5CEF2F629D6A4B7C8EF1445B82CC3622B6CB71E1428C566713B06 ] BTWUSB

         C:\WINDOWS\system32\Drivers\btwusb.sys
09:35:14.0859 0x1f8c  BTWUSB - ok
09:35:15.0000 0x1f8c  catchme - ok
09:35:15.0031 0x1f8c  [ 90A673FC8E12A79AFBED2576F6A7AAF9,

BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k    

     C:\WINDOWS\system32\drivers\cbidf2k.sys
09:35:15.0046 0x1f8c  cbidf2k - ok
09:35:15.0062 0x1f8c  [ 0BE5AEF125BE881C4F854C554F2B025C,

1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ]

CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:35:15.0078 0x1f8c  CCDECODE - ok
09:35:15.0078 0x1f8c  cd20xrnt - ok
09:35:15.0125 0x1f8c  [ C1B486A7658353D33A10CC15211A873B,

AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio    

     C:\WINDOWS\system32\drivers\Cdaudio.sys
09:35:15.0140 0x1f8c  Cdaudio - ok
09:35:15.0187 0x1f8c  [ C885B02847F5D2FD45A24E219ED93B32,

B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs         

   C:\WINDOWS\system32\drivers\Cdfs.sys
09:35:15.0187 0x1f8c  Cdfs - ok
09:35:15.0265 0x1f8c  [ 9714B7C918C6543D69074EC101F86AC4,

1F81D5317386CBBEB50AAD877578CD0E88C53D2A4910A3A5FC7874EB17BEE31B ] Cdr4_xp

        C:\WINDOWS\system32\drivers\Cdr4_xp.sys
09:35:15.0265 0x1f8c  Cdr4_xp - ok
09:35:15.0281 0x1f8c  [ 0D856D16C08440BFB566D6CDD9948D4E,

B78D702C9946C5CDEC9EA291D02FA1676D2EF3FDCF917D7A8392E9A1394846A4 ]

Cdralw2k        C:\WINDOWS\system32\drivers\Cdralw2k.sys
09:35:15.0296 0x1f8c  Cdralw2k - ok
09:35:15.0328 0x1f8c  [ 1F4260CC5B42272D71F79E570A27A4FE,

B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom      

     C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:35:15.0343 0x1f8c  Cdrom - ok
09:35:15.0406 0x1f8c  [ AD486DA4FAA4448E6827B18E377F6ACB,

DFBFCE9E2D40322790F682B1294554CB54F627748BE64A5C6339331C1D5A2DA4 ] cdudf_xp   

     C:\WINDOWS\system32\drivers\cdudf_xp.sys
09:35:15.0453 0x1f8c  cdudf_xp - ok
09:35:15.0484 0x1f8c  [ 84853B3FD012251690570E9E7E43343F,

65CACFA643E52A0C0E6B2D901228A8A0AD4993CAFA3C287E65395F4B7C521089 ] cercsr6    

     C:\WINDOWS\system32\drivers\cercsr6.sys
09:35:15.0500 0x1f8c  cercsr6 - ok
09:35:15.0515 0x1f8c  Changer - ok
09:35:15.0562 0x1f8c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE,

65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc      

     C:\WINDOWS\system32\cisvc.exe
09:35:15.0578 0x1f8c  CiSvc - ok
09:35:15.0625 0x1f8c  [ 34CBE729F38138217F9C80212A2A0C82,

A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv   

      C:\WINDOWS\system32\clipsrv.exe
09:35:15.0625 0x1f8c  ClipSrv - ok
09:35:15.0687 0x1f8c  [ D87ACAED61E417BBA546CED5E7E36D9C,

14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ]

clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:35:15.0921 0x1f8c  clr_optimization_v2.0.50727_32 - ok
09:35:16.0078 0x1f8c  [ C5A75EB48E2344ABDC162BDA79E16841,

6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ]

clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:35:16.0109 0x1f8c  clr_optimization_v4.0.30319_32 - ok
09:35:16.0171 0x1f8c  [ 0F6C187D38D98F8DF904589A5F94D411,

DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt       

   C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:35:16.0187 0x1f8c  CmBatt - ok
09:35:16.0531 0x1f8c  [ 2A2D72271844C52F004901A60312B96A,

A7782E78EE6797A100410C997B77C95B1D991E57C0E5025FC17324EF54C54F0F ] cmdAgent    

    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
09:35:16.0703 0x1f8c  cmdAgent - ok
09:35:16.0828 0x1f8c  [ 9181CC4D007ADBE21DB9A11BFECAFEF5,

06B5FDD33D5EE99659DF772CAB38A187166A7F9662B43B1DFC786E0DEFF013B8 ]

cmdGuard        C:\WINDOWS\system32\DRIVERS\cmdguard.sys
09:35:16.0890 0x1f8c  cmdGuard - ok
09:35:16.0937 0x1f8c  [ C5A9FB50E8CA7FD99F256255FEE71580,

98A826550D7960A3605F67EBA84B721881B7F7D5B7F8445AA6F8790FE2DA05F2 ] cmdHlp       

   C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
09:35:16.0937 0x1f8c  cmdHlp - ok
09:35:16.0953 0x1f8c  CmdIde - ok
09:35:16.0953 0x1f8c  [ 6E4C9F21F0FAE8940661144F41B13203,

731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt   

     C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:35:16.0968 0x1f8c  Compbatt - ok
09:35:16.0984 0x1f8c  COMSysApp - ok
09:35:16.0984 0x1f8c  Cpqarray - ok
09:35:17.0046 0x1f8c  [ 3D4E199942E29207970E04315D02AD3B,

0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc   

     C:\WINDOWS\System32\cryptsvc.dll
09:35:17.0062 0x1f8c  CryptSvc - ok
09:35:17.0078 0x1f8c  dac2w2k - ok
09:35:17.0093 0x1f8c  dac960nt - ok
09:35:17.0156 0x1f8c  [ 6B27A5C03DFB94B4245739065431322C,

6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ]

DcomLaunch      C:\WINDOWS\system32\rpcss.dll
09:35:17.0187 0x1f8c  DcomLaunch - ok
09:35:17.0234 0x1f8c  [ 5E38D7684A49CACFB752B046357E0589,

F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp      

      C:\WINDOWS\System32\dhcpcsvc.dll
09:35:17.0250 0x1f8c  Dhcp - ok
09:35:17.0265 0x1f8c  [ 044452051F3E02E7963599FC8F4F3E25,

584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk          

  C:\WINDOWS\system32\DRIVERS\disk.sys
09:35:17.0281 0x1f8c  Disk - ok
09:35:17.0281 0x1f8c  dmadmin - ok
09:35:17.0375 0x1f8c  [ D992FE1274BDE0F84AD826ACAE022A41,

C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot        

  C:\WINDOWS\system32\drivers\dmboot.sys
09:35:17.0453 0x1f8c  dmboot - ok
09:35:17.0484 0x1f8c  [ 7C824CF7BBDE77D95C08005717A95F6F,

A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio     

       C:\WINDOWS\system32\drivers\dmio.sys
09:35:17.0515 0x1f8c  dmio - ok
09:35:17.0546 0x1f8c  [ E9317282A63CA4D188C0DF5E09C6AC5F,

D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload         

 C:\WINDOWS\system32\drivers\dmload.sys
09:35:17.0546 0x1f8c  dmload - ok
09:35:17.0593 0x1f8c  [ 57EDEC2E5F59F0335E92F35184BC8631,

61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver  

      C:\WINDOWS\System32\dmserver.dll
09:35:17.0609 0x1f8c  dmserver - ok
09:35:17.0656 0x1f8c  [ 8A208DFCF89792A484E76C40E5F50B45,

4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic    

      C:\WINDOWS\system32\drivers\DMusic.sys
09:35:17.0671 0x1f8c  DMusic - ok
09:35:17.0718 0x1f8c  [ 5F7E24FA9EAB896051FFB87F840730D2,

356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ]

Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
09:35:17.0734 0x1f8c  Dnscache - ok
09:35:17.0796 0x1f8c  [ 0F0F6E687E5E15579EF4DA8DD6945814,

5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc     

    C:\WINDOWS\System32\dot3svc.dll
09:35:17.0828 0x1f8c  Dot3svc - ok
09:35:17.0843 0x1f8c  dpti2o - ok
09:35:17.0875 0x1f8c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8,

C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud  

       C:\WINDOWS\system32\drivers\drmkaud.sys
09:35:17.0875 0x1f8c  drmkaud - ok
09:35:17.0921 0x1f8c  [ 5438D49873EAC6DE7D336D7BE7DBF6DB,

81A66B1F8711243AC497D8F877D9B833AACE9A421D99A5DE62254371A578EFB6 ] dvd_2K    

      C:\WINDOWS\system32\drivers\dvd_2K.sys
09:35:17.0937 0x1f8c  dvd_2K - ok
09:35:17.0984 0x1f8c  [ 2187855A7703ADEF0CEF9EE4285182CC,

8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost      

   C:\WINDOWS\System32\eapsvc.dll
09:35:18.0000 0x1f8c  EapHost - ok
09:35:18.0062 0x1f8c  [ 57CC1BF06C159DFBB989F5783C0E6A50,

6B878122D2533A3E162BCAF119D0D38FFE20183220A7B7639C3560C5DB57A943 ] epmntdrv    

    C:\WINDOWS\system32\epmntdrv.sys
09:35:18.0078 0x1f8c  epmntdrv - ok
09:35:18.0125 0x1f8c  [ BC93B4A066477954555966D77FEC9ECB,

27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc         

  C:\WINDOWS\System32\ersvc.dll
09:35:18.0140 0x1f8c  ERSvc - ok
09:35:18.0156 0x1f8c  [ 5F779F5EDAB787F2D090C71A9051F365,

B2C4D872550A41A91EFC2A12FE699E99B3F6BAA26E68D75F1004389FBCF7DB89 ] EuGdiDrv

       C:\WINDOWS\system32\EuGdiDrv.sys
09:35:18.0156 0x1f8c  EuGdiDrv - ok
09:35:18.0218 0x1f8c  [ 65DF52F5B8B6E9BBD183505225C37315,

59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog    

    C:\WINDOWS\system32\services.exe
09:35:18.0250 0x1f8c  Eventlog - ok
09:35:18.0328 0x1f8c  [ D4991D98F2DB73C60D042F1AEF79EFAE,

58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ]

EventSystem     C:\WINDOWS\system32\es.dll
09:35:18.0375 0x1f8c  EventSystem - ok
09:35:18.0546 0x1f8c  [ C37B83B51CDF10E5BB6F78A7E4FED11A,

9AFDDB3F98D717A71EF941BE52EE5D20B4E45693754F665088686932CA48D5E0 ] EvtEng        

  C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:35:18.0718 0x1f8c  EvtEng - ok
09:35:18.0859 0x1f8c  [ 2D5ED81E5A8A2B77768BA724E3F8E538,

B836C0BA54905A008CBE66DCE27837D9829159E4C7197EDA4F1C30326CB89304 ] EzVpnSvc

       C:\Program Files\COMODO\Unite\EzVpnSvc.exe
09:35:18.0921 0x1f8c  EzVpnSvc - ok
09:35:19.0000 0x1f8c  [ 38D332A6D56AF32635675F132548343E,

E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat    

     C:\WINDOWS\system32\drivers\Fastfat.sys
09:35:19.0031 0x1f8c  Fastfat - ok
09:35:19.0109 0x1f8c  [ 99BC0B50F511924348BE19C7C7313BBF,

A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ]

FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:35:19.0156 0x1f8c  FastUserSwitchingCompatibility - ok
09:35:19.0171 0x1f8c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81,

8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc          

   C:\WINDOWS\system32\drivers\Fdc.sys
09:35:19.0187 0x1f8c  Fdc - ok
09:35:19.0234 0x1f8c  [ 1EDC0DF2DA14E04504DD3BAC21AA32CD,

73756D6F89CFFF9817B31F235B66A55F75892E988C4E7C0C2B503BD64ABB65D0 ]

FilterService   C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
09:35:19.0250 0x1f8c  FilterService - ok
09:35:19.0281 0x1f8c  [ D45926117EB9FA946A6AF572FBE1CAA3,

4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips          

  C:\WINDOWS\system32\drivers\Fips.sys
09:35:19.0296 0x1f8c  Fips - ok
09:35:19.0312 0x1f8c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0,

69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ]

Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
09:35:19.0328 0x1f8c  Flpydisk - ok
09:35:19.0359 0x1f8c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0,

280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr     

     C:\WINDOWS\system32\drivers\fltmgr.sys
09:35:19.0390 0x1f8c  FltMgr - ok
09:35:19.0546 0x1f8c  [ 8BA7C024070F2B7FDD98ED8A4BA41789,

47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ]

FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:35:19.0578 0x1f8c  FontCache3.0.0.0 - ok
09:35:19.0609 0x1f8c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A,

EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          

C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:35:19.0625 0x1f8c  Fs_Rec - ok
09:35:19.0671 0x1f8c  [ 6AC26732762483366C3969C9E4D2259D,

FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk         

 C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:35:19.0703 0x1f8c  Ftdisk - ok
09:35:19.0734 0x1f8c  [ 77EBF3E9386DAA51551AF429052D88D0,

94C3294BB9E14B07448734AE65B37801D3FF15BEC987D182A929A017FEF7B276 ] giveio          

C:\WINDOWS\system32\giveio.sys
09:35:19.0734 0x1f8c  giveio - ok
09:35:19.0781 0x1f8c  [ 0A02C63C8B144BD8C86B103DEE7C86A2,

7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc        

     C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:35:19.0796 0x1f8c  Gpc - ok
09:35:19.0843 0x1f8c  [ CA835331825599B938E37525796D3549,

0CF7AEA9456A02FDB5621B4774956839B879098E35BECCFF1FE7140710986BF2 ] GTIPCI21   

     C:\WINDOWS\system32\DRIVERS\gtipci21.sys
09:35:19.0859 0x1f8c  GTIPCI21 - ok
09:35:19.0937 0x1f8c  [ 4FCCA060DFE0C51A09DD5C3843888BCD,

D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc   

      C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:35:19.0953 0x1f8c  helpsvc - ok
09:35:20.0015 0x1f8c  [ DEB04DA35CC871B6D309B77E1443C796,

F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ     

    C:\WINDOWS\System32\hidserv.dll
09:35:20.0031 0x1f8c  HidServ - ok
09:35:20.0093 0x1f8c  [ CCF82C5EC8A7326C3066DE870C06DAF1,

93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb   

       C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:35:20.0109 0x1f8c  HidUsb - ok
09:35:20.0171 0x1f8c  [ 8878BD685E490239777BFE51320B88E9,

C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc      

    C:\WINDOWS\System32\kmsvc.dll
09:35:20.0203 0x1f8c  hkmsvc - ok
09:35:20.0218 0x1f8c  hpn - ok
09:35:20.0296 0x1f8c  [ A84BBBDD125D370593004F6429F8445C,

78292243F4894A3DCB4F90D71DE4AB51C5DEF1252976272C8108E8CAFFEE10F5 ]

HSFHWICH        C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
09:35:20.0328 0x1f8c  HSFHWICH - ok
09:35:20.0437 0x1f8c  [ B678FA91CF4A1C19B462D8DB04CD02AB,

B1A7BC7519BFF1BBAAFE0A74D2258302C0F1437476DDC7FA9334D83BC4E10586 ]

HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
09:35:20.0609 0x1f8c  HSF_DPV - ok
09:35:20.0687 0x1f8c  [ F80A415EF82CD06FFAF0D971528EAD38,

524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            

C:\WINDOWS\system32\Drivers\HTTP.sys
09:35:20.0750 0x1f8c  HTTP - ok
09:35:20.0812 0x1f8c  [ 6100A808600F44D999CEBDEF8841C7A3,

61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter    

  C:\WINDOWS\System32\w3ssl.dll
09:35:20.0828 0x1f8c  HTTPFilter - ok
09:35:20.0843 0x1f8c  i2omgmt - ok
09:35:20.0859 0x1f8c  i2omp - ok
09:35:20.0906 0x1f8c  [ 4A0B06AA8943C1E332520F7440C0AA30,

DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt

       C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:35:20.0921 0x1f8c  i8042prt - ok
09:35:21.0093 0x1f8c  [ 643162FBC619E35D3F1A90A095A5BB42,

F59C325B9822E740C5E2808791CFDFD3E8CB543557E52794F578566546B9316F ] ialm            

C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:35:21.0281 0x1f8c  ialm - ok
09:35:21.0453 0x1f8c  [ DAF66902F08796F9C694901660E5A64A,

F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT   

     C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
09:35:21.0515 0x1f8c  IDriverT - ok
09:35:21.0687 0x1f8c  [ C01AC32DC5C03076CFB852CB5DA5229C,

A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc         

  C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:35:21.0890 0x1f8c  idsvc - ok
09:35:21.0953 0x1f8c  [ 083A052659F5310DD8B6A6CB05EDCF8E,

48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi          

 C:\WINDOWS\system32\DRIVERS\imapi.sys
09:35:21.0968 0x1f8c  Imapi - ok
09:35:22.0031 0x1f8c  [ 30DEAF54A9755BB8546168CFE8A6B5E1,

3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ]

ImapiService    C:\WINDOWS\system32\imapi.exe
09:35:22.0062 0x1f8c  ImapiService - ok
09:35:22.0093 0x1f8c  ini910u - ok
09:35:22.0140 0x1f8c  [ E1DF634BEC066B3D4FFE437BCB78C282,

974278CA606DF7C0332997E4339EA2AFE017E04C596CE69F47FED798E57D52FB ] Inspect       

  C:\WINDOWS\system32\DRIVERS\inspect.sys
09:35:22.0171 0x1f8c  Inspect - ok
09:35:22.0187 0x1f8c  [ B5466A9250342A7AA0CD1FBA13420678,

87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde     

   C:\WINDOWS\system32\DRIVERS\intelide.sys
09:35:22.0203 0x1f8c  IntelIde - ok
09:35:22.0234 0x1f8c  [ 8C953733D8F36EB2133F5BB58808B66B,

555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm      

  C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:35:22.0234 0x1f8c  intelppm - ok
09:35:22.0265 0x1f8c  [ 3BB22519A194418D5FEC05D800A19AD0,

F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw      

     C:\WINDOWS\system32\drivers\ip6fw.sys
09:35:22.0281 0x1f8c  Ip6Fw - ok
09:35:22.0328 0x1f8c  [ 731F22BA402EE4B62748ADAF6363C182,

5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ]

IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:35:22.0328 0x1f8c  IpFilterDriver - ok
09:35:22.0343 0x1f8c  [ B87AB476DCF76E72010632B5550955F5,

E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp      

    C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:35:22.0359 0x1f8c  IpInIp - ok
09:35:22.0375 0x1f8c  [ CC748EA12C6EFFDE940EE98098BF96BB,

AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat       

    C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:35:22.0406 0x1f8c  IpNat - ok
09:35:22.0421 0x1f8c  [ 23C74D75E36E7158768DD63D92789A91,

394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec      

     C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:35:22.0437 0x1f8c  IPSec - ok
09:35:22.0453 0x1f8c  [ C93C9FF7B04D772627A3646D89F7BF89,

805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM   

       C:\WINDOWS\system32\DRIVERS\irenum.sys
09:35:22.0453 0x1f8c  IRENUM - ok
09:35:22.0468 0x1f8c  [ 05A299EC56E52649B1CF2FC52D20F2D7,

2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp        

  C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:35:22.0484 0x1f8c  isapnp - ok
09:35:22.0609 0x1f8c  [ E87885A59FDC241B6575943A75E495D9,

17837028307F57C85742036748D27E36DAE56BAD3D0F074149F758EF7B503A60 ]

JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
09:35:22.0625 0x1f8c  JavaQuickStarterService - ok
09:35:22.0656 0x1f8c  [ 463C1EC80CD17420A542B7F36A36F128,

E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ]

Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:35:22.0656 0x1f8c  Kbdclass - ok
09:35:22.0703 0x1f8c  [ 9EF487A186DEA361AA06913A75B3FA99,

B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid     

     C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:35:22.0703 0x1f8c  kbdhid - ok
09:35:22.0750 0x1f8c  [ 692BCF44383D056AED41B045A323D378,

1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer    

      C:\WINDOWS\system32\drivers\kmixer.sys
09:35:22.0765 0x1f8c  kmixer - ok
09:35:22.0812 0x1f8c  [ B467646C54CC746128904E1654C750C1,

3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD

         C:\WINDOWS\system32\drivers\KSecDD.sys
09:35:22.0828 0x1f8c  KSecDD - ok
09:35:22.0890 0x1f8c  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527,

0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ]

lanmanserver    C:\WINDOWS\System32\srvsvc.dll
09:35:22.0921 0x1f8c  lanmanserver - ok
09:35:22.0968 0x1f8c  [ A8888A5327621856C0CEC4E385F69309,

B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ]

lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:35:23.0000 0x1f8c  lanmanworkstation - ok
09:35:23.0031 0x1f8c  [ E254E5B2C5227DDBB47D045940A0A559,

A7A30B2AC1E9160C35A84B08FB0176BB7A9B42B7577D61E5167A9CEA9CD8C941 ]

LBeepKE         C:\WINDOWS\system32\Drivers\LBeepKE.sys
09:35:23.0046 0x1f8c  LBeepKE - ok
09:35:23.0046 0x1f8c  lbrtfdc - ok
09:35:23.0156 0x1f8c  [ A15A462F3BBB68974419B7158F4B3647,

6972FEDCD55FCED783D0EEA6E666451E1429BFD2BBB8FACDB57E5CCA435651D9 ]

LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
09:35:23.0187 0x1f8c  LBTServ - ok
09:35:23.0250 0x1f8c  [ F5E165B4E3DF145F6E8BF3C0573F94D8,

3B7759986E69A45A6A8F418AE5F66EFC49E7DC98B263984C1178F23F096ADD58 ] LHidFilt     

   C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
09:35:23.0890 0x1f8c  LHidFilt - ok
09:35:23.0953 0x1f8c  [ A7DB739AE99A796D91580147E919CC59,

EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ]

LmHosts         C:\WINDOWS\System32\lmhsvc.dll
09:35:23.0968 0x1f8c  LmHosts - ok
09:35:24.0031 0x1f8c  [ B46E39B8AE439D7CE75A923E7F950040,

E05CE43BFC6605D88DAD73518E66964C96C0CD7A48AC079EB72F285675FFF502 ] LMouFilt  

      C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
09:35:24.0062 0x1f8c  LMouFilt - ok
09:35:24.0125 0x1f8c  [ 9BBD8674C1D3811B851C8CF8A8E30E2C,

881CF9E3AE41D8E3934A4B00A9A0AC6316CC69C7A380B03225A320136407C377 ] LUsbFilt    

    C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
09:35:24.0140 0x1f8c  LUsbFilt - ok
09:35:24.0218 0x1f8c  [ 900B76894C81CBF876CD605448B06959,

37E0335942D812222D76B3B230375E8EEB233853C85D45B3B01F5227499D00BA ] lvpopflt        

C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
09:35:24.0250 0x1f8c  lvpopflt - ok
09:35:24.0312 0x1f8c  [ F96CFB47903854F228BAAF3E2D41A0A3,

66DF1838C06D543B5EAB0EF8F5182620AC268C7033FFE054077CD844006ADE51 ]

LVPr2Mon        C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
09:35:24.0328 0x1f8c  LVPr2Mon - ok
09:35:24.0421 0x1f8c  [ FF23862146A682FCC3DBAA002E22F958,

445DFBC1DD9D502463B6668F163BD21939F671B8D1CBC0F3CDE6E710BA69FB19 ]

LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
09:35:24.0468 0x1f8c  LVPrcSrv - ok
09:35:24.0593 0x1f8c  [ E22FD7852E74F04CCEB6B8A684A51F3E,

A46589C3B0D0EBAD7216CF54A1CE4251FCAAF8373ADAB80E6C74F0932BA5A802 ] LVRS   

         C:\WINDOWS\system32\DRIVERS\lvrs.sys
09:35:24.0734 0x1f8c  LVRS - ok
09:35:24.0796 0x1f8c  [ 5F987FC1AAD215EC2C60CF07719B1CCE,

2424864B1FCC939AEAD7D486BF8A81847A40F998287D54D97EA987982DE8721E ]

LVUSBSta        C:\WINDOWS\system32\drivers\LVUSBSta.sys
09:35:24.0812 0x1f8c  LVUSBSta - ok
09:35:25.0375 0x1f8c  [ E89DF2B88EE659954DE79827DDF46DC9,

0D4CB575BE335C09C7DBE694B77AB8D2D7BA47D4E17A43915C9FC5AE0EFAF9F0 ]

LVUVC           C:\WINDOWS\system32\DRIVERS\lvuvc.sys
09:35:25.0828 0x1f8c  LVUVC - ok
09:35:25.0921 0x1f8c  [ 12E71DA845D76665B56753AD149E32B3,

0E403710CCBACD5AB85FD4C32AAB6CB2C27BC1F043E8008EE49EE96ECA944146 ]

MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
09:35:25.0953 0x1f8c  MBAMSwissArmy - ok
09:35:25.0984 0x1f8c  [ 3C318B9CD391371BED62126581EE9961,

1254273DE950EF8D5922F26D67B55C9D9082F45CDE168E3DAB20A2E53208DC3A ] mdmxsdk  

       C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:35:25.0984 0x1f8c  mdmxsdk - ok
09:35:26.0062 0x1f8c  [ 8239DC1DE1605730B595E2B7DB3CAF70,

69CEAE9289F9FC14AD21859E2A3FB7A2E9CF45C9872FA0A0F540702D961FC8DC ] memcard

        C:\WINDOWS\system32\DRIVERS\memcard.sys
09:35:26.0078 0x1f8c  memcard - ok
09:35:26.0078 0x1f8c  MEMSWEEP2 - ok
09:35:26.0140 0x1f8c  [ 986B1FF5814366D71E0AC5755C88F2D3,

E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger  

     C:\WINDOWS\System32\msgsvc.dll
09:35:26.0156 0x1f8c  Messenger - ok
09:35:26.0234 0x1f8c  [ A7DA20AB18A1BDAE28B0F349E57DA0D1,

C668F419579ADDF37558241982B0334A93644E9C05919967C494FE9853E62D5B ] mf              

C:\WINDOWS\system32\DRIVERS\mf.sys
09:35:26.0250 0x1f8c  mf - ok
09:35:26.0296 0x1f8c  [ E9DC68BF135238485703AD9B045DE0DA,

F8BFA7538850F077AD6BF058B0DE000993DFEDA1997991EDCF0303A1932C9D16 ] mmc_2K  

        C:\WINDOWS\system32\drivers\mmc_2K.sys
09:35:26.0312 0x1f8c  mmc_2K - ok
09:35:26.0359 0x1f8c  [ 4AE068242760A1FB6E1A44BF4E16AFA6,

1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd     

      C:\WINDOWS\system32\drivers\mnmdd.sys
09:35:26.0359 0x1f8c  mnmdd - ok
09:35:26.0421 0x1f8c  [ D18F1F0C101D06A1C1ADF26EED16FCDD,

BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc   

      C:\WINDOWS\system32\mnmsrvc.exe
09:35:26.0437 0x1f8c  mnmsrvc - ok
09:35:26.0484 0x1f8c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1,

B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem    

       C:\WINDOWS\system32\drivers\Modem.sys
09:35:26.0500 0x1f8c  Modem - ok
09:35:26.0531 0x1f8c  [ 35C9E97194C8CFB8430125F8DBC34D04,

0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass   

     C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:35:26.0546 0x1f8c  Mouclass - ok
09:35:26.0578 0x1f8c  [ B1C303E17FB9D46E87A98E4BA6769685,

161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid     

     C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:35:26.0578 0x1f8c  mouhid - ok
09:35:26.0625 0x1f8c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD,

2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr  

      C:\WINDOWS\system32\drivers\MountMgr.sys
09:35:26.0640 0x1f8c  MountMgr - ok
09:35:26.0718 0x1f8c  [ 26EA1DAD601EE3ACAC301D66F07BA219,

C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ]

MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:35:26.0750 0x1f8c  MozillaMaintenance - ok
09:35:26.0781 0x1f8c  mraid35x - ok
09:35:26.0828 0x1f8c  [ 11D42BB6206F33FBB3BA0288D3EF81BD,

76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV

         C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:35:26.0875 0x1f8c  MRxDAV - ok
09:35:26.0984 0x1f8c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0,

DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ]

MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:35:27.0062 0x1f8c  MRxSmb - ok
09:35:27.0093 0x1f8c  [ A137F1470499A205ABBB9AAFB3B6F2B1,

FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC   

        C:\WINDOWS\system32\msdtc.exe
09:35:27.0109 0x1f8c  MSDTC - ok
09:35:27.0140 0x1f8c  [ C941EA2454BA8350021D774DAF0F1027,

C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs      

      C:\WINDOWS\system32\drivers\Msfs.sys
09:35:27.0140 0x1f8c  Msfs - ok
09:35:27.0156 0x1f8c  MSIServer - ok
09:35:27.0203 0x1f8c  [ D1575E71568F4D9E14CA56B7B0453BF1,

4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ]

MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:35:27.0218 0x1f8c  MSKSSRV - ok
09:35:27.0234 0x1f8c  [ 325BB26842FC7CCC1FCCE2C457317F3E,

C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ]

MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:35:27.0250 0x1f8c  MSPCLOCK - ok
09:35:27.0265 0x1f8c  [ BAD59648BA099DA4A17680B39730CB3D,

9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ]

MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
09:35:27.0281 0x1f8c  MSPQM - ok
09:35:27.0328 0x1f8c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136,

AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios

       C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:35:27.0343 0x1f8c  mssmbios - ok
09:35:27.0375 0x1f8c  [ E53736A9E30C45FA9E7B5EAC55056D1D,

38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE  

         C:\WINDOWS\system32\drivers\MSTEE.sys
09:35:27.0390 0x1f8c  MSTEE - ok
09:35:27.0437 0x1f8c  [ DE6A75F5C270E756C5508D94B6CF68F5,

FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup        

     C:\WINDOWS\system32\drivers\Mup.sys
09:35:27.0468 0x1f8c  Mup - ok
09:35:27.0515 0x1f8c  [ 5B50F1B2A2ED47D560577B221DA734DB,

C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ]

NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:35:27.0546 0x1f8c  NABTSFEC - ok
09:35:27.0656 0x1f8c  [ 0102140028FAD045756796E1C685D695,

5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent    

    C:\WINDOWS\System32\qagentrt.dll
09:35:27.0734 0x1f8c  napagent - ok
09:35:27.0796 0x1f8c  [ 1DF7F42665C94B825322FAE71721130D,

FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS        

    C:\WINDOWS\system32\drivers\NDIS.sys
09:35:27.0828 0x1f8c  NDIS - ok
09:35:27.0859 0x1f8c  [ 7FF1F1FD8609C149AA432F95A8163D97,

18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP   

       C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:35:27.0875 0x1f8c  NdisIP - ok
09:35:27.0937 0x1f8c  [ 0109C4F3850DFBAB279542515386AE22,

4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ]

NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:35:27.0937 0x1f8c  NdisTapi - ok
09:35:27.0968 0x1f8c  [ F927A4434C5028758A842943EF1A3849,

B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio     

    C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:35:27.0984 0x1f8c  Ndisuio - ok
09:35:28.0000 0x1f8c  [ EDC1531A49C80614B2CFDA43CA8659AB,

494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         

C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:35:28.0031 0x1f8c  NdisWan - ok
09:35:28.0078 0x1f8c  [ 2F597BB467E05B1FE3830EABD821B8E0,

141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy  

       C:\WINDOWS\system32\drivers\NDProxy.sys
09:35:28.0093 0x1f8c  NDProxy - ok
09:35:28.0125 0x1f8c  [ 5D81CF9A2F1A3A756B66CF684911CDF0,

7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ]

NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
09:35:28.0140 0x1f8c  NetBIOS - ok
09:35:28.0203 0x1f8c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D,

7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           

C:\WINDOWS\system32\DRIVERS\netbt.sys
09:35:28.0234 0x1f8c  NetBT - ok
09:35:28.0312 0x1f8c  [ B857BA82860D7FF85AE29B095645563B,

86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ]

NetDDE          C:\WINDOWS\system32\netdde.exe
09:35:28.0343 0x1f8c  NetDDE - ok
09:35:28.0375 0x1f8c  [ B857BA82860D7FF85AE29B095645563B,

86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ]

NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
09:35:28.0375 0x1f8c  NetDDEdsdm - ok
09:35:28.0437 0x1f8c  [ BF2466B3E18E970D8A976FB95FC1CA85,

F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon   

     C:\WINDOWS\system32\lsass.exe
09:35:28.0453 0x1f8c  Netlogon - ok
09:35:28.0500 0x1f8c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE,

4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman    

      C:\WINDOWS\System32\netman.dll
09:35:28.0531 0x1f8c  Netman - ok
09:35:28.0640 0x1f8c  [ D34612C5D02D026535B3095D620626AE,

1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ]

NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\SMSvcHost.exe
09:35:28.0687 0x1f8c  NetTcpPortSharing - ok
09:35:28.0750 0x1f8c  [ 943337D786A56729263071623BBB9DE5,

B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla           

  C:\WINDOWS\System32\mswsock.dll
09:35:28.0781 0x1f8c  Nla - ok
09:35:28.0781 0x1f8c  [ 3182D64AE053D6FB034F44B6DEF8034A,

4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs          

  C:\WINDOWS\system32\drivers\Npfs.sys
09:35:28.0796 0x1f8c  Npfs - ok
09:35:28.0875 0x1f8c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA,

E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs         

   C:\WINDOWS\system32\drivers\Ntfs.sys
09:35:28.0953 0x1f8c  Ntfs - ok
09:35:28.0968 0x1f8c  [ BF2466B3E18E970D8A976FB95FC1CA85,

F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp  

       C:\WINDOWS\system32\lsass.exe
09:35:28.0968 0x1f8c  NtLmSsp - ok
09:35:29.0062 0x1f8c  [ 156F64A3345BD23C600655FB4D10BC08,

9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc  

       C:\WINDOWS\system32\ntmssvc.dll
09:35:29.0109 0x1f8c  NtmsSvc - ok
09:35:29.0140 0x1f8c  [ 73C1E1F395918BC2C6DD67AF7591A3AD,

B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null          

  C:\WINDOWS\system32\drivers\Null.sys
09:35:29.0156 0x1f8c  Null - ok
09:35:29.0203 0x1f8c  [ 67FB86EEB94059177642050718D57460,

66E31CB9BD51BDE1424628655B7BA9392CD7447DE034B7B0C8FCAE3369FB92A6 ] NWADI  

         C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
09:35:29.0218 0x1f8c  NWADI - ok
09:35:29.0265 0x1f8c  [ B305F3FAD35083837EF46A0BBCE2FC57,

9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt  

      C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:35:29.0265 0x1f8c  NwlnkFlt - ok
09:35:29.0312 0x1f8c  [ C99B3415198D1AAB7227F2C88FD664B9,

DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd

       C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:35:29.0328 0x1f8c  NwlnkFwd - ok
09:35:29.0359 0x1f8c  [ 8B8B1BE2DBA4025DA6786C645F77F123,

E47D5EED2F3AF85E2332C325DA80AEF2C4EC989E38A175194EBBFA967BA8BF81 ]

NwlnkIpx        C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
09:35:29.0375 0x1f8c  NwlnkIpx - ok
09:35:29.0406 0x1f8c  [ 56D34A67C05E94E16377C60609741FF8,

ABE48D3E7D38DB20E9D4884FC6FE42FAE0C5FAFD3AC86F1E585A4BB17C6F09C5 ]

NwlnkNb         C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
09:35:29.0421 0x1f8c  NwlnkNb - ok
09:35:29.0437 0x1f8c  [ C0BB7D1615E1ACBDC99757F6CEAF8CF0,

899905C0EB182ABCDAE0D0D749C0BC39CD231B9FAEE733D5DFDAE86EB8BC755B ]

NwlnkSpx        C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
09:35:29.0453 0x1f8c  NwlnkSpx - ok
09:35:29.0625 0x1f8c  [ D8A0164A79D4BFD6083945C5431E41E7,

1A8EF6EA432EB179E5FEFA81C0675FD56F83BBB06460844CC973F8F512329184 ]

OpenVPNService  C:\Program Files\OpenVPN\bin\openvpnserv.exe
09:35:29.0640 0x1f8c  OpenVPNService - ok
09:35:29.0734 0x1f8c  [ 7A56CF3E3F12E8AF599963B16F50FB6A,

882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose          

   C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:35:29.0765 0x1f8c  ose - ok
09:35:29.0812 0x1f8c  [ 5575FAF8F97CE5E713D108C2A58D7C7C,

96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport

        C:\WINDOWS\system32\DRIVERS\parport.sys
09:35:29.0828 0x1f8c  Parport - ok
09:35:29.0875 0x1f8c  [ BEB3BA25197665D82EC7065B724171C6,

7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ]

PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
09:35:29.0890 0x1f8c  PartMgr - ok
09:35:29.0937 0x1f8c  [ 70E98B3FD8E963A6A46A2E6247E0BEA1,

6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm      

    C:\WINDOWS\system32\drivers\ParVdm.sys
09:35:29.0953 0x1f8c  ParVdm - ok
09:35:29.0968 0x1f8c  [ A219903CCF74233761D92BEF471A07B1,

D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI         

    C:\WINDOWS\system32\DRIVERS\pci.sys
09:35:29.0984 0x1f8c  PCI - ok
09:35:30.0000 0x1f8c  PCIDump - ok
09:35:30.0031 0x1f8c  [ CCF5F451BB1A5A2A522A76E670000FF0,

D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde       

   C:\WINDOWS\system32\drivers\PCIIde.sys
09:35:30.0031 0x1f8c  PCIIde - ok
09:35:30.0062 0x1f8c  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1,

0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia

         C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:35:30.0093 0x1f8c  Pcmcia - ok
09:35:30.0109 0x1f8c  PDCOMP - ok
09:35:30.0125 0x1f8c  PDFRAME - ok
09:35:30.0140 0x1f8c  PDRELI - ok
09:35:30.0156 0x1f8c  PDRFRAME - ok
09:35:30.0171 0x1f8c  perc2 - ok
09:35:30.0171 0x1f8c  perc2hib - ok
09:35:30.0296 0x1f8c  [ F042EE4C8D66248D9B86DCF52ABAE416,

AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924 ]

PEVSystemStart  C:\ComboFix\pev.3XE
09:35:30.0500 0x1f8c  PEVSystemStart - ok
09:35:30.0546 0x1f8c  [ 65DF52F5B8B6E9BBD183505225C37315,

59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay    

    C:\WINDOWS\system32\services.exe
09:35:30.0546 0x1f8c  PlugPlay - ok
09:35:30.0562 0x1f8c  [ BF2466B3E18E970D8A976FB95FC1CA85,

F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ]

PolicyAgent     C:\WINDOWS\system32\lsass.exe
09:35:30.0562 0x1f8c  PolicyAgent - ok
09:35:30.0578 0x1f8c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99,

C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ]

PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:35:30.0578 0x1f8c  PptpMiniport - ok
09:35:30.0593 0x1f8c  [ BF2466B3E18E970D8A976FB95FC1CA85,

F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ]

ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:35:30.0593 0x1f8c  ProtectedStorage - ok
09:35:30.0656 0x1f8c  [ D24DFD16A1E2A76034DF5AA18125C35D,

BB1F2BB3EB69DE742AA8ED33DCB572888BC473182E0F7DA860CB57903C9924A6 ] PSI         

    C:\WINDOWS\system32\DRIVERS\psi_mf.sys
09:35:30.0656 0x1f8c  PSI - ok
09:35:30.0671 0x1f8c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD,

DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink       

  C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:35:30.0671 0x1f8c  Ptilink - ok
09:35:30.0718 0x1f8c  [ D7DA4DA78005727F78CC9EB11972C712,

A9CEDC26D4F6087CDFF246E90D07F07B9C75FAAFE170CB99638FB7C5AD677120 ] pwd_2k

         C:\WINDOWS\system32\drivers\pwd_2k.sys
09:35:30.0734 0x1f8c  pwd_2k - ok
09:35:30.0765 0x1f8c  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E,

20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ]

PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:35:30.0781 0x1f8c  PxHelp20 - ok
09:35:30.0781 0x1f8c  ql1080 - ok
09:35:30.0796 0x1f8c  Ql10wnt - ok
09:35:30.0796 0x1f8c  ql12160 - ok
09:35:30.0812 0x1f8c  ql1240 - ok
09:35:30.0812 0x1f8c  ql1280 - ok
09:35:30.0843 0x1f8c  [ FE0D99D6F31E4FAD8159F690D68DED9C,

998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd         

 C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:35:30.0859 0x1f8c  RasAcd - ok
09:35:30.0921 0x1f8c  [ AD188BE7BDF94E8DF4CA0A55C00A5073,

C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ]

RasAuto         C:\WINDOWS\System32\rasauto.dll
09:35:30.0937 0x1f8c  RasAuto - ok
09:35:30.0968 0x1f8c  [ 11B4A627BC9614B885C4969BFA5FF8A6,

EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp      

   C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:35:30.0984 0x1f8c  Rasl2tp - ok
09:35:31.0046 0x1f8c  [ 76A9A3CBEADD68CC57CDA5E1D7448235,

4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan

         C:\WINDOWS\System32\rasmans.dll
09:35:31.0078 0x1f8c  RasMan - ok
09:35:31.0093 0x1f8c  [ 5BC962F2654137C9909C3D4603587DEE,

A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe

       C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:35:31.0109 0x1f8c  RasPppoe - ok
09:35:31.0109 0x1f8c  [ FDBB1D60066FCFBB7452FD8F9829B242,

10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti     

     C:\WINDOWS\system32\DRIVERS\raspti.sys
09:35:31.0125 0x1f8c  Raspti - ok
09:35:31.0171 0x1f8c  [ 7AD224AD1A1437FE28D89CF22B17780A,

6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss         

  C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:35:31.0203 0x1f8c  Rdbss - ok
09:35:31.0203 0x1f8c  [ 4912D5B403614CE99C28420F75353332,

975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD     

     C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:35:31.0218 0x1f8c  RDPCDD - ok
09:35:31.0234 0x1f8c  [ 15CABD0F7C00C47C70124907916AF3F1,

66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr        

   C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:35:31.0265 0x1f8c  rdpdr - ok
09:35:31.0328 0x1f8c  [ 43AF5212BD8FB5BA6EED9754358BD8F7,

AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ]

RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
09:35:31.0343 0x1f8c  RDPWD - ok
09:35:31.0390 0x1f8c  [ 3C37BF86641BDA977C3BF8A840F3B7FA,

AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ]

RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
09:35:31.0421 0x1f8c  RDSessMgr - ok
09:35:31.0437 0x1f8c  [ F828DD7E1419B6653894A8F97A0094C5,

E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook    

     C:\WINDOWS\system32\DRIVERS\redbook.sys
09:35:31.0453 0x1f8c  redbook - ok
09:35:31.0625 0x1f8c  [ C96980CCCF84329824623B0B50383703,

723B06A6278AF3620A64ACDD5A2C4D1A87D222EC96B009B67DA42CF52AAE6595 ]

RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:35:31.0703 0x1f8c  RegSrvc - ok
09:35:31.0765 0x1f8c  [ 7E699FF5F59B5D9DE5390E3C34C67CF5,

3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ]

RemoteAccess    C:\WINDOWS\System32\mprdim.dll
09:35:31.0781 0x1f8c  RemoteAccess - ok
09:35:31.0828 0x1f8c  [ 5B19B557B0C188210A56A6B699D90B8F,

0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ]

RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
09:35:31.0859 0x1f8c  RemoteRegistry - ok
09:35:32.0062 0x1f8c  [ FDED778DAF09235E4580F1B9046946B6,

E6DCFF75617B1F23967CF19533AA554A45012AF9B6FD6AD9BD7AC29DCF3D7B6A ]

RoxLiveShare10  C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
09:35:32.0140 0x1f8c  RoxLiveShare10 - ok
09:35:32.0343 0x1f8c  [ E054A2CAF0E2A55C9AAC0BF1CCC558A5,

F7C637DB45E834813E04DBAC2F918FD897CAC3C1DD20B8087BEE39C3BEEACA61 ]

RoxMediaDB10    C:\Program Files\Common Files\Roxio

Shared\10.0\SharedCOM\RoxMediaDB10.exe
09:35:32.0625 0x1f8c  RoxMediaDB10 - ok
09:35:32.0734 0x1f8c  [ C75FDA9AB3314E555123673E08F9D86D,

97B8DB1AD3DFDDAACE14500EB2497B72C83702F6CA3C2A7E417AA9B0B45BBBF0 ]

RoxWatch10      C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
09:35:32.0765 0x1f8c  RoxWatch10 - ok
09:35:32.0843 0x1f8c  [ AAED593F84AFA419BBAE8572AF87CF6A,

CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ]

RpcLocator      C:\WINDOWS\system32\locator.exe
09:35:32.0859 0x1f8c  RpcLocator - ok
09:35:32.0953 0x1f8c  [ 6B27A5C03DFB94B4245739065431322C,

6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs     

      C:\WINDOWS\system32\rpcss.dll
09:35:32.0984 0x1f8c  RpcSs - ok
09:35:33.0062 0x1f8c  [ 471B3F9741D762ABE75E9DEEA4787E47,

D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP  

          C:\WINDOWS\system32\rsvp.exe
09:35:33.0109 0x1f8c  RSVP - ok
09:35:33.0265 0x1f8c  [ 0FCB7EEB0E81A777735A5AF185F56C2B,

E3465A19925F20A0DB8E1EEAD915DF9BE3108CDEA2B5CDAE04AECDBAA01EEFF8 ]

S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
09:35:33.0437 0x1f8c  S24EventMonitor - ok
09:35:33.0515 0x1f8c  [ 96B4494D4734970F47C566E098C4F527,

DCF5835DD196B877912278D13361BC8F950D422E62ED5A075C2AD4E43568DB7D ] s24trans   

     C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:35:33.0531 0x1f8c  s24trans - ok
09:35:33.0562 0x1f8c  [ BF2466B3E18E970D8A976FB95FC1CA85,

F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs       

    C:\WINDOWS\system32\lsass.exe
09:35:33.0562 0x1f8c  SamSs - ok
09:35:33.0593 0x1f8c  [ 86D007E7A654B9A71D1D7D856B104353,

7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr

       C:\WINDOWS\System32\SCardSvr.exe
09:35:33.0640 0x1f8c  SCardSvr - ok
09:35:33.0703 0x1f8c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA,

0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule     

   C:\WINDOWS\system32\schedsvc.dll
09:35:33.0750 0x1f8c  Schedule - ok
09:35:33.0796 0x1f8c  [ 90A3935D05B494A5A39D37E71F09A677,

F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv     

     C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:35:33.0812 0x1f8c  Secdrv - ok
09:35:33.0843 0x1f8c  [ CBE612E2BB6A10E3563336191EDA1250,

C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        

C:\WINDOWS\System32\seclogon.dll
09:35:33.0859 0x1f8c  seclogon - ok
09:35:34.0109 0x1f8c  [ 7198BBFBE46C0070257278C536386687,

8670549D1C26F5924B3FADC35AD526C56728A51D377369B1C74397496497BE5D ] Secunia

PSI Agent C:\Program Files\Secunia PSI\PSIA.exe
09:35:34.0312 0x1f8c  Secunia PSI Agent - ok
09:35:34.0343 0x1f8c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0,

7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS         

   C:\WINDOWS\system32\sens.dll
09:35:34.0343 0x1f8c  SENS - ok
09:35:34.0390 0x1f8c  [ 0F29512CCD6BEAD730039FB4BD2C85CE,

4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum    

     C:\WINDOWS\system32\DRIVERS\serenum.sys
09:35:34.0406 0x1f8c  serenum - ok
09:35:34.0421 0x1f8c  [ CCA207A8896D4C6A0C9CE29A4AE411A7,

5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial   

       C:\WINDOWS\system32\DRIVERS\serial.sys
09:35:34.0437 0x1f8c  Serial - ok
09:35:34.0625 0x1f8c  SessionLauncher - ok
09:35:34.0656 0x1f8c  [ 8E6B8C671615D126FDC553D1E2DE5562,

CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy     

    C:\WINDOWS\system32\drivers\Sfloppy.sys
09:35:34.0656 0x1f8c  Sfloppy - ok
09:35:34.0734 0x1f8c  [ 83F41D0D89645D7235C051AB1D9523AC,

B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ]

SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
09:35:34.0812 0x1f8c  SharedAccess - ok
09:35:34.0890 0x1f8c  [ 99BC0B50F511924348BE19C7C7313BBF,

A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ]

ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:35:34.0906 0x1f8c  ShellHWDetection - ok
09:35:34.0921 0x1f8c  Simbad - ok
09:35:35.0000 0x1f8c  [ 50D9949020E02B847CD48F1243FCB895,

5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ]

SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
09:35:35.0187 0x1f8c  SkypeUpdate - ok
09:35:35.0234 0x1f8c  [ 866D538EBE33709A5C9F5C62B73B7D14,

BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP       

     C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:35:35.0234 0x1f8c  SLIP - ok
09:35:35.0250 0x1f8c  Sparrow - ok
09:35:35.0281 0x1f8c  [ DC8D2952FB6FFBAEC67BD1B93A34DF11,

0BD1523A68900B80ED1BCCB967643525CCA55D4FF4622D0128913690E6BB619E ] speedfan    

    C:\WINDOWS\system32\speedfan.sys
09:35:35.0296 0x1f8c  speedfan - ok
09:35:35.0328 0x1f8c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F,

DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter   

     C:\WINDOWS\system32\drivers\splitter.sys
09:35:35.0343 0x1f8c  splitter - ok
09:35:35.0375 0x1f8c  [ 60784F891563FB1B767F70117FC2428F,

E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler     

    C:\WINDOWS\system32\spoolsv.exe
09:35:35.0390 0x1f8c  Spooler - ok
09:35:35.0421 0x1f8c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D,

6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              

C:\WINDOWS\system32\DRIVERS\sr.sys
09:35:35.0437 0x1f8c  sr - ok
09:35:35.0468 0x1f8c  [ 3805DF0AC4296A34BA4BF93B346CC378,

B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice     

  C:\WINDOWS\system32\srsvc.dll
09:35:35.0500 0x1f8c  srservice - ok
09:35:35.0578 0x1f8c  [ 47DDFC2F003F7F9F0592C6874962A2E7,

17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv          

   C:\WINDOWS\system32\DRIVERS\srv.sys
09:35:35.0625 0x1f8c  Srv - ok
09:35:35.0687 0x1f8c  [ FFE42941E0326C322F40B0B79A46493C,

370A76456D8DCCBEFEA741F14D6971F7449BC59AA24A72F020143B89D217A5C6 ] sscdbus    

     C:\WINDOWS\system32\DRIVERS\sscdbus.sys
09:35:35.0703 0x1f8c  sscdbus - ok
09:35:35.0750 0x1f8c  [ A68E7D87ADFBB8C50D88CD58230C6819,

4FEF3318EB3B3255F1E41443255B9D3DE28D3512D1CEC758A0D6ED6D618A2164 ] sscdmdfl    

    C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
09:35:35.0765 0x1f8c  sscdmdfl - ok
09:35:35.0812 0x1f8c  [ B534B24151281856EC2F69ED3D6D60DD,

741DF18A151347D40CD5AC85D7F6A1E656371D763D37DE77C48381EB0F132F92 ] sscdmdm   

      C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
09:35:35.0843 0x1f8c  sscdmdm - ok
09:35:35.0890 0x1f8c  [ 0A5679B3714EDAB99E357057EE88FCA6,

01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV    

     C:\WINDOWS\System32\ssdpsrv.dll
09:35:35.0906 0x1f8c  SSDPSRV - ok
09:35:35.0953 0x1f8c  [ A36EE93698802CD899F98BFD553D8185,

224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv    

      C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:35:35.0968 0x1f8c  ssmdrv - ok
09:35:36.0062 0x1f8c  [ 305CC42945A713347F978D78566113F3,

92D95E1DCCAA5E31AADB061EB7B531337975974961211BFB7C542FB799348034 ] STAC97    

      C:\WINDOWS\system32\drivers\STAC97.sys
09:35:36.0125 0x1f8c  STAC97 - ok
09:35:36.0171 0x1f8c  [ A9573045BAA16EAB9B1085205B82F1ED,

6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam   

     C:\WINDOWS\system32\DRIVERS\serscan.sys
09:35:36.0171 0x1f8c  StillCam - ok
09:35:36.0234 0x1f8c  [ 8BAD69CBAC032D4BBACFCE0306174C30,

2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc        

  C:\WINDOWS\system32\wiaservc.dll
09:35:36.0312 0x1f8c  stisvc - ok
09:35:36.0437 0x1f8c  [ 1D0063597C3666404FCF97698ABEB019,

352A63C97F930499BC598C2A398663377D7CCD4A42770E35635C90EDC4DA530A ] stllssvr      

  C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
09:35:36.0468 0x1f8c  stllssvr - ok
09:35:36.0515 0x1f8c  [ 77813007BA6265C4B6098187E6ED79D2,

93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip      

  C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:35:36.0531 0x1f8c  streamip - ok
09:35:36.0593 0x1f8c  [ E32735D18C56FD7AAFEC66D128EDBC70,

412F433789240968D995A0B651A4DDB3BB04FBF5408AB38F9816E5EB41956884 ]

SUSTUCAM        C:\WINDOWS\system32\DRIVERS\sustucam.sys
09:35:36.0609 0x1f8c  SUSTUCAM - ok
09:35:36.0640 0x1f8c  [ 46500F183B17D6DE562CDA756E124A83,

1783F5C5869F896874B1156E0EF0E1E68C67A2AB6D1B881C6F18C3BA01E70B88 ]

SUSTUCAP        C:\WINDOWS\system32\DRIVERS\sustucap.sys
09:35:36.0656 0x1f8c  SUSTUCAP - ok
09:35:36.0718 0x1f8c  [ FD8F5A0087B897D2488B0574FC24A8C1,

B3DBFC9EDC8D1BECDCAF299F8EACAEE98D02C51E8FEFCC9A2A0893BC590D2E94 ]

SUSTUCAU        C:\WINDOWS\system32\DRIVERS\sustucau.sys
09:35:36.0734 0x1f8c  SUSTUCAU - ok
09:35:36.0781 0x1f8c  [ 3941D127AEF12E93ADDF6FE6EE027E0F,

EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum     

     C:\WINDOWS\system32\DRIVERS\swenum.sys
09:35:36.0796 0x1f8c  swenum - ok
09:35:36.0843 0x1f8c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01,

B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi      

    C:\WINDOWS\system32\drivers\swmidi.sys
09:35:36.0859 0x1f8c  swmidi - ok
09:35:36.0875 0x1f8c  SwPrv - ok
09:35:36.0906 0x1f8c  symc810 - ok
09:35:36.0906 0x1f8c  symc8xx - ok
09:35:36.0921 0x1f8c  sym_hi - ok
09:35:36.0937 0x1f8c  sym_u3 - ok
09:35:36.0984 0x1f8c  [ 8B83F3ED0F1688B4958F77CD6D2BF290,

546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio     

   C:\WINDOWS\system32\drivers\sysaudio.sys
09:35:37.0015 0x1f8c  sysaudio - ok
09:35:37.0093 0x1f8c  [ C7ABBC59B43274B1109DF6B24D617051,

4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ]

SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
09:35:37.0140 0x1f8c  SysmonLog - ok
09:35:37.0203 0x1f8c  [ 11D34FC869F5BDA29949FE3858380894,

07147942CEE61570653D617B42C90ABCABF55C690A162E2B3C89EF6BD4C32E89 ] tap0901    

     C:\WINDOWS\system32\DRIVERS\tap0901.sys
09:35:37.0218 0x1f8c  tap0901 - ok
09:35:37.0281 0x1f8c  [ 3CB78C17BB664637787C9A1C98F79C38,

F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv        

 C:\WINDOWS\System32\tapisrv.dll
09:35:37.0312 0x1f8c  TapiSrv - ok
09:35:37.0375 0x1f8c  [ 9AEFA14BD6B182D61E3119FA5F436D3D,

EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip          

 C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:35:37.0437 0x1f8c  Tcpip - ok
09:35:37.0468 0x1f8c  [ 6471A66807F5E104E4885F5B67349397,

F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE  

        C:\WINDOWS\system32\drivers\TDPIPE.sys
09:35:37.0468 0x1f8c  TDPIPE - ok
09:35:37.0500 0x1f8c  [ C56B6D0402371CF3700EB322EF3AAF61,

7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP     

      C:\WINDOWS\system32\drivers\TDTCP.sys
09:35:37.0515 0x1f8c  TDTCP - ok
09:35:37.0515 0x1f8c  [ 88155247177638048422893737429D9E,

B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD    

      C:\WINDOWS\system32\DRIVERS\termdd.sys
09:35:37.0531 0x1f8c  TermDD - ok
09:35:37.0562 0x1f8c  [ FF3477C03BE7201C294C35F684B3479F,

D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ]

TermService     C:\WINDOWS\System32\termsrv.dll
09:35:37.0609 0x1f8c  TermService - ok
09:35:37.0625 0x1f8c  [ 99BC0B50F511924348BE19C7C7313BBF,

A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes     

     C:\WINDOWS\System32\shsvcs.dll
09:35:37.0640 0x1f8c  Themes - ok
09:35:37.0703 0x1f8c  [ DB7205804759FF62C34E3EFD8A4CC76A,

13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr        

 C:\WINDOWS\system32\tlntsvr.exe
09:35:37.0718 0x1f8c  TlntSvr - ok
09:35:37.0718 0x1f8c  TosIde - ok
09:35:37.0765 0x1f8c  [ 55BCA12F7F523D35CA3CB833C725F54E,

849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks      

    C:\WINDOWS\system32\trkwks.dll
09:35:37.0796 0x1f8c  TrkWks - ok
09:35:37.0859 0x1f8c  [ AB1BB4E728D26552996662FC3A25A994,

62002BAA43BD5455350E751FE9C0EAE499F8F65BF27819A059BFDEE1BD6E514F ]

UdfReadr_xp     C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
09:35:37.0890 0x1f8c  UdfReadr_xp - ok
09:35:37.0906 0x1f8c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9,

3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs     

       C:\WINDOWS\system32\drivers\Udfs.sys
09:35:37.0921 0x1f8c  Udfs - ok
09:35:37.0937 0x1f8c  UIUSys - ok
09:35:37.0953 0x1f8c  ultra - ok
09:35:38.0031 0x1f8c  [ 402DDC88356B1BAC0EE3DD1580C76A31,

32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          

C:\WINDOWS\system32\DRIVERS\update.sys
09:35:38.0093 0x1f8c  Update - ok
09:35:38.0156 0x1f8c  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91,

7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost   

     C:\WINDOWS\System32\upnphost.dll
09:35:38.0203 0x1f8c  upnphost - ok
09:35:38.0234 0x1f8c  [ 05365FB38FCA1E98F7A566AAAF5D1815,

16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS         

    C:\WINDOWS\System32\ups.exe
09:35:38.0234 0x1f8c  UPS - ok
09:35:38.0312 0x1f8c  [ 65898A183FBF1D1F7759D5CCB364DCD4,

85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio       

 C:\WINDOWS\system32\drivers\usbaudio.sys
09:35:38.0328 0x1f8c  usbaudio - ok
09:35:38.0390 0x1f8c  [ 9419FAAC6552A51542DBBA02971C841C,

979CBE1DF641B74023030B180F31C2E48B5DFAE776679FACE2A2C0BC5B3F2DC5 ] usbbus     

     C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
09:35:38.0406 0x1f8c  usbbus - ok
09:35:38.0468 0x1f8c  [ 1B611611C28D2DF25BC057D79C6F13FC,

B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp    

     C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:35:38.0484 0x1f8c  usbccgp - ok
09:35:38.0546 0x1f8c  [ C0A466FA4FFEC464320E159BC1BBDC0C,

AD54E992D75B3EC744224682DBFC4C26013AE91042A137A902A7EF2D443BC7FC ] UsbDiag  

       C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
09:35:38.0546 0x1f8c  UsbDiag - ok
09:35:38.0593 0x1f8c  [ 4BAC8DF07F1D8434FC640E677A62204E,

76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci       

  C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:35:38.0609 0x1f8c  usbehci - ok
09:35:38.0656 0x1f8c  [ 1AB3CDDE553B6E064D2E754EFE20285C,

A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub      

    C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:35:38.0671 0x1f8c  usbhub - ok
09:35:38.0687 0x1f8c  [ F74A54774A9B0AFEB3C40ADEC68AA600,

708A3658CDD0CB5EA7339AB498F876F5545F25F61EE184B79D03CC0F76B720D9 ]

USBModem        C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
09:35:38.0703 0x1f8c  USBModem - ok
09:35:38.0750 0x1f8c  [ A717C8721046828520C9EDF31288FC00,

1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint    

    C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:35:38.0765 0x1f8c  usbprint - ok
09:35:38.0828 0x1f8c  [ F8EDE2B6928970DCE3D5614C27D9E7F6,

6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan

        C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:35:38.0843 0x1f8c  usbscan - ok
09:35:38.0875 0x1f8c  [ A32426D9B14A089EAA1D922E0C5801A9,

ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ]

USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:35:38.0890 0x1f8c  USBSTOR - ok
09:35:38.0937 0x1f8c  [ 26496F9DEE2D787FC3E61AD54821FFE6,

8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci      

   C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:35:38.0953 0x1f8c  usbuhci - ok
09:35:38.0968 0x1f8c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1,

B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave

        C:\WINDOWS\System32\drivers\vga.sys
09:35:38.0984 0x1f8c  VgaSave - ok
09:35:39.0000 0x1f8c  ViaIde - ok
09:35:39.0031 0x1f8c  [ 4C8FCB5CC53AAB716D810740FE59D025,

010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ]

VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
09:35:39.0046 0x1f8c  VolSnap - ok
09:35:39.0125 0x1f8c  [ 7A9DB3A67C333BF0BD42E42B8596854B,

D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS         

    C:\WINDOWS\System32\vssvc.exe
09:35:39.0187 0x1f8c  VSS - ok
09:35:39.0500 0x1f8c  [ F0608F3B5B6D16F4870E867F9D069B6B,

B126820824D01C1E9C4FFFC2871A6C9512495128C368F7D63A1F603F36D974C7 ] w29n51      

    C:\WINDOWS\system32\DRIVERS\w29n51.sys
09:35:39.0687 0x1f8c  w29n51 - ok
09:35:39.0750 0x1f8c  [ 54AF4B1D5459500EF0937F6D33B1914F,

FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time

        C:\WINDOWS\system32\w32time.dll
09:35:39.0765 0x1f8c  W32Time - ok
09:35:39.0796 0x1f8c  [ E20B95BAEDB550F32DD489265C1DA1F6,

5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ]

Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:35:39.0796 0x1f8c  Wanarp - ok
09:35:39.0875 0x1f8c  [ FD47474BD21794508AF449D9D91AF6E6,

2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000

       C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:35:39.0937 0x1f8c  Wdf01000 - ok
09:35:39.0953 0x1f8c  WDICA - ok
09:35:39.0984 0x1f8c  [ 6768ACF64B18196494413695F0C3A00F,

3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud   

       C:\WINDOWS\system32\drivers\wdmaud.sys
09:35:40.0000 0x1f8c  wdmaud - ok
09:35:40.0031 0x1f8c  [ 77A354E28153AD2D5E120A5A8687BC06,

8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ]

WebClient       C:\WINDOWS\System32\webclnt.dll
09:35:40.0046 0x1f8c  WebClient - ok
09:35:40.0140 0x1f8c  [ 0C5B9CF1BDF998750D9C5EEB5F8C55AC,

897226F3CF628401B71F38228CB429506E5DD1C0C24CF8AC9C969DC594AF9F7D ] winachsf   

     C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:35:40.0234 0x1f8c  winachsf - ok
09:35:40.0328 0x1f8c  [ 2D0E4ED081963804CCC196A0929275B5,

E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt  

       C:\WINDOWS\system32\wbem\WMIsvc.dll
09:35:40.0343 0x1f8c  winmgmt - ok
09:35:40.0437 0x1f8c  [ C9B9942EECA0B82E35D60627E365510A,

B8D699E3FB82E6CDEE3233448CE21A4E0A64B0329652A558214AF8B227E24FAB ]

WLANKEEPER      C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
09:35:40.0484 0x1f8c  WLANKEEPER - ok
09:35:40.0500 0x1f8c  wltrysvc - ok
09:35:40.0562 0x1f8c  [ C51B4A5C05A5475708E3C81C7765B71D,

F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ]

WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
09:35:40.0578 0x1f8c  WmdmPmSN - ok
09:35:40.0718 0x1f8c  [ E76F8807070ED04E7408A86D6D3A6137,

BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi         

    C:\WINDOWS\System32\advapi32.dll
09:35:40.0796 0x1f8c  Wmi - ok
09:35:40.0875 0x1f8c  [ E0673F1106E62A68D2257E376079F821,

12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ]

WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:35:40.0906 0x1f8c  WmiApSrv - ok
09:35:41.0078 0x1f8c  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B,

C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ]

WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
09:35:41.0281 0x1f8c  WMPNetworkSvc - ok
09:35:41.0609 0x1f8c  [ 15673BD0B86150CB8E27766059C72A9B,

56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ]

WPFFontCache_v0400

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:35:41.0718 0x1f8c  WPFFontCache_v0400 - ok
09:35:41.0765 0x1f8c  [ 6ABE6E225ADB5A751622A9CC3BC19CE8,

4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL

        C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:35:41.0781 0x1f8c  WS2IFSL - ok
09:35:41.0843 0x1f8c  [ 7C278E6408D1DCE642230C0585A854D5,

DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc     

     C:\WINDOWS\system32\wscsvc.dll
09:35:41.0859 0x1f8c  wscsvc - ok
09:35:41.0906 0x1f8c  [ C98B39829C2BBD34E454150633C62C78,

71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ]

WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:35:41.0921 0x1f8c  WSTCODEC - ok
09:35:41.0953 0x1f8c  [ 35321FB577CDC98CE3EB3A3EB9E4610A,

C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ]

wuauserv        C:\WINDOWS\system32\wuauserv.dll
09:35:41.0968 0x1f8c  wuauserv - ok
09:35:42.0031 0x1f8c  [ F15FEAFFFBB3644CCC80C5DA584E6311,

79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf      

    C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:35:42.0046 0x1f8c  WudfPf - ok
09:35:42.0078 0x1f8c  [ 28B524262BCE6DE1F7EF9F510BA3985B,

AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd    

      C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:35:42.0109 0x1f8c  WudfRd - ok
09:35:42.0156 0x1f8c  [ 05231C04253C5BC30B26CBAAE680ED89,

5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc  

       C:\WINDOWS\System32\WUDFSvc.dll
09:35:42.0187 0x1f8c  WudfSvc - ok
09:35:42.0296 0x1f8c  [ 81DC3F549F44B1C1FFF022DEC9ECF30B,

3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ]

WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
09:35:42.0390 0x1f8c  WZCSVC - ok
09:35:42.0453 0x1f8c  [ 295D21F14C335B53CB8154E5B1F892B9,

9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov     

    C:\WINDOWS\System32\xmlprov.dll
09:35:42.0500 0x1f8c  xmlprov - ok
09:35:42.0562 0x1f8c  ================ Scan global

===============================
09:35:42.0625 0x1f8c  [ 42F1F4C0AFB08410E5F02D4B13EBB623,

924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ]

C:\WINDOWS\system32\basesrv.dll
09:35:42.0703 0x1f8c  [ 69AE2B2E6968C316536E5B10B9702E63,

D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ]

C:\WINDOWS\system32\winsrv.dll
09:35:42.0796 0x1f8c  [ 69AE2B2E6968C316536E5B10B9702E63,

D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ]

C:\WINDOWS\system32\winsrv.dll
09:35:42.0906 0x1f8c  [ 65DF52F5B8B6E9BBD183505225C37315,

59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ]

C:\WINDOWS\system32\services.exe
09:35:42.0906 0x1f8c  [ Global ] - ok
09:35:42.0906 0x1f8c  ================ Scan MBR

==================================
09:35:42.0937 0x1f8c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:35:43.0250 0x1f8c  \Device\Harddisk0\DR0 - ok
09:35:43.0250 0x1f8c  ================ Scan VBR

==================================
09:35:43.0250 0x1f8c  [ 26F725B8A6779A3B074A56EEBF210E48 ]

\Device\Harddisk0\DR0\Partition1
09:35:43.0250 0x1f8c  \Device\Harddisk0\DR0\Partition1 - ok
09:35:43.0265 0x1f8c  [ 3290C70E63ADBA6189318A0B97E3308F ]

\Device\Harddisk0\DR0\Partition2
09:35:43.0265 0x1f8c  \Device\Harddisk0\DR0\Partition2 - ok
09:35:43.0265 0x1f8c  ================ Scan generic autorun ======================
09:35:43.0343 0x1f8c  [ BDF765B33972A95AE8B5C5262D5E1325,

4BC295116BC9ED3E6B6EB339CB28C400768908158C3F4DE4AA5D7954CF5E0E51 ]

C:\Program Files\Apoint\Apoint.exe
09:35:43.0375 0x1f8c  Apoint - ok
09:35:43.0437 0x1f8c  [ 734FD9956E1D34DEC9C54CCA0F1A727F,

9CEC1CF410902258F701A762ADD23175C2BD396E7044F0FF5460DAD513F9EAF3 ]

C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe
09:35:43.0468 0x1f8c  RoxioEngineUtility - ok
09:35:43.0640 0x1f8c  [ 623CD049D0CC68C9B0AA15CB31E5F47E,

DCAE6C5E488FD57E32804E2AFD79ED0B43F6E51C6E9DC4ECC6D9D85EA970589F ]

C:\Program Files\Easy CD Creator\DragToDisc\DrgToDsc.exe
09:35:43.0859 0x1f8c  RoxioDragToDisc - ok
09:35:43.0984 0x1f8c  [ 53A47A21F341FF30B75F14BF03E01643,

E0A06BDEDFB3D5D8DFD875C1BF9D8E3ED3FEA6414E02BB348F88B34A0589F4B0 ]

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
09:35:44.0078 0x1f8c  LogitechCommunicationsManager - ok
09:35:44.0125 0x1f8c  [ EBD2EA535FC47D426D0C2FC7C7293534,

06257B05A98D5A010EA50FFB4D936E517E73380AC1D3BCDED2E433947F881454 ]

C:\WINDOWS\system32\taskswitch.exe
09:35:44.0156 0x1f8c  CoolSwitch - ok
09:35:44.0359 0x1f8c  [ AE46C853FD91107E39A779EE86FB6387,

0E18FECDACFCC570E09A749EF05434BAD40DA85A74B69489E6CD9135860D711F ]

C:\Program Files\Logitech\SetPointP\SetPoint.exe
09:35:44.0546 0x1f8c  EvtMgr6 - ok
09:35:45.0265 0x1f8c  [ 30A0B072E647757CEDDA9E306D410410,

9B16173C973F6B494F35DBA3AD339C3964CD8B066F9D59E5BC9DCF27B526A1F1 ]

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
09:35:45.0734 0x1f8c  COMODO Internet Security - ok
09:35:45.0875 0x1f8c  [ 0AD1782EDBC87F6C8444D59C382D9197,

574506487DAC5B1EC7F13562EFE44D0A13713CE73A4782719C94EECC998E8CFB ]

C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
09:35:45.0906 0x1f8c  RoxWatchTray - ok
09:35:46.0015 0x1f8c  [ 61E4289E91E88C90478D7F4BEB10DCF7,

1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ]

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
09:35:46.0031 0x1f8c  APSDaemon - ok
09:35:46.0109 0x1f8c  [ 0184D806F9AD3B8F389336FE736D82DA,

E1D5C5A3D8813E7F61F360C8B9415F1FC300EEFE481E424029077C2D5A9A1BEA ]

C:\WINDOWS\system32\igfxtray.exe
09:35:46.0125 0x1f8c  igfxtray - ok
09:35:46.0140 0x1f8c  [ 6C47474924ECD9B6F849D3B533CA3FFF,

375787AD037BAD18BEF7A6FF9A4B748CE18E7E6D1D61A15BB0B17BE8387E67DF ]

C:\WINDOWS\system32\hkcmd.exe
09:35:46.0171 0x1f8c  igfxhkcmd - ok
09:35:46.0187 0x1f8c  [ F6BB88A352BB58EA7D51EE2606F9414C,

09BB34E7872CB9AFA5F0BB34FDDF821E1CF9A1748228B621C45B939E5E2B5AD0 ]

C:\WINDOWS\system32\igfxpers.exe
09:35:46.0218 0x1f8c  igfxpers - ok
09:35:46.0421 0x1f8c  [ 4F5562F8C92EEDA83761244AC3655ADA,

63BFA8F83CCCACBB3EEC29440B2D2AC29681C4FD766D41954A2A61E7775B4D4B ]

C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
09:35:46.0640 0x1f8c  IntelZeroConfig - ok
09:35:46.0859 0x1f8c  [ D21B30A0A07EBB5AD6D5750735D90555,

92544B4B0753C7A3AA9F712D5E6AD98498AB0E576B7A14E5A812E153B2E2FC2E ]

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
09:35:47.0062 0x1f8c  IntelWireless - ok
09:35:47.0187 0x1f8c  [ 663CF5C7280F5253E524D609BE6345E8,

E2927700CE9BBB541C1F220432575F93BE501D39EAE8E811FE57FAF18E9EDBDC ]

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
09:35:47.0281 0x1f8c  ATIPTA - ok
09:35:47.0437 0x1f8c  [ 1E9B225DE829A6F666A0BA9B8A7984BF,

89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ]

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
09:35:47.0562 0x1f8c  avgnt - ok
09:35:47.0718 0x1f8c  [ 9ACCBC5891BA51B5B29C1A88F80D4CE3,

4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ]

C:\Program Files\QuickTime\QTTask.exe
09:35:47.0812 0x1f8c  QuickTime Task - ok
09:35:47.0828 0x1f8c  KernelFaultCheck - ok
09:35:48.0031 0x1f8c  [ 048EA4B978851788E9F5E8E4F081DF7A,

EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
09:35:48.0421 0x1f8c  Adobe ARM - ok
09:35:48.0625 0x1f8c  [ 17CEC1CB41C5580DBE20984FC73BC4F4,

720F3E6A0A31BA4236F809B450949A4EF249D1C3535DF7386487A396BC0FB562 ]

C:\WINDOWS\system32\WLTRAY.exe
09:35:48.0921 0x1f8c  Broadcom Wireless Manager UI - ok
09:35:49.0078 0x1f8c  [ EDAD4A8A1D46AFCF9E76B996D55116EB,

937549E6FBF5D7282E56866C705539646F2CB6839FD74BF7AA8FB2BA5CCEE940 ]

C:\Program Files\Common Files\Java\Java Update\jusched.exe
09:35:49.0140 0x1f8c  SunJavaUpdateSched - ok
09:35:49.0187 0x1f8c  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3,

5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ]

C:\WINDOWS\system32\ctfmon.exe
09:35:49.0203 0x1f8c  ctfmon.exe - ok
09:35:49.0203 0x1f8c  Waiting for KSN requests completion. In queue: 203
09:35:50.0203 0x1f8c  Waiting for KSN requests completion. In queue: 203
09:35:51.0203 0x1f8c  Waiting for KSN requests completion. In queue: 203
09:35:52.0203 0x1f8c  Waiting for KSN requests completion. In queue: 203
09:35:53.0312 0x1f8c  AV detected via SS1: Avira Desktop, 14.0.5.320, enabled, updated
09:35:53.0312 0x1f8c  FW detected via SS1: COMODO Firewall, 3.9, enabled
09:35:56.0421 0x1f8c  

============================================================
09:35:56.0421 0x1f8c  Scan finished
09:35:56.0421 0x1f8c  

============================================================
09:35:56.0437 0x2154  Detected object count: 0
09:35:56.0437 0x2154  Actual detected object count: 0
 



#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 07 July 2014 - 08:54 PM

Great! Please do this next:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif  Open Malwarebytes AntiMalware (MBAM)
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Please include the following in your next post:
  • adwCleaner log
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 DDE12

DDE12
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 08 July 2014 - 07:58 PM

I don't completely understand the ADW info but I don't think I want to delete my Firefox profile.  I don't think vshare or Viewpoint are necessary.

For MBAM should I delete the quarantined Softonic registry entry?

 

# AdwCleaner v3.214 - Report created 08/07/2014 at 18:16:07
# Updated 29/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - LAPTOP
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\user.js
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\User\Application Data\Viewpoint
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Program Files\Viewpoint

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\Software\TENCENT

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7k1rmeyv.default\prefs.js ]


[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\au13y77k.default\prefs.js ]


[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\zxcppdrf.default\prefs.js ]

Line Found : user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3,add-to-searchbox@maltekraus.de:2.0,enter.selects@agadak.net:6,jqs@sun.com:1.0,{0AE5CAA4-8BAB-11DB-AF59-ED4B56D89593}:[...]
Line Found : user_pref("extensions.vshare@toolbar.install-event-fired", true);
Line Found : user_pref("vshare.install.date", "1287878400000");
Line Found : user_pref("vshare.install.finished", "1.0.0");
Line Found : user_pref("vshare.install.guid", "{c70c1e7e-7c50-4d91-88ea-c4f5e18755c6}");
Line Found : user_pref("vshare.install.isHidden", true);
Line Found : user_pref("vshare.install.laststatreq", "1327017600000");
Line Found : user_pref("vshare.install.newtab", false);

-\\ Google Chrome v

[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://www.xavier.edu/search/Search-Results.cfm?cx=016688830065296081262%3Acmjca6d91ku&cof=FORID%3A11&q={searchTerms}&sa=GO

*************************

AdwCleaner[R0].txt - [4623 octets] - [08/07/2014 18:16:07]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4683 octets] ##########
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/8/2014
Scan Time: 8:22:53 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.08.12
Rootkit Database: v2014.07.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323983
Time Elapsed: 21 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Softonic.A,

HKU\S-1-5-21-2052111302-764733703-682003330-1004-{ED1FC765-E35E-4C3D-BF15-2C2B1

1260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined,

[27f5cecf2c4f0333ee2d5972867c0cf4],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 09 July 2014 - 04:25 PM

Please do this next:

All of those adwCleaner and MBAM detections are related to "Potentially unwanted Programs" (PUP).  A definition of PUPs is HERE.  It's entirely up to you whether you want to remove them or not.

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • How is your computer running now?
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 DDE12

DDE12
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 10 July 2014 - 11:15 PM

My computer is running normal for the most part.  The one thing that was happening prior and is still happening; is that I'm getting occasional new Firefox windows opening up for various ads.  I believe it was one of these "pop-ups" that gave me the Syshost.exe that the firewall caught.  I have AdBlock Plus with Pop-up Addon and Firefox is set to block pop-ups with no exceptions.  What more should I do to prevent these pop-ups?  For ADWCleaner, if I allow it to clean everything will it erase the Firefox user.js?  Why is there not any check boxes for the list of items in the Firefox tab for ADWCleaner?  If selecting clean will all of these entries be deleted?  Also Avira is detecting Syshost.exe in system restore points.  Should I delete all system restore points and then make a new one?  Thank you.

 

C:\Program Files\Avira\AntiVir Desktop\apnic.dll    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users