Inactive Host Process Problems + MBAM logs

keithy397 · 2014/05/10

[Inactive] Host Process Problems + MBAM logs

Hi,

I previously posted in the XP forum (Original Post) about this problem and was guided here with MBAM logs...

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 10/05/2014 07:49:22, SYSTEM, OWNER-64EF426E6, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 10/05/2014 07:49:29, SYSTEM, OWNER-64EF426E6, Manual, Malware Database, 2014.3.4.9, 2014.5.10.3,

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/05/2014
Scan Time: 08:33:19
Logfile: MBAM_ScanLog_140510.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.10.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 277437
Time Elapsed: 41 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.InstallCore.A, HKU\S-1-5-21-436374069-1580436667-854245398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, No Action By User, [209be46b6f0c70c656d4f59f2dd5d52b],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-436374069-1580436667-854245398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, No Action By User, [a615a5aa5625fb3b59f7ebbf3dc630d0],
PUP.Optional.Softonic.A, HKU\S-1-5-21-436374069-1580436667-854245398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, No Action By User, [8d2e2e217506a690bab4e59dec1615eb],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-436374069-1580436667-854245398-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1L1J1L1S1R1N, No Action By User, [a615a5aa5625fb3b59f7ebbf3dc630d0]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.InstallCore, C:\RECYCLER\S-1-5-21-436374069-1580436667-854245398-1003\Dc17.exe, No Action By User, [16a5410e8af1063062e7cd59e71d48b8],

Physical Sectors: 0
(No malicious items detected)

(end)

Hope that's what you need.....

Admin. · 2014/05/10

That and much more! (Step 2 & 3)

broni · 2014/05/10

...and your MBAM log says "No Action By User ".
Re-run MBAM fix all issues and post new log.

keithy397 · 2014/05/11

Sorry, I posted the wrong PC's log files so here we go again with the right ones.....

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 11/05/2014 09:15:53, SYSTEM, PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 11/05/2014 09:16:03, SYSTEM, PC, Manual, Malware Database, 2014.3.4.9, 2014.5.11.3,

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/05/2014
Scan Time: 10:01:58
Logfile: ScanLog140511.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.11.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Paul

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 244090
Time Elapsed: 45 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
Trojan.Sefnit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FLASHPLAYERUPDATESERVICE.EXE, Quarantined, [cc53eb65a2d9f14554224fb94db519e7],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, Quarantined, [9a856ce4d3a8bd790a8ca20910f3d42c],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-448539723-2139871995-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [ed3256fa6f0c9b9be0a2e2c84db6a060],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-448539723-2139871995-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Quarantined, [0718ee62e299f83eff826b3f659ef907],
PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-448539723-2139871995-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, Quarantined, [34eb77d9df9c4fe78b14a2e922e0659b],
PUP.Optional.Babylon.A, HKU\S-1-5-21-448539723-2139871995-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, Quarantined, [150a262a57246dc97416c2e9768da060],
PUP.Optional.BProtector.A, HKU\S-1-5-21-448539723-2139871995-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Quarantined, [6bb466ea502b78beaa330ca105fed52b],
PUP.Optional.Softonic.A, HKU\S-1-5-21-448539723-2139871995-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [bd624e02c4b7b38341880f733fc354ac],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-448539723-2139871995-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Quarantined, [a47be769a7d44aece5b0acffd62d0cf4],

Registry Values: 3
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, 1523565718854786654, Quarantined, [9a856ce4d3a8bd790a8ca20910f3d42c]
PUP.BProtector, HKU\S-1-5-21-448539723-2139871995-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, Quarantined, [2af556facdae74c27c07d7d3e61de020],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-448539723-2139871995-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 1523565718854786654, Quarantined, [a47be769a7d44aece5b0acffd62d0cf4]

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.PlaySushi, F:\Documents and Settings\Paul\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com, Quarantined, [a57a1d334e2d70c6872bce9bb25055ab],
PUP.Optional.PlaySushi, F:\Documents and Settings\Paul\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome, Quarantined, [a57a1d334e2d70c6872bce9bb25055ab],
PUP.Optional.PlaySushi, F:\Documents and Settings\Paul\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components, Quarantined, [a57a1d334e2d70c6872bce9bb25055ab],
PUP.Optional.FileScout.A, F:\Documents and Settings\Paul\Application Data\File Scout, Quarantined, [b16eb29e46350a2cf3b80b617d85dd23],
PUP.Optional.Conduit.A, F:\Documents and Settings\Paul\Local Settings\Temp\CT3325809, Quarantined, [48d7fd532c4f69cdae5cf07d3bc729d7],

Files: 11
PUP.Optional.Conduit, F:\RECYCLER\S-1-5-21-448539723-2139871995-725345543-1004\Df2.exe, Quarantined, [de416fe1d1aa62d4a12e4e1df60e60a0],
Trojan.Sefnit, F:\WINDOWS\system32\FlashPlayerUpdateService.exe, Quarantined, [cc53eb65a2d9f14554224fb94db519e7],
PUP.Optional.BProtector.A, F:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\jf2v1cjf.default\bprotector_extensions.sqlite, Quarantined, [f629fc54afccf54182bdd9b037cb19e7],
PUP.Optional.BProtector.A, F:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\jf2v1cjf.default\bProtector_prefs.js, Quarantined, [6cb35cf47407b77fae9263266e94c13f],
PUP.Optional.PlaySushi, F:\Documents and Settings\Paul\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest, Quarantined, [a57a1d334e2d70c6872bce9bb25055ab],
PUP.Optional.PlaySushi, F:\Documents and Settings\Paul\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf, Quarantined, [a57a1d334e2d70c6872bce9bb25055ab],
PUP.Optional.PlaySushi, F:\Documents and Settings\Paul\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlinks.jar, Quarantined, [a57a1d334e2d70c6872bce9bb25055ab],
PUP.Optional.PlaySushi, F:\Documents and Settings\Paul\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll, Quarantined, [a57a1d334e2d70c6872bce9bb25055ab],
PUP.Optional.PlaySushi, F:\Documents and Settings\Paul\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.xpt, Quarantined, [a57a1d334e2d70c6872bce9bb25055ab],
PUP.Optional.FileScout.A, F:\Documents and Settings\Paul\Application Data\File Scout\uninst.exe, Quarantined, [b16eb29e46350a2cf3b80b617d85dd23],
PUP.Optional.Conduit.A, F:\Documents and Settings\Paul\Local Settings\Temp\CT3325809\ddt.csf, Quarantined, [48d7fd532c4f69cdae5cf07d3bc729d7],

Physical Sectors: 0
(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Paul at 10:57:27 on 2014-05-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.76 [GMT 1:00]
.
AV: Virgin Media Security Anti-Virus *Disabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Virgin Media Security Firewall *Disabled*
.
============== Running Processes ================
.
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\Program Files\Citrix\ICA Client\concentr.exe
F:\Program Files\Citrix\ICA Client\wfcrun32.exe
F:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\Program Files\AVAST Software\Avast\AvastUI.exe
F:\Documents and Settings\Paul\My Documents\Other Programs\Zoomit\ZoomIt.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Real\update\realsched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\SUPERAntiSpyware\SASCORE.EXE
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Google\Drive\googledrivesync.exe
F:\Documents and Settings\Paul\My Documents\Other Programs\PrintScreen\PrintScreen.exe
F:\Program Files\Clipdiary\clipdiary.exe
F:\Program Files\PhraseExpress\phraseexpress.exe
F:\Documents and Settings\Paul\My Documents\Other Programs\Locate32\locate32.exe
F:\Program Files\MedalFolders\MedalFolders.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
F:\Program Files\Philips\Media Manager\Philips Media Manager.exe
F:\Program Files\OpenOffice.org 3\program\soffice.exe
F:\PROGRA~1\MICROS~3\rapimgr.exe
F:\Program Files\OpenOffice.org 3\program\soffice.bin
F:\Program Files\AVAST Software\Avast\AvastSvc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Google\Chrome Remote Desktop\34.0.1847.86\remoting_host.exe
F:\Program Files\Google\Chrome Remote Desktop\34.0.1847.86\remoting_host.exe
F:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
F:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
F:\Program Files\Google\Drive\googledrivesync.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\System32\alg.exe
F:\Program Files\TeamViewer\Version9\TeamViewer.exe
F:\Program Files\TeamViewer\Version9\tv_w32.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\System32\taskmgr.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
F:\WINDOWS\System32\svchost.exe -k NetworkService
F:\WINDOWS\System32\svchost.exe -k LocalService
F:\WINDOWS\System32\svchost.exe -k LocalService
F:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.virginmedia.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {21608B66-026F-4DCB-9244-0DACA328DCED} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - f:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - f:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - f:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
TB: MSN Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - f:\program files\msn toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - f:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "f:\program files\microsoft activesync\wcescomm.exe "
uRun: [swg] "f:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [GoogleDriveSync] "f:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [Gadwin PrintScreen] f:\documents and settings\paul\my documents\other programs\printscreen\PrintScreen.exe /nosplash
uRun: [clipdiary] f:\program files\clipdiary\clipdiary.exe
mRun: [NvCplDaemon] RUNDLL32.EXE f:\windows\system32\NvCpl.dll,NvStartup
mRun: [zBrowser Launcher] f:\program files\logitech\itouch\iTouch.exe
mRun: [ConnectionCenter] "f:\program files\citrix\ica client\concentr.exe" /startup
mRun: [APSDaemon] "f:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [QuickTime Task] "f:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] f:\windows\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "f:\program files\common files\java\java update\jusched.exe "
mRun: [AvastUI.exe] "f:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [ZoomIt] f:\documents and settings\paul\my documents\other programs\zoomit\ZoomIt.exe
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe "
mRun: [TkBellExe] "f:\program files\real\update\realsched.exe" -osboot
dRun: [CTFMON.EXE] f:\windows\system32\CTFMON.EXE
StartupFolder: f:\docume~1\paul\startm~1\programs\startup\locate~1.lnk - f:\documents and settings\paul\my documents\other programs\locate32\locate32.exe
StartupFolder: f:\docume~1\paul\startm~1\programs\startup\medalf~1.lnk - f:\program files\medalfolders\MedalFolders.exe
StartupFolder: f:\docume~1\paul\startm~1\programs\startup\openof~1.lnk - f:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: f:\docume~1\paul\startm~1\programs\startup\philip~1.lnk - f:\program files\philips\media manager\Philips Media Manager.exe
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\phrase~1.lnk - f:\program files\phraseexpress\phraseexpress.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoBandCustomize = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - f:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - <orphaned>
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
DPF: {00000161-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaud.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3334504D-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {84818113-96C5-11D2-BE39-006008BF4DD5} - hxxp://www.scotlandspeople.gov.uk/Viewers/ActiveXControl/viewdw32.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/xp_mail.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{F508AB4A-234B-4593-8068-9E880E91A931} : DHCPNameServer = 192.168.0.1
AppInit_DLLs= f:\docume~1\alluse~1\applic~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - f:\documents and settings\paul\application data\mozilla\firefox\profiles\jf2v1cjf.default\
FF - prefs.js: browser.startup.homepage - google.co.uk
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: f:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: f:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: f:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: f:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: f:\documents and settings\paul\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: f:\documents and settings\paul\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: f:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: f:\program files\real\netscape6\nppl3260.dll
FF - plugin: f:\program files\real\netscape6\nprpplugin.dll
FF - plugin: f:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: f:\windows\system32\macromed\flash\NPSWF32_13_0_0_206.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;f:\windows\system32\drivers\aswRvrt.sys [2013-4-5 49944]
R0 aswVmm;avast! VM Monitor;f:\windows\system32\drivers\aswVmm.sys [2013-4-5 180632]
R0 RadialpointIDSEH;RadialpointIDSEH;f:\windows\system32\drivers\AVGIDSEH.sys [2010-11-11 25608]
R1 aswSnx;aswSnx;f:\windows\system32\drivers\aswSnx.sys [2012-10-29 776976]
R1 aswSP;aswSP;f:\windows\system32\drivers\aswSP.sys [2012-10-29 411552]
R1 ctxusbm;Citrix USB Monitor Driver;f:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 SASDIFSV;SASDIFSV;f:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;f:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;f:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 aswHwid;avast! HardwareID;f:\windows\system32\drivers\aswHwid.sys [2014-4-20 24184]
R2 aswMonFlt;aswMonFlt;f:\windows\system32\drivers\aswMonFlt.sys [2013-4-5 67824]
R2 avast! Antivirus;avast! Antivirus;f:\program files\avast software\avast\AvastSvc.exe [2012-10-29 50344]
R2 chromoting;Chrome Remote Desktop Service;f:\program files\google\chrome remote desktop\34.0.1847.86\remoting_host.exe [2014-3-23 50504]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;f:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 TeamViewer9;TeamViewer 9;f:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-4-29 5024576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RadialpointIDSAgent;RadialpointIDSAgent; [x]
S3 kednl6;AVSearch service;\??\f:\windows\system32\kednl6.sys --> f:\windows\system32\kednl6.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys --> f:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 RadialpointIDSDriver;RadialpointIDSDriver;\??\f:\program files\virgin media\security\avg\identity protection\agent\drivers\avgidsdriver.sys --> f:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSDriver.sys [?]
S3 RadialpointIDSFilter;RadialpointIDSFilter;\??\f:\program files\virgin media\security\avg\identity protection\agent\drivers\avgidsfilter.sys --> f:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSFilter.sys [?]
S3 RadialpointIDSShim;RadialpointIDSShim;\??\f:\program files\virgin media\security\avg\identity protection\agent\drivers\avgidsshim.sys --> f:\program files\virgin media\security\avg\identity protection\agent\drivers\AVGIDSShim.sys [?]
S3 SNPT513;PC Camera (6025 VGA);f:\windows\system32\drivers\snpt513.sys [2006-5-14 183040]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open= "f:\program files\opera\Launcher.exe" "%1 "
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-04-29 11:18:54 70832 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 11:18:54 692400 ----a-w- f:\windows\system32\FlashPlayerApp.exe
2014-04-20 09:32:10 776976 ----a-w- f:\windows\system32\drivers\aswSnx.sys
2014-04-20 09:32:10 67824 ----a-w- f:\windows\system32\drivers\aswMonFlt.sys
2014-04-20 09:32:10 49944 ----a-w- f:\windows\system32\drivers\aswRvrt.sys
2014-04-20 09:32:10 180632 ----a-w- f:\windows\system32\drivers\aswVmm.sys
2014-03-06 17:59:23 920064 ----a-w- f:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ----a-w- f:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ----a-w- f:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ------w- f:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ----a-w- f:\windows\system32\html.iec
2014-02-26 01:59:05 13312 ------w- f:\windows\system32\xp_eos.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD400BB-00DEA0 rev.05.03E05 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe >>UNKNOWN [0x8739A550]<<
_asm { MOV EAX, 0x8739a470; XCHG [ESP], EAX; PUSH EAX; PUSH 0x873a0eb4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x804E3735] -> \Device\Harddisk1\DR1[0x87338AB8]
\Driver\Disk[0x87369F38] -> IRP_MJ_CREATE -> 0x8739A550
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV SI, 0x7be; MOV CL, 0x4; CMP [SI], CH; JL 0x2d; JNZ 0x3b; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x8739a550
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 10:59:27.70 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 07/05/2006 22:15:21
System Uptime: 11/05/2014 10:07:00 (0 hours ago)
.
Motherboard: http://www.abit.com.tw/ | | KV7(VIA KT600-8237)
Processor: AMD Athlon(tm) XP 2500+ | Socket 7 | 1851/168mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 31.305 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 76 GiB total, 8.479 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_1408147B&REV_80\3&61AAA01&0&78
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_1408147B&REV_80\3&61AAA01&0&78
Service:
.
==== System Restore Points ===================
.
RP1: 28/04/2014 15:58:14 - System Checkpoint
RP2: 29/04/2014 16:27:04 - System Checkpoint
RP3: 30/04/2014 17:04:22 - System Checkpoint
RP4: 06/05/2014 10:40:27 - System Checkpoint
RP5: 07/05/2014 14:05:28 - System Checkpoint
RP6: 08/05/2014 15:27:17 - System Checkpoint
RP7: 09/05/2014 16:25:11 - System Checkpoint
RP8: 10/05/2014 22:38:38 - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.32 alpha
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Suite
Auto Care
avast! Free Antivirus
BitTornado 0.3.17
Bonjour
Campaign Cartographer 2
CCleaner
CDisplay 1.8
Chrome Remote Desktop Host
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Clipdiary 1.4
Critical Update for Windows Media Player 11 (KB959772)
Defraggler
Download Manager and Options
Email Updater
Facebook Plug-In
FastCAD
Gadwin PrintScreen
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
Google Video Player
Hardware Doctor
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InterActual Player
iPod for Windows 2006-03-23
iPod Update 2004-04-28
iTunes
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9 GDI+ Patch
Jasc Paint Shop Pro 9.01 Patch
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
K-Lite Mega Codec Pack 1.57
Legacy 5.0
Logitech Desktop Messenger
Logitech iTouch Software
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 2.0.1.1004
MedalFolders 2.0.0.500
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MSXML4 Parser
NexusFont 2.5 (ver 2.5.8.1582)
NVIDIA Display Driver
OpenOffice.org 3.4.1
Opera Stable 20.0.1387.91
PC Camera (6025 VGA)
PC Connectivity Solution
PDFTOEXCEL
PerfectDisk 10 Professional
Philips Media Manager 3.3.12.0004
PhraseExpress v10.1.35
PowerDVD
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.95
RPS CRT
RPS PerfectDiskStub
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB2845142)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2884256)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
SmartCamera Ver 2.1
SUPERAntiSpyware
TeamViewer 9
Temp File Cleaner
TV-Browser 3.3.3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Product Driver v2.08r011
VideoEgg Publisher
WebFldrs XP
WinAce Archiver
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile® MDA Compact V Handbook
Windows XP Service Pack 3
Wireless Audio Device Manager
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
06/05/2014 07:36:17, error: Service Control Manager [7001] - The RadialpointIDSFilter service depends on the RadialpointIDSShim service which failed to start because of the following error: The system cannot find the path specified.
06/05/2014 07:36:17, error: Service Control Manager [7001] - The RadialpointIDSDriver service depends on the RadialpointIDSFilter service which failed to start because of the following error: The dependency service or group failed to start.
06/05/2014 07:36:17, error: Service Control Manager [7001] - The RadialpointIDSAgent service depends on the RadialpointIDSDriver service which failed to start because of the following error: The dependency service or group failed to start.
06/05/2014 07:36:17, error: Service Control Manager [7000] - The Virgin Media Security Firewall service failed to start due to the following error: The system cannot find the path specified.
06/05/2014 07:36:17, error: Service Control Manager [7000] - The RadialpointIDSShim service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

broni · 2014/05/11

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================

You're running two AV programs, Avast and Virgin Media Security.
You must uninstall one of them.

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

keithy397 · 2014/05/12

Hi,

Firstly, I couldn't find any link to run a Virgin AV prog. I'm guessing they must be the remnants from when my son had this PC and worked for Virgin Media. I searched around and found 1 X .exe file relating to it and a few useless other files which I deleted. There was certainly no sign of it in the Windows Uninstaller or Revo Uninstaller.

I ran the TDSSKiller Prog as directed and it found 1 suspicious file which I 'skipped'. I noticed it only checked the F:/ Partition and not the C:/ and I couldn't find a way to change the scan parameters.

The report was too long to paste here so here's a link to it:-
TDSSKillerScan_FDrive

Thanks for your time and help.....

Admin. · 2014/05/12

"keithy397 said: ↑

The report was too long to paste here
Click to expand...

As per http://www.windowsbbs.com/malware-virus-removal/announcements.html

Don't attach logs, copy & post logs in your post & reply(s). You'll most likely need multiple replies to post all your logs. You can post around 55,000 characters in a single post.
Click to expand...

keithy397 · 2014/05/12

Ok.
Part 1.
07:24:07.0156 0x0fa0 TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10
07:24:15.0640 0x0fa0 ============================================================
07:24:15.0640 0x0fa0 Current date / time: 2014/05/12 07:24:15.0640
07:24:15.0640 0x0fa0 SystemInfo:
07:24:15.0640 0x0fa0
07:24:15.0640 0x0fa0 OS Version: 5.1.2600 ServicePack: 3.0
07:24:15.0640 0x0fa0 Product type: Workstation
07:24:15.0640 0x0fa0 ComputerName: PC
07:24:15.0640 0x0fa0 UserName: Paul
07:24:15.0640 0x0fa0 Windows directory: F:\WINDOWS
07:24:15.0640 0x0fa0 System windows directory: F:\WINDOWS
07:24:15.0640 0x0fa0 Processor architecture: Intel x86
07:24:15.0640 0x0fa0 Number of processors: 1
07:24:15.0640 0x0fa0 Page size: 0x1000
07:24:15.0640 0x0fa0 Boot type: Normal boot
07:24:15.0640 0x0fa0 ============================================================
07:24:18.0656 0x0fa0 KLMD registered as F:\WINDOWS\system32\drivers\50263387.sys
07:24:19.0359 0x0fa0 System UUID: {A18312A9-DA29-A883-F18D-5005BC9D8083}
07:24:21.0062 0x0fa0 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:24:21.0062 0x0fa0 Drive \Device\Harddisk1\DR1 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:24:21.0093 0x0fa0 ============================================================
07:24:21.0093 0x0fa0 \Device\Harddisk0\DR0:
07:24:21.0093 0x0fa0 MBR partitions:
07:24:21.0093 0x0fa0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A40EC
07:24:21.0093 0x0fa0 \Device\Harddisk1\DR1:
07:24:21.0093 0x0fa0 MBR partitions:
07:24:21.0093 0x0fa0 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A89182
07:24:21.0093 0x0fa0 ============================================================
07:24:21.0109 0x0fa0 C: <-> \Device\Harddisk1\DR1\Partition1
07:24:21.0125 0x0fa0 F: <-> \Device\Harddisk0\DR0\Partition1
07:24:21.0125 0x0fa0 ============================================================
07:24:21.0125 0x0fa0 Initialize success
07:24:21.0125 0x0fa0 ============================================================
07:24:40.0312 0x0fc4 ============================================================
07:24:40.0312 0x0fc4 Scan started
07:24:40.0312 0x0fc4 Mode: Manual;
07:24:40.0312 0x0fc4 ============================================================
07:24:40.0312 0x0fc4 KSN ping started
07:24:43.0109 0x0fc4 KSN ping finished: true
07:24:46.0046 0x0fc4 ================ Scan system memory ========================
07:24:46.0046 0x0fc4 System memory - ok
07:24:46.0062 0x0fc4 ================ Scan services =============================
07:24:46.0296 0x0fc4 [ 01E81C84AD1D0ACC61CF3CFD06632210, 1140756BA2F28CA8DFCFF8FD223654E6A78BA1B770A169CC557ECE0E01381B17 ] !SASCORE F:\Program Files\SUPERAntiSpyware\SASCORE.EXE
07:24:46.0296 0x0fc4 !SASCORE - ok
07:24:47.0046 0x0fc4 Abiosdsk - ok
07:24:47.0078 0x0fc4 abp480n5 - ok
07:24:47.0156 0x0fc4 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI F:\WINDOWS\system32\DRIVERS\ACPI.sys
07:24:47.0187 0x0fc4 ACPI - ok
07:24:47.0250 0x0fc4 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC F:\WINDOWS\system32\drivers\ACPIEC.sys
07:24:47.0250 0x0fc4 ACPIEC - ok
07:24:47.0375 0x0fc4 [ 7C7E868E1D8096ED08D80FF7712BB9D8, EB4438F3CC377728173E018A763F0D0A8D5BBA4A289F554036D06B24030D2D62 ] AdobeFlashPlayerUpdateSvc F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:24:47.0406 0x0fc4 AdobeFlashPlayerUpdateSvc - ok
07:24:47.0437 0x0fc4 adpu160m - ok
07:24:47.0500 0x0fc4 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec F:\WINDOWS\system32\drivers\aec.sys
07:24:47.0515 0x0fc4 aec - ok
07:24:47.0593 0x0fc4 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD F:\WINDOWS\System32\drivers\afd.sys
07:24:47.0609 0x0fc4 AFD - ok
07:24:47.0640 0x0fc4 AFGMp50 - ok
07:24:47.0656 0x0fc4 AFGSp50 - ok
07:24:47.0687 0x0fc4 Aha154x - ok
07:24:47.0718 0x0fc4 aic78u2 - ok
07:24:47.0750 0x0fc4 aic78xx - ok
07:24:47.0812 0x0fc4 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter F:\WINDOWS\system32\alrsvc.dll
07:24:47.0812 0x0fc4 Alerter - ok
07:24:47.0875 0x0fc4 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG F:\WINDOWS\System32\alg.exe
07:24:47.0875 0x0fc4 ALG - ok
07:24:47.0906 0x0fc4 AliIde - ok
07:24:47.0984 0x0fc4 [ 8FCE268CDBDD83B23419D1F35F42C7B1, DF1A5097DC5B5C35427460E866E16ED25C3DDD9217065B26C3214A5674BE37DB ] AmdK7 F:\WINDOWS\system32\DRIVERS\amdk7.sys
07:24:47.0984 0x0fc4 AmdK7 - ok
07:24:48.0015 0x0fc4 amsint - ok
07:24:48.0187 0x0fc4 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:24:48.0187 0x0fc4 Apple Mobile Device - ok
07:24:48.0250 0x0fc4 asc - ok
07:24:48.0296 0x0fc4 asc3350p - ok
07:24:48.0328 0x0fc4 asc3550 - ok
07:24:48.0531 0x0fc4 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:24:48.0609 0x0fc4 aspnet_state - ok
07:24:48.0687 0x0fc4 [ 4D6C6E0505A8E5A0656DCB223497D37C, 7F9457AF4B6E4FC6C4F77BD39DB5EB5520C44D22974B9781EA0F984D6830637C ] aswHwid F:\WINDOWS\system32\drivers\aswHwid.sys
07:24:48.0687 0x0fc4 aswHwid - ok
07:24:48.0765 0x0fc4 [ 1A2CC93BBD77C2D95A7567938D7D7239, DD082ACA011DA63CC1A69BAD8C42B9DA3A9975194D87B5584A39C91ED92341E3 ] aswMonFlt F:\WINDOWS\system32\drivers\aswMonFlt.sys
07:24:48.0765 0x0fc4 aswMonFlt - ok
07:24:48.0859 0x0fc4 [ 46B3ABE51856A9F5B2ABBA0221F4C360, EAAE03D497BA03EAE5EC0D29ADD7FBCED7E744B45071A9CA706D3B78F24D2868 ] AswRdr F:\WINDOWS\system32\drivers\aswRdr.sys
07:24:48.0859 0x0fc4 AswRdr - ok
07:24:48.0906 0x0fc4 [ 24B3BDA01DB3A704E33A5266C7B52DAF, FB2555504570E8FD6AA251BE9D05EDC2B73596EF830384130556EC64E518FE65 ] aswRvrt F:\WINDOWS\system32\drivers\aswRvrt.sys
07:24:48.0921 0x0fc4 aswRvrt - ok
07:24:49.0062 0x0fc4 [ A148A36F871BFDBF80654D28D6B59FAE, BA7B127D2B64EF969D0C040589CB740E068DF7CE8B964B3CABB7511BCD389DC5 ] aswSnx F:\WINDOWS\system32\drivers\aswSnx.sys
07:24:49.0156 0x0fc4 aswSnx - ok
07:24:49.0250 0x0fc4 [ EBD3B15E2E01EE94BA5262FAFC691A8E, F58A08B5467FCF527DC97E000496284584DFF890AAC3E19BC650FF160DD2EA79 ] aswSP F:\WINDOWS\system32\drivers\aswSP.sys
07:24:49.0312 0x0fc4 aswSP - ok
07:24:49.0390 0x0fc4 [ AF01CD260A9EF60B09029C9F5EF99040, C74A94598DC8DBD3AB13E43A60ED12698A121332446867FC3B75745626E0B7CB ] aswTdi F:\WINDOWS\system32\drivers\aswTdi.sys
07:24:49.0390 0x0fc4 aswTdi - ok
07:24:49.0453 0x0fc4 [ B2D7EE52633CA8831DDAFCA81C2D46C3, 017C6C376520380F29AF465F1464C3652D421C4B873B7AC2647498F356032361 ] aswVmm F:\WINDOWS\system32\drivers\aswVmm.sys
07:24:49.0468 0x0fc4 aswVmm - ok
07:24:49.0531 0x0fc4 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac F:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:24:49.0546 0x0fc4 AsyncMac - ok
07:24:49.0593 0x0fc4 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi F:\WINDOWS\system32\DRIVERS\atapi.sys
07:24:49.0593 0x0fc4 atapi - ok
07:24:49.0640 0x0fc4 Atdisk - ok
07:24:49.0703 0x0fc4 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc F:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:24:49.0703 0x0fc4 Atmarpc - ok
07:24:49.0765 0x0fc4 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv F:\WINDOWS\System32\audiosrv.dll
07:24:49.0781 0x0fc4 AudioSrv - ok
07:24:49.0843 0x0fc4 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub F:\WINDOWS\system32\DRIVERS\audstub.sys
07:24:49.0843 0x0fc4 audstub - ok
07:24:50.0062 0x0fc4 [ 37D17AE2936867F88EB3C4CBCBC6B8A1, E1F4D288CE1E5482A5594C8F9EEDE1E8134466F5E0C7DA32D88985497CD8588B ] avast! Antivirus F:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:24:50.0078 0x0fc4 avast! Antivirus - ok
07:24:50.0156 0x0fc4 [ 9B281F5F673CBC5B9EC886D59E0B4F26, 1A4F16705EA6F5283D476C3C4C1F62AA4305A1FB7B9A63D02B41DBD3D8E6DF92 ] bdfsfltr F:\WINDOWS\system32\drivers\bdfsfltr.sys
07:24:50.0218 0x0fc4 bdfsfltr - ok
07:24:50.0281 0x0fc4 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep F:\WINDOWS\system32\drivers\Beep.sys
07:24:50.0281 0x0fc4 Beep - ok
07:24:50.0406 0x0fc4 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS F:\WINDOWS\system32\qmgr.dll
07:24:50.0531 0x0fc4 BITS - ok
07:24:50.0671 0x0fc4 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service F:\Program Files\Bonjour\mDNSResponder.exe
07:24:50.0734 0x0fc4 Bonjour Service - ok
07:24:50.0812 0x0fc4 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser F:\WINDOWS\System32\browser.dll
07:24:50.0812 0x0fc4 Browser - ok
07:24:50.0890 0x0fc4 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k F:\WINDOWS\system32\drivers\cbidf2k.sys
07:24:50.0890 0x0fc4 cbidf2k - ok
07:24:50.0953 0x0fc4 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE F:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:24:50.0968 0x0fc4 CCDECODE - ok
07:24:51.0000 0x0fc4 cd20xrnt - ok
07:24:51.0046 0x0fc4 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio F:\WINDOWS\system32\drivers\Cdaudio.sys
07:24:51.0062 0x0fc4 Cdaudio - ok
07:24:51.0109 0x0fc4 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs F:\WINDOWS\system32\drivers\Cdfs.sys
07:24:51.0109 0x0fc4 Cdfs - ok
07:24:51.0187 0x0fc4 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom F:\WINDOWS\system32\DRIVERS\cdrom.sys
07:24:51.0187 0x0fc4 Cdrom - ok
07:24:51.0203 0x0fc4 Changer - ok
07:24:51.0343 0x0fc4 [ F9894A04E543D02539A4DB58BC44D5CF, 1B61581DFC78E2923E898DABCE295E7CF4F854CA17A91A97B6E73364FB701B13 ] chromoting F:\Program Files\Google\Chrome Remote Desktop\34.0.1847.86\remoting_host.exe
07:24:51.0343 0x0fc4 chromoting - ok
07:24:51.0406 0x0fc4 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc F:\WINDOWS\system32\cisvc.exe
07:24:51.0406 0x0fc4 CiSvc - ok
07:24:51.0453 0x0fc4 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv F:\WINDOWS\system32\clipsrv.exe
07:24:51.0453 0x0fc4 ClipSrv - ok
07:24:51.0531 0x0fc4 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:24:51.0640 0x0fc4 clr_optimization_v2.0.50727_32 - ok
07:24:51.0906 0x0fc4 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:24:51.0953 0x0fc4 clr_optimization_v4.0.30319_32 - ok
07:24:51.0984 0x0fc4 CmdIde - ok
07:24:52.0031 0x0fc4 COMSysApp - ok
07:24:52.0093 0x0fc4 Cpqarray - ok
07:24:52.0171 0x0fc4 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc F:\WINDOWS\System32\cryptsvc.dll
07:24:52.0187 0x0fc4 CryptSvc - ok
07:24:52.0250 0x0fc4 [ CB6FF7012BB5D59D7C12350DB795CE1F, D0C614B206B69EBE735CFB158703730B42A72A46F6808D0D1C7385E3C1434AC5 ] ctxusbm F:\WINDOWS\system32\DRIVERS\ctxusbm.sys
07:24:52.0265 0x0fc4 ctxusbm - ok
07:24:52.0296 0x0fc4 dac2w2k - ok
07:24:52.0328 0x0fc4 dac960nt - ok
07:24:52.0421 0x0fc4 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch F:\WINDOWS\system32\rpcss.dll
07:24:52.0468 0x0fc4 DcomLaunch - ok
07:24:52.0546 0x0fc4 [ 65C7122D1115A4E1DB3E8C11DF919A40, 1F26A0AE6F8C2F758C926EDF8F550539485C2611DF8C2EB24DA607A578C71CE6 ] DefragFS F:\WINDOWS\system32\drivers\DefragFS.sys
07:24:52.0562 0x0fc4 DefragFS - ok
07:24:52.0656 0x0fc4 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp F:\WINDOWS\System32\dhcpcsvc.dll
07:24:52.0656 0x0fc4 Dhcp - ok
07:24:52.0734 0x0fc4 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk F:\WINDOWS\system32\DRIVERS\disk.sys
07:24:52.0734 0x0fc4 Disk - ok
07:24:52.0765 0x0fc4 dmadmin - ok
07:24:52.0875 0x0fc4 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot F:\WINDOWS\system32\drivers\dmboot.sys
07:24:52.0937 0x0fc4 dmboot - ok
07:24:53.0031 0x0fc4 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio F:\WINDOWS\system32\drivers\dmio.sys
07:24:53.0078 0x0fc4 dmio - ok
07:24:53.0125 0x0fc4 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload F:\WINDOWS\system32\drivers\dmload.sys
07:24:53.0140 0x0fc4 dmload - ok
07:24:53.0203 0x0fc4 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver F:\WINDOWS\System32\dmserver.dll
07:24:53.0218 0x0fc4 dmserver - ok
07:24:53.0265 0x0fc4 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic F:\WINDOWS\system32\drivers\DMusic.sys
07:24:53.0281 0x0fc4 DMusic - ok
07:24:53.0343 0x0fc4 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache F:\WINDOWS\System32\dnsrslvr.dll
07:24:53.0343 0x0fc4 Dnscache - ok
07:24:53.0421 0x0fc4 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc F:\WINDOWS\System32\dot3svc.dll
07:24:53.0437 0x0fc4 Dot3svc - ok
07:24:53.0468 0x0fc4 dpti2o - ok
07:24:53.0531 0x0fc4 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud F:\WINDOWS\system32\drivers\drmkaud.sys
07:24:53.0531 0x0fc4 drmkaud - ok
07:24:53.0609 0x0fc4 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost F:\WINDOWS\System32\eapsvc.dll
07:24:53.0625 0x0fc4 EapHost - ok
07:24:53.0687 0x0fc4 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc F:\WINDOWS\System32\ersvc.dll
07:24:53.0703 0x0fc4 ERSvc - ok
07:24:53.0781 0x0fc4 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog F:\WINDOWS\system32\services.exe
07:24:53.0812 0x0fc4 Eventlog - ok
07:24:53.0890 0x0fc4 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem F:\WINDOWS\System32\es.dll
07:24:53.0906 0x0fc4 EventSystem - ok
07:24:53.0984 0x0fc4 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat F:\WINDOWS\system32\drivers\Fastfat.sys
07:24:54.0000 0x0fc4 Fastfat - ok
07:24:54.0093 0x0fc4 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility F:\WINDOWS\System32\shsvcs.dll
07:24:54.0109 0x0fc4 FastUserSwitchingCompatibility - ok
07:24:54.0187 0x0fc4 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc F:\WINDOWS\system32\DRIVERS\fdc.sys
07:24:54.0187 0x0fc4 Fdc - ok
07:24:54.0250 0x0fc4 [ E9648254056BCE81A85380C0C3647DC4, AE58F498BD1C33360FE3BB9EA22C13EA562206B68E7946B587CB5A6DF94586A1 ] FETNDIS F:\WINDOWS\system32\DRIVERS\fetnd5.sys
07:24:54.0250 0x0fc4 FETNDIS - ok
07:24:54.0312 0x0fc4 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips F:\WINDOWS\system32\drivers\Fips.sys
07:24:54.0328 0x0fc4 Fips - ok
07:24:54.0406 0x0fc4 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk F:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:24:54.0406 0x0fc4 Flpydisk - ok
07:24:54.0468 0x0fc4 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr F:\WINDOWS\system32\drivers\fltmgr.sys
07:24:54.0500 0x0fc4 FltMgr - ok
07:24:54.0625 0x0fc4 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:24:54.0625 0x0fc4 FontCache3.0.0.0 - ok
07:24:54.0687 0x0fc4 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec F:\WINDOWS\system32\drivers\Fs_Rec.sys
07:24:54.0687 0x0fc4 Fs_Rec - ok
07:24:54.0734 0x0fc4 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk F:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:24:54.0750 0x0fc4 Ftdisk - ok
07:24:54.0828 0x0fc4 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM F:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:24:54.0828 0x0fc4 GEARAspiWDM - ok
07:24:54.0890 0x0fc4 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc F:\WINDOWS\system32\DRIVERS\msgpc.sys
07:24:54.0906 0x0fc4 Gpc - ok
07:24:55.0000 0x0fc4 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate F:\Program Files\Google\Update\GoogleUpdate.exe
07:24:55.0015 0x0fc4 gupdate - ok
07:24:55.0062 0x0fc4 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem F:\Program Files\Google\Update\GoogleUpdate.exe
07:24:55.0062 0x0fc4 gupdatem - ok
07:24:55.0156 0x0fc4 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:24:55.0187 0x0fc4 gusvc - ok
07:24:55.0296 0x0fc4 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc F:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:24:55.0312 0x0fc4 helpsvc - ok
07:24:55.0421 0x0fc4 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc F:\WINDOWS\System32\kmsvc.dll
07:24:55.0421 0x0fc4 hkmsvc - ok
07:24:55.0468 0x0fc4 hpn - ok
07:24:55.0531 0x0fc4 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP F:\WINDOWS\system32\Drivers\HTTP.sys
07:24:55.0562 0x0fc4 HTTP - ok
07:24:55.0625 0x0fc4 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter F:\WINDOWS\System32\w3ssl.dll
07:24:55.0671 0x0fc4 HTTPFilter - ok
07:24:55.0703 0x0fc4 i2omgmt - ok
07:24:55.0734 0x0fc4 i2omp - ok
07:24:55.0812 0x0fc4 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt F:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:24:55.0812 0x0fc4 i8042prt - ok
07:24:55.0906 0x0fc4 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:24:55.0906 0x0fc4 IDriverT - ok
07:24:56.0078 0x0fc4 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:24:56.0187 0x0fc4 idsvc - ok
07:24:56.0265 0x0fc4 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi F:\WINDOWS\system32\DRIVERS\imapi.sys
07:24:56.0265 0x0fc4 Imapi - ok
07:24:56.0343 0x0fc4 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService F:\WINDOWS\System32\imapi.exe
07:24:56.0437 0x0fc4 ImapiService - ok
07:24:56.0500 0x0fc4 ini910u - ok
07:24:56.0546 0x0fc4 IntelIde - ok
07:24:56.0609 0x0fc4 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw F:\WINDOWS\system32\drivers\ip6fw.sys
07:24:56.0625 0x0fc4 ip6fw - ok
07:24:56.0703 0x0fc4 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver F:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:24:56.0703 0x0fc4 IpFilterDriver - ok
07:24:56.0781 0x0fc4 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp F:\WINDOWS\system32\DRIVERS\ipinip.sys
07:24:56.0781 0x0fc4 IpInIp - ok
07:24:56.0812 0x0fc4 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat F:\WINDOWS\system32\DRIVERS\ipnat.sys
07:24:56.0875 0x0fc4 IpNat - ok
07:24:57.0031 0x0fc4 [ 463790AEF94D8EAB674631257F53252E, A02972457F45AD6816CB5F60DE4CD15D68256695FA0F3E4EAD6F9E36CBE54576 ] iPod Service F:\Program Files\iPod\bin\iPodService.exe
07:24:57.0109 0x0fc4 iPod Service - ok
07:24:57.0187 0x0fc4 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec F:\WINDOWS\system32\DRIVERS\ipsec.sys
07:24:57.0187 0x0fc4 IPSec - ok
07:24:57.0265 0x0fc4 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM F:\WINDOWS\system32\DRIVERS\irenum.sys
07:24:57.0265 0x0fc4 IRENUM - ok
07:24:57.0375 0x0fc4 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp F:\WINDOWS\system32\DRIVERS\isapnp.sys
07:24:57.0406 0x0fc4 isapnp - ok
07:24:57.0468 0x0fc4 [ 8F1BA487B35F0C8F637E05113AA815F8, ADD27A92A56D271BD841B303E1813D8449158E683BAC595B8E5B5E145F7693AE ] itchfltr F:\WINDOWS\system32\DRIVERS\itchfltr.sys
07:24:57.0484 0x0fc4 itchfltr - ok
07:24:57.0515 0x0fc4 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass F:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:24:57.0531 0x0fc4 Kbdclass - ok
07:24:57.0562 0x0fc4 kednl6 - ok
07:24:57.0640 0x0fc4 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer F:\WINDOWS\system32\drivers\kmixer.sys
07:24:57.0656 0x0fc4 kmixer - ok
07:24:57.0734 0x0fc4 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD F:\WINDOWS\system32\drivers\KSecDD.sys
07:24:57.0734 0x0fc4 KSecDD - ok
07:24:57.0828 0x0fc4 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver F:\WINDOWS\System32\srvsvc.dll
07:24:57.0843 0x0fc4 lanmanserver - ok
07:24:57.0906 0x0fc4 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation F:\WINDOWS\System32\wkssvc.dll
07:24:57.0953 0x0fc4 lanmanworkstation - ok
07:24:57.0984 0x0fc4 lbrtfdc - ok
07:24:58.0062 0x0fc4 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts F:\WINDOWS\System32\lmhsvc.dll
07:24:58.0078 0x0fc4 LmHosts - ok
07:24:58.0125 0x0fc4 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger F:\WINDOWS\System32\msgsvc.dll
07:24:58.0156 0x0fc4 Messenger - ok
07:24:58.0234 0x0fc4 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd F:\WINDOWS\system32\drivers\mnmdd.sys
07:24:58.0234 0x0fc4 mnmdd - ok
07:24:58.0296 0x0fc4 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc F:\WINDOWS\System32\mnmsrvc.exe
07:24:58.0296 0x0fc4 mnmsrvc - ok
07:24:58.0437 0x0fc4 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem F:\WINDOWS\system32\drivers\Modem.sys
07:24:58.0453 0x0fc4 Modem - ok
07:24:58.0500 0x0fc4 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass F:\WINDOWS\system32\DRIVERS\mouclass.sys
07:24:58.0531 0x0fc4 Mouclass - ok
07:24:58.0578 0x0fc4 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr F:\WINDOWS\system32\drivers\MountMgr.sys
07:24:58.0593 0x0fc4 MountMgr - ok
07:24:58.0640 0x0fc4 [ E1B6FCAE82474FC071155263E2841D54, 341E2CEB1A86586730130311C4FAF86851151D5F08EF915A5F89B6C4094AE1F4 ] MozillaMaintenance F:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:24:58.0656 0x0fc4 MozillaMaintenance - ok
07:24:58.0687 0x0fc4 mraid35x - ok
07:24:58.0765 0x0fc4 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV F:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:24:58.0781 0x0fc4 MRxDAV - ok
07:24:58.0875 0x0fc4 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb F:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:24:58.0921 0x0fc4 MRxSmb - ok
07:24:58.0984 0x0fc4 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC F:\WINDOWS\System32\msdtc.exe
07:24:59.0000 0x0fc4 MSDTC - ok
07:24:59.0093 0x0fc4 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs F:\WINDOWS\system32\drivers\Msfs.sys
07:24:59.0093 0x0fc4 Msfs - ok
07:24:59.0125 0x0fc4 MSIServer - ok
07:24:59.0156 0x0fc4 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV F:\WINDOWS\system32\drivers\MSKSSRV.sys
07:24:59.0187 0x0fc4 MSKSSRV - ok
07:24:59.0234 0x0fc4 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK F:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:24:59.0250 0x0fc4 MSPCLOCK - ok
07:24:59.0312 0x0fc4 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM F:\WINDOWS\system32\drivers\MSPQM.sys
07:24:59.0328 0x0fc4 MSPQM - ok
07:24:59.0406 0x0fc4 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios F:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:24:59.0406 0x0fc4 mssmbios - ok
07:24:59.0515 0x0fc4 MSSQL$SQLEXPRESS - ok
07:24:59.0640 0x0fc4 [ ADAF062116B4E6D96E44D26486A87AF6, 1A2EE7C4598E8442F24A5C97FEBF7AC6A20703F7EA9097B6E48BE4A05E231D8C ] MSSQLServerADHelper F:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
07:24:59.0656 0x0fc4 MSSQLServerADHelper - ok
07:24:59.0703 0x0fc4 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE F:\WINDOWS\system32\drivers\MSTEE.sys
07:24:59.0703 0x0fc4 MSTEE - ok
07:24:59.0796 0x0fc4 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup F:\WINDOWS\system32\drivers\Mup.sys
07:24:59.0796 0x0fc4 Mup - ok
07:24:59.0875 0x0fc4 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC F:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:24:59.0890 0x0fc4 NABTSFEC - ok
07:24:59.0984 0x0fc4 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent F:\WINDOWS\System32\qagentrt.dll
07:25:00.0015 0x0fc4 napagent - ok
07:25:00.0093 0x0fc4 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS F:\WINDOWS\system32\drivers\NDIS.sys
07:25:00.0109 0x0fc4 NDIS - ok
07:25:00.0187 0x0fc4 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP F:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:25:00.0203 0x0fc4 NdisIP - ok
07:25:00.0265 0x0fc4 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi F:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:25:00.0265 0x0fc4 NdisTapi - ok
07:25:00.0328 0x0fc4 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio F:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:25:00.0328 0x0fc4 Ndisuio - ok
07:25:00.0406 0x0fc4 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan F:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:25:00.0406 0x0fc4 NdisWan - ok
07:25:00.0468 0x0fc4 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy F:\WINDOWS\system32\drivers\NDProxy.sys
07:25:00.0468 0x0fc4 NDProxy - ok
07:25:00.0546 0x0fc4 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS F:\WINDOWS\system32\DRIVERS\netbios.sys
07:25:00.0546 0x0fc4 NetBIOS - ok
07:25:00.0609 0x0fc4 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT F:\WINDOWS\system32\DRIVERS\netbt.sys
07:25:00.0625 0x0fc4 NetBT - ok
07:25:00.0703 0x0fc4 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE F:\WINDOWS\system32\netdde.exe
07:25:00.0718 0x0fc4 NetDDE - ok
07:25:00.0750 0x0fc4 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm F:\WINDOWS\system32\netdde.exe
07:25:00.0765 0x0fc4 NetDDEdsdm - ok
07:25:00.0828 0x0fc4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon F:\WINDOWS\System32\lsass.exe
07:25:00.0843 0x0fc4 Netlogon - ok
07:25:00.0906 0x0fc4 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman F:\WINDOWS\System32\netman.dll
07:25:00.0937 0x0fc4 Netman - ok
07:25:01.0031 0x0fc4 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:25:01.0062 0x0fc4 NetTcpPortSharing - ok
07:25:01.0156 0x0fc4 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla F:\WINDOWS\System32\mswsock.dll
07:25:01.0187 0x0fc4 Nla - ok
07:25:01.0218 0x0fc4 nmwcdnsu - ok
07:25:01.0281 0x0fc4 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs F:\WINDOWS\system32\drivers\Npfs.sys
07:25:01.0296 0x0fc4 Npfs - ok
07:25:01.0375 0x0fc4 [ 9131FE60ADFAB595C8DA53AD6A06AA31, 25284CAE27071FA4391765862A81F9BDFC5398ABF4CCF4E2DF5B0972CFE66E72 ] NPPTNT2 F:\WINDOWS\System32\npptNT2.sys
07:25:01.0390 0x0fc4 NPPTNT2 - ok
07:25:01.0468 0x0fc4 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs F:\WINDOWS\system32\drivers\Ntfs.sys
07:25:01.0515 0x0fc4 Ntfs - ok
07:25:01.0562 0x0fc4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp F:\WINDOWS\System32\lsass.exe
07:25:01.0578 0x0fc4 NtLmSsp - ok
07:25:01.0671 0x0fc4 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc F:\WINDOWS\system32\ntmssvc.dll
07:25:01.0718 0x0fc4 NtmsSvc - ok
07:25:01.0765 0x0fc4 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null F:\WINDOWS\system32\drivers\Null.sys
07:25:01.0781 0x0fc4 Null - ok
07:25:01.0921 0x0fc4 [ 71DBDC08DF86B80511E72953FA1AD6B0, 7E4D1BE7548FD9C0FDDA40B54F8728D8167230703009FCBF26F19871B7AA6C16 ] nv F:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:25:02.0000 0x0fc4 nv - ok
07:25:02.0078 0x0fc4 [ 5ED834603C36414B579979B3A9C90F54, 0FCDBCEC76935C0DCB8AAD6EA665EFF6249E7B0BA212EC9AFEBB64C5AD86E616 ] NVSvc F:\WINDOWS\System32\nvsvc32.exe
07:25:02.0093 0x0fc4 NVSvc - ok
07:25:02.0156 0x0fc4 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt F:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:25:02.0156 0x0fc4 NwlnkFlt - ok
07:25:02.0203 0x0fc4 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd F:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:25:02.0203 0x0fc4 NwlnkFwd - ok
07:25:02.0265 0x0fc4 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport F:\WINDOWS\system32\DRIVERS\parport.sys
07:25:02.0281 0x0fc4 Parport - ok
07:25:02.0453 0x0fc4 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr F:\WINDOWS\system32\drivers\PartMgr.sys
07:25:02.0468 0x0fc4 PartMgr - ok
07:25:02.0500 0x0fc4 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm F:\WINDOWS\system32\drivers\ParVdm.sys
07:25:02.0515 0x0fc4 ParVdm - ok
07:25:02.0578 0x0fc4 [ FD2041E9BA03DB7764B2248F02475079, DECEED110524BF83B4097188BF24BF0DDE1CE838DF7748B0DC807ABE351EB20A ] pccsmcfd F:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
07:25:02.0578 0x0fc4 pccsmcfd - ok
07:25:02.0640 0x0fc4 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI F:\WINDOWS\system32\DRIVERS\pci.sys
07:25:02.0640 0x0fc4 PCI - ok
07:25:02.0671 0x0fc4 PCIDump - ok
07:25:02.0703 0x0fc4 PCIIde - ok
07:25:02.0750 0x0fc4 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia F:\WINDOWS\system32\drivers\Pcmcia.sys
07:25:02.0765 0x0fc4 Pcmcia - ok
07:25:02.0968 0x0fc4 [ 82D8354DB7CE7131FB939E8482DDF511, C5AD571BC4FF447A82496435D8643D2CF576FEA2A788954D702AC83F511ACF24 ] PDAgent F:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
07:25:03.0140 0x0fc4 PDAgent - ok
07:25:03.0171 0x0fc4 PDCOMP - ok
07:25:03.0484 0x0fc4 [ 3719DE4180E251AB91D8C183F2D949BF, A045FAB951F40EA94BF8E94209E8980D7A357D3B762CFFCEA3767B38246BDEAF ] PDEngine F:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
07:25:03.0656 0x0fc4 PDEngine - ok
07:25:03.0703 0x0fc4 PDFRAME - ok
07:25:03.0734 0x0fc4 PDRELI - ok
07:25:03.0781 0x0fc4 PDRFRAME - ok
07:25:03.0812 0x0fc4 perc2 - ok
07:25:03.0859 0x0fc4 perc2hib - ok
07:25:03.0984 0x0fc4 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay F:\WINDOWS\system32\services.exe
07:25:04.0000 0x0fc4 PlugPlay - ok
07:25:04.0062 0x0fc4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent F:\WINDOWS\System32\lsass.exe
07:25:04.0062 0x0fc4 PolicyAgent - ok
07:25:04.0140 0x0fc4 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport F:\WINDOWS\system32\DRIVERS\raspptp.sys
07:25:04.0140 0x0fc4 PptpMiniport - ok
07:25:04.0171 0x0fc4 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor F:\WINDOWS\system32\DRIVERS\processr.sys
07:25:04.0203 0x0fc4 Processor - ok
07:25:04.0234 0x0fc4 Profos - ok
07:25:04.0281 0x0fc4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage F:\WINDOWS\system32\lsass.exe
07:25:04.0296 0x0fc4 ProtectedStorage - ok
07:25:04.0375 0x0fc4 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched F:\WINDOWS\system32\DRIVERS\psched.sys
07:25:04.0375 0x0fc4 PSched - ok
07:25:04.0437 0x0fc4 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink F:\WINDOWS\system32\DRIVERS\ptilink.sys
07:25:04.0437 0x0fc4 Ptilink - ok
07:25:04.0484 0x0fc4 ql1080 - ok
07:25:04.0515 0x0fc4 Ql10wnt - ok
07:25:04.0562 0x0fc4 ql12160 - ok
07:25:04.0593 0x0fc4 ql1240 - ok
07:25:04.0640 0x0fc4 ql1280 - ok
07:25:04.0687 0x0fc4 RadialpointIDSDriver - ok
07:25:04.0734 0x0fc4 [ 2457250CA176E7FDE9C3D3B2C94341F0, 2DC9531E2BB5205CB24531AA8E88ECEF9AE457736AA7BDC961B378C1BFD34886 ] RadialpointIDSEH F:\WINDOWS\system32\drivers\AVGIDSEH.sys
07:25:04.0750 0x0fc4 RadialpointIDSEH - ok
07:25:04.0781 0x0fc4 RadialpointIDSFilter - ok
07:25:04.0828 0x0fc4 RadialpointIDSShim - ok
07:25:04.0875 0x0fc4 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd F:\WINDOWS\system32\DRIVERS\rasacd.sys
07:25:04.0875 0x0fc4 RasAcd - ok
07:25:04.0953 0x0fc4 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto F:\WINDOWS\System32\rasauto.dll
07:25:04.0968 0x0fc4 RasAuto - ok
07:25:05.0031 0x0fc4 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp F:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:25:05.0046 0x0fc4 Rasl2tp - ok
07:25:05.0109 0x0fc4 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan F:\WINDOWS\System32\rasmans.dll
07:25:05.0140 0x0fc4 RasMan - ok
07:25:05.0187 0x0fc4 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe F:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:25:05.0187 0x0fc4 RasPppoe - ok
07:25:05.0234 0x0fc4 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti F:\WINDOWS\system32\DRIVERS\raspti.sys
07:25:05.0250 0x0fc4 Raspti - ok
07:25:05.0328 0x0fc4 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss F:\WINDOWS\system32\DRIVERS\rdbss.sys
07:25:05.0375 0x0fc4 Rdbss - ok
07:25:05.0453 0x0fc4 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD F:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:25:05.0468 0x0fc4 RDPCDD - ok
07:25:05.0578 0x0fc4 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD F:\WINDOWS\system32\drivers\RDPWD.sys
07:25:05.0593 0x0fc4 RDPWD - ok
07:25:05.0656 0x0fc4 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr F:\WINDOWS\system32\sessmgr.exe
07:25:05.0671 0x0fc4 RDSessMgr - ok
07:25:05.0781 0x0fc4 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service F:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
07:25:05.0781 0x0fc4 RealNetworks Downloader Resolver Service - ok
07:25:05.0859 0x0fc4 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook F:\WINDOWS\system32\DRIVERS\redbook.sys
07:25:05.0875 0x0fc4 redbook - ok
07:25:05.0921 0x0fc4 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess F:\WINDOWS\System32\mprdim.dll
07:25:05.0937 0x0fc4 RemoteAccess - ok
07:25:06.0015 0x0fc4 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator F:\WINDOWS\System32\locator.exe
07:25:06.0015 0x0fc4 RpcLocator - ok
07:25:06.0093 0x0fc4 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs F:\WINDOWS\system32\rpcss.dll
07:25:06.0140 0x0fc4 RpcSs - ok
07:25:06.0203 0x0fc4 [ B7E136986BB3DAC249A00E760281F0A9, 58B9E1B09FCA10615C182BED510F95FD1289F52E3BB1524CFF818C326579C74C ] RPPKT F:\WINDOWS\system32\DRIVERS\rp_pkt32.sys
07:25:06.0203 0x0fc4 RPPKT - ok
07:25:06.0265 0x0fc4 [ 750D83C39D60964B6BC2B8A75ED7A165, 3E0BAD42C05D6426C4D22B3A14629E142C3DAF2E48AD1B9F27B09FDD5BA240AF ] RPSKT F:\WINDOWS\system32\DRIVERS\rp_skt32.sys
07:25:06.0265 0x0fc4 RPSKT - ok
07:25:06.0390 0x0fc4 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP F:\WINDOWS\System32\rsvp.exe
07:25:06.0484 0x0fc4 RSVP - ok
07:25:06.0546 0x0fc4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs F:\WINDOWS\system32\lsass.exe
07:25:06.0546 0x0fc4 SamSs - ok
07:25:06.0609 0x0fc4 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:25:06.0609 0x0fc4 SASDIFSV - ok
07:25:06.0656 0x0fc4 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
07:25:06.0687 0x0fc4 SASKUTIL - ok
07:25:06.0765 0x0fc4 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr F:\WINDOWS\System32\SCardSvr.exe
07:25:06.0781 0x0fc4 SCardSvr - ok
07:25:06.0859 0x0fc4 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule F:\WINDOWS\system32\schedsvc.dll
07:25:06.0890 0x0fc4 Schedule - ok
07:25:06.0984 0x0fc4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv F:\WINDOWS\system32\DRIVERS\secdrv.sys
07:25:07.0000 0x0fc4 Secdrv - ok
07:25:07.0062 0x0fc4 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon F:\WINDOWS\System32\seclogon.dll
07:25:07.0078 0x0fc4 seclogon - ok
07:25:07.0140 0x0fc4 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS F:\WINDOWS\system32\sens.dll
07:25:07.0156 0x0fc4 SENS - ok
07:25:07.0218 0x0fc4 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum F:\WINDOWS\system32\DRIVERS\serenum.sys
07:25:07.0218 0x0fc4 serenum - ok
07:25:07.0281 0x0fc4 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial F:\WINDOWS\system32\DRIVERS\serial.sys
07:25:07.0281 0x0fc4 Serial - ok
07:25:07.0453 0x0fc4 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy F:\WINDOWS\system32\DRIVERS\sfloppy.sys
07:25:07.0468 0x0fc4 Sfloppy - ok
07:25:07.0531 0x0fc4 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess F:\WINDOWS\System32\ipnathlp.dll
07:25:07.0562 0x0fc4 SharedAccess - ok
07:25:07.0625 0x0fc4 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection F:\WINDOWS\System32\shsvcs.dll
07:25:07.0640 0x0fc4 ShellHWDetection - ok
07:25:07.0687 0x0fc4 Simbad - ok
07:25:07.0765 0x0fc4 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP F:\WINDOWS\system32\DRIVERS\SLIP.sys
07:25:07.0765 0x0fc4 SLIP - ok
07:25:07.0875 0x0fc4 [ 088C0AF35D6FF62B48F19A23D91B1DA6, E64E924254C7D775C427BB0D505106A053A28C20A17F6E939A1FB2D120E20ACB ] SNPT513 F:\WINDOWS\system32\DRIVERS\snpt513.sys
07:25:07.0890 0x0fc4 SNPT513 - ok
07:25:07.0906 0x0fc4 Sparrow - ok

keithy397 · 2014/05/12

Part 2
07:25:07.0968 0x0fc4 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter F:\WINDOWS\system32\drivers\splitter.sys
07:25:07.0968 0x0fc4 splitter - ok
07:25:08.0015 0x0fc4 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler F:\WINDOWS\system32\spoolsv.exe
07:25:08.0031 0x0fc4 Spooler - ok
07:25:08.0140 0x0fc4 [ 6A74EEAEBB658B50F825DFBFD3331542, 4CD1637C04D4E8E81300981AF81DD52D684E1DDCBBC8AB79CFE12E1EDE7FB668 ] sptd F:\WINDOWS\system32\Drivers\sptd.sys
07:25:08.0140 0x0fc4 Suspicious file ( NoAccess ): F:\WINDOWS\system32\Drivers\sptd.sys. md5: 6A74EEAEBB658B50F825DFBFD3331542, sha256: 4CD1637C04D4E8E81300981AF81DD52D684E1DDCBBC8AB79CFE12E1EDE7FB668
07:25:08.0140 0x0fc4 sptd - detected LockedFile.Multi.Generic ( 1 )
07:25:10.0734 0x0fc4 sptd ( LockedFile.Multi.Generic ) - warning
07:25:13.0265 0x0fc4 [ 3612108D36EA74F6F9FC5005E88E353B, 643BB3DC5C5F7AAA57E770D6FB1416DF744631E46F401A2AE4699BF58516F26E ] SQLBrowser F:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
07:25:13.0328 0x0fc4 SQLBrowser - ok
07:25:13.0421 0x0fc4 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr F:\WINDOWS\system32\DRIVERS\sr.sys
07:25:13.0421 0x0fc4 sr - ok
07:25:13.0515 0x0fc4 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice F:\WINDOWS\System32\srsvc.dll
07:25:13.0546 0x0fc4 srservice - ok
07:25:13.0625 0x0fc4 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv F:\WINDOWS\system32\DRIVERS\srv.sys
07:25:13.0656 0x0fc4 Srv - ok
07:25:13.0718 0x0fc4 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV F:\WINDOWS\System32\ssdpsrv.dll
07:25:13.0734 0x0fc4 SSDPSRV - ok
07:25:13.0843 0x0fc4 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc F:\WINDOWS\system32\wiaservc.dll
07:25:13.0890 0x0fc4 stisvc - ok
07:25:13.0968 0x0fc4 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip F:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:25:13.0968 0x0fc4 streamip - ok
07:25:14.0015 0x0fc4 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum F:\WINDOWS\system32\DRIVERS\swenum.sys
07:25:14.0031 0x0fc4 swenum - ok
07:25:14.0093 0x0fc4 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi F:\WINDOWS\system32\drivers\swmidi.sys
07:25:14.0109 0x0fc4 swmidi - ok
07:25:14.0140 0x0fc4 SwPrv - ok
07:25:14.0187 0x0fc4 symc810 - ok
07:25:14.0234 0x0fc4 symc8xx - ok
07:25:14.0265 0x0fc4 sym_hi - ok
07:25:14.0296 0x0fc4 sym_u3 - ok
07:25:14.0406 0x0fc4 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio F:\WINDOWS\system32\drivers\sysaudio.sys
07:25:14.0437 0x0fc4 sysaudio - ok
07:25:14.0515 0x0fc4 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog F:\WINDOWS\system32\smlogsvc.exe
07:25:14.0531 0x0fc4 SysmonLog - ok
07:25:14.0593 0x0fc4 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv F:\WINDOWS\System32\tapisrv.dll
07:25:14.0640 0x0fc4 TapiSrv - ok
07:25:14.0750 0x0fc4 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip F:\WINDOWS\system32\DRIVERS\tcpip.sys
07:25:14.0796 0x0fc4 Tcpip - ok
07:25:14.0843 0x0fc4 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE F:\WINDOWS\system32\drivers\TDPIPE.sys
07:25:14.0859 0x0fc4 TDPIPE - ok
07:25:14.0921 0x0fc4 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP F:\WINDOWS\system32\drivers\TDTCP.sys
07:25:14.0921 0x0fc4 TDTCP - ok
07:25:15.0625 0x0fc4 [ 97F6FFB8A305A77D25C6C0E07B71D252, 97C5FC73A250FC2016E29148A6A37E54BD74AE983D99AAF4890C059719C93EC2 ] TeamViewer9 F:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
07:25:16.0078 0x0fc4 TeamViewer9 - ok
07:25:16.0171 0x0fc4 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD F:\WINDOWS\system32\DRIVERS\termdd.sys
07:25:16.0171 0x0fc4 TermDD - ok
07:25:16.0265 0x0fc4 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService F:\WINDOWS\System32\termsrv.dll
07:25:16.0296 0x0fc4 TermService - ok
07:25:16.0359 0x0fc4 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes F:\WINDOWS\System32\shsvcs.dll
07:25:16.0375 0x0fc4 Themes - ok
07:25:16.0406 0x0fc4 TosIde - ok
07:25:16.0468 0x0fc4 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks F:\WINDOWS\system32\trkwks.dll
07:25:16.0484 0x0fc4 TrkWks - ok
07:25:16.0515 0x0fc4 Trufos - ok
07:25:16.0593 0x0fc4 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs F:\WINDOWS\system32\drivers\Udfs.sys
07:25:16.0625 0x0fc4 Udfs - ok
07:25:16.0656 0x0fc4 ultra - ok
07:25:16.0750 0x0fc4 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update F:\WINDOWS\system32\DRIVERS\update.sys
07:25:16.0781 0x0fc4 Update - ok
07:25:16.0875 0x0fc4 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost F:\WINDOWS\System32\upnphost.dll
07:25:16.0906 0x0fc4 upnphost - ok
07:25:16.0953 0x0fc4 upperdev - ok
07:25:17.0000 0x0fc4 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS F:\WINDOWS\System32\ups.exe
07:25:17.0015 0x0fc4 UPS - ok
07:25:17.0093 0x0fc4 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci F:\WINDOWS\system32\DRIVERS\usbehci.sys
07:25:17.0093 0x0fc4 usbehci - ok
07:25:17.0140 0x0fc4 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub F:\WINDOWS\system32\DRIVERS\usbhub.sys
07:25:17.0156 0x0fc4 usbhub - ok
07:25:17.0234 0x0fc4 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint F:\WINDOWS\system32\DRIVERS\usbprint.sys
07:25:17.0234 0x0fc4 usbprint - ok
07:25:17.0296 0x0fc4 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan F:\WINDOWS\system32\DRIVERS\usbscan.sys
07:25:17.0312 0x0fc4 usbscan - ok
07:25:17.0406 0x0fc4 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:25:17.0421 0x0fc4 USBSTOR - ok
07:25:17.0453 0x0fc4 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci F:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:25:17.0468 0x0fc4 usbuhci - ok
07:25:17.0531 0x0fc4 [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E, CFA47A71403419CA7C94333B4F7766DFC97C5DCDBC3AD1B106044B93C979A5C5 ] usb_rndisx F:\WINDOWS\system32\DRIVERS\usb8023x.sys
07:25:17.0531 0x0fc4 usb_rndisx - ok
07:25:17.0609 0x0fc4 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave F:\WINDOWS\System32\drivers\vga.sys
07:25:17.0625 0x0fc4 VgaSave - ok
07:25:17.0703 0x0fc4 [ 0E3E3FAE3A0A58B8D936A8E841A17D16, 956CE2A9D527DFA7E6D1800B0EBFC05D2CC40EAA8FB5580BAF5B4607D19BB078 ] viaagp1 F:\WINDOWS\system32\DRIVERS\viaagp1.sys
07:25:17.0703 0x0fc4 viaagp1 - ok
07:25:17.0765 0x0fc4 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde F:\WINDOWS\system32\DRIVERS\viaide.sys
07:25:17.0781 0x0fc4 ViaIde - ok
07:25:17.0843 0x0fc4 [ A6FCCA426660D3FC5A5CB7C0623A257B, CDB97DCBC82525052F118964D1DE75CED63B47DED01799004D191AFB797981EE ] VIAudio F:\WINDOWS\system32\drivers\vinyl97.sys
07:25:17.0859 0x0fc4 VIAudio - ok
07:25:17.0937 0x0fc4 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap F:\WINDOWS\system32\drivers\VolSnap.sys
07:25:17.0937 0x0fc4 VolSnap - ok
07:25:18.0015 0x0fc4 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS F:\WINDOWS\System32\vssvc.exe
07:25:18.0046 0x0fc4 VSS - ok
07:25:18.0140 0x0fc4 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time F:\WINDOWS\System32\w32time.dll
07:25:18.0187 0x0fc4 W32Time - ok
07:25:18.0265 0x0fc4 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp F:\WINDOWS\system32\DRIVERS\wanarp.sys
07:25:18.0281 0x0fc4 Wanarp - ok
07:25:18.0375 0x0fc4 [ A38370DF15EF4D1033ACB963E68570C5, D20237BDBC21CB207457839AA7206BA389A27D203D896AD0B4ADD673C1E7F6CE ] WBHWDOCT F:\WINDOWS\system32\drivers\WBHWDOCT.sys
07:25:18.0375 0x0fc4 WBHWDOCT - ok
07:25:18.0453 0x0fc4 [ A826E07DE3C43F352C049532F84A0260, 5B708030914A216C726639B0F12082A9063B2DC7BB47DBD87AEA6B7F51ECEE86 ] wceusbsh F:\WINDOWS\system32\DRIVERS\wceusbsh.sys
07:25:18.0453 0x0fc4 wceusbsh - ok
07:25:18.0546 0x0fc4 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000 F:\WINDOWS\system32\Drivers\wdf01000.sys
07:25:18.0593 0x0fc4 Wdf01000 - ok
07:25:18.0640 0x0fc4 WDICA - ok
07:25:18.0703 0x0fc4 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud F:\WINDOWS\system32\drivers\wdmaud.sys
07:25:18.0703 0x0fc4 wdmaud - ok
07:25:18.0781 0x0fc4 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient F:\WINDOWS\System32\webclnt.dll
07:25:18.0796 0x0fc4 WebClient - ok
07:25:18.0937 0x0fc4 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt F:\WINDOWS\system32\wbem\WMIsvc.dll
07:25:18.0953 0x0fc4 winmgmt - ok
07:25:19.0078 0x0fc4 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN F:\WINDOWS\system32\MsPMSNSv.dll
07:25:19.0093 0x0fc4 WmdmPmSN - ok
07:25:19.0203 0x0fc4 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv F:\WINDOWS\System32\wbem\wmiapsrv.exe
07:25:19.0203 0x0fc4 WmiApSrv - ok
07:25:19.0453 0x0fc4 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc F:\Program Files\Windows Media Player\WMPNetwk.exe
07:25:19.0500 0x0fc4 WMPNetworkSvc - ok
07:25:19.0593 0x0fc4 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb F:\WINDOWS\system32\DRIVERS\wpdusb.sys
07:25:19.0593 0x0fc4 WpdUsb - ok
07:25:19.0828 0x0fc4 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:25:20.0015 0x0fc4 WPFFontCache_v0400 - ok
07:25:20.0109 0x0fc4 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc F:\WINDOWS\system32\wscsvc.dll
07:25:20.0125 0x0fc4 wscsvc - ok
07:25:20.0218 0x0fc4 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC F:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:25:20.0218 0x0fc4 WSTCODEC - ok
07:25:20.0296 0x0fc4 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv F:\WINDOWS\system32\wuauserv.dll
07:25:20.0406 0x0fc4 wuauserv - ok
07:25:20.0468 0x0fc4 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf F:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:25:20.0484 0x0fc4 WudfPf - ok
07:25:20.0531 0x0fc4 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd F:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:25:20.0546 0x0fc4 WudfRd - ok
07:25:20.0609 0x0fc4 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc F:\WINDOWS\System32\WUDFSvc.dll
07:25:20.0625 0x0fc4 WudfSvc - ok
07:25:20.0734 0x0fc4 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC F:\WINDOWS\System32\wzcsvc.dll
07:25:20.0765 0x0fc4 WZCSVC - ok
07:25:20.0843 0x0fc4 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov F:\WINDOWS\System32\xmlprov.dll
07:25:20.0921 0x0fc4 xmlprov - ok
07:25:20.0984 0x0fc4 ================ Scan global ===============================
07:25:21.0031 0x0fc4 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] F:\WINDOWS\system32\basesrv.dll
07:25:21.0109 0x0fc4 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] F:\WINDOWS\system32\winsrv.dll
07:25:21.0187 0x0fc4 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] F:\WINDOWS\system32\winsrv.dll
07:25:21.0265 0x0fc4 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] F:\WINDOWS\system32\services.exe
07:25:21.0281 0x0fc4 [ Global ] - ok
07:25:21.0296 0x0fc4 ================ Scan MBR ==================================
07:25:21.0328 0x0fc4 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:25:21.0609 0x0fc4 \Device\Harddisk0\DR0 - ok
07:25:21.0656 0x0fc4 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
07:25:21.0671 0x0fc4 \Device\Harddisk1\DR1 - ok
07:25:21.0687 0x0fc4 ================ Scan VBR ==================================
07:25:21.0718 0x0fc4 [ 558FA4C5F4C7DAFCBC88D363F349DF77 ] \Device\Harddisk0\DR0\Partition1
07:25:21.0718 0x0fc4 \Device\Harddisk0\DR0\Partition1 - ok
07:25:21.0750 0x0fc4 [ 00038F898BFC127EF39BD7D166F7E2D8 ] \Device\Harddisk1\DR1\Partition1
07:25:21.0750 0x0fc4 \Device\Harddisk1\DR1\Partition1 - ok
07:25:21.0750 0x0fc4 Waiting for KSN requests completion. In queue: 57
07:25:22.0750 0x0fc4 Waiting for KSN requests completion. In queue: 57
07:25:23.0750 0x0fc4 Waiting for KSN requests completion. In queue: 57
07:25:24.0812 0x0fc4 AV detected via SS1: Virgin Media Security Anti-Virus, 9.0.34, disabled, updated
07:25:24.0812 0x0fc4 AV detected via SS1: avast! Antivirus, 5.0.150996962, enabled, updated
07:25:24.0812 0x0fc4 FW detected via SS1: Virgin Media Security Firewall, 9.0.34, disabled
07:25:24.0828 0x0fc4 Win FW state via NFM: enabled
07:25:27.0234 0x0fc4 ============================================================
07:25:27.0234 0x0fc4 Scan finished
07:25:27.0234 0x0fc4 ============================================================
07:25:27.0281 0x061c Detected object count: 1
07:25:27.0281 0x061c Actual detected object count: 1
07:25:38.0109 0x061c sptd ( LockedFile.Multi.Generic ) - skipped by user
07:25:38.0125 0x061c sptd ( LockedFile.Multi.Generic ) - User select action: Skip
07:25:44.0859 0x0aac ============================================================
07:25:44.0859 0x0aac Scan started
07:25:44.0859 0x0aac Mode: Manual;
07:25:44.0859 0x0aac ============================================================
07:25:44.0859 0x0aac KSN ping started
07:25:47.0281 0x0aac KSN ping finished: true
07:25:47.0843 0x0aac ================ Scan system memory ========================
07:25:47.0843 0x0aac System memory - ok
07:25:47.0859 0x0aac ================ Scan services =============================
07:25:48.0000 0x0aac [ 01E81C84AD1D0ACC61CF3CFD06632210, 1140756BA2F28CA8DFCFF8FD223654E6A78BA1B770A169CC557ECE0E01381B17 ] !SASCORE F:\Program Files\SUPERAntiSpyware\SASCORE.EXE
07:25:48.0015 0x0aac !SASCORE - ok
07:25:48.0671 0x0aac Abiosdsk - ok
07:25:48.0703 0x0aac abp480n5 - ok
07:25:48.0781 0x0aac [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI F:\WINDOWS\system32\DRIVERS\ACPI.sys
07:25:48.0812 0x0aac ACPI - ok
07:25:48.0859 0x0aac [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC F:\WINDOWS\system32\drivers\ACPIEC.sys
07:25:48.0875 0x0aac ACPIEC - ok
07:25:48.0984 0x0aac [ 7C7E868E1D8096ED08D80FF7712BB9D8, EB4438F3CC377728173E018A763F0D0A8D5BBA4A289F554036D06B24030D2D62 ] AdobeFlashPlayerUpdateSvc F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:25:49.0000 0x0aac AdobeFlashPlayerUpdateSvc - ok
07:25:49.0031 0x0aac adpu160m - ok
07:25:49.0109 0x0aac [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec F:\WINDOWS\system32\drivers\aec.sys
07:25:49.0125 0x0aac aec - ok
07:25:49.0203 0x0aac [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD F:\WINDOWS\System32\drivers\afd.sys
07:25:49.0203 0x0aac AFD - ok
07:25:49.0234 0x0aac AFGMp50 - ok
07:25:49.0281 0x0aac AFGSp50 - ok
07:25:49.0312 0x0aac Aha154x - ok
07:25:49.0359 0x0aac aic78u2 - ok
07:25:49.0390 0x0aac aic78xx - ok
07:25:49.0453 0x0aac [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter F:\WINDOWS\system32\alrsvc.dll
07:25:49.0468 0x0aac Alerter - ok
07:25:49.0515 0x0aac [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG F:\WINDOWS\System32\alg.exe
07:25:49.0515 0x0aac ALG - ok
07:25:49.0546 0x0aac AliIde - ok
07:25:49.0625 0x0aac [ 8FCE268CDBDD83B23419D1F35F42C7B1, DF1A5097DC5B5C35427460E866E16ED25C3DDD9217065B26C3214A5674BE37DB ] AmdK7 F:\WINDOWS\system32\DRIVERS\amdk7.sys
07:25:49.0625 0x0aac AmdK7 - ok
07:25:49.0671 0x0aac amsint - ok
07:25:49.0828 0x0aac [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:25:49.0843 0x0aac Apple Mobile Device - ok
07:25:49.0906 0x0aac asc - ok
07:25:49.0937 0x0aac asc3350p - ok
07:25:49.0968 0x0aac asc3550 - ok
07:25:50.0187 0x0aac [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:25:50.0187 0x0aac aspnet_state - ok
07:25:50.0234 0x0aac [ 4D6C6E0505A8E5A0656DCB223497D37C, 7F9457AF4B6E4FC6C4F77BD39DB5EB5520C44D22974B9781EA0F984D6830637C ] aswHwid F:\WINDOWS\system32\drivers\aswHwid.sys
07:25:50.0234 0x0aac aswHwid - ok
07:25:50.0312 0x0aac [ 1A2CC93BBD77C2D95A7567938D7D7239, DD082ACA011DA63CC1A69BAD8C42B9DA3A9975194D87B5584A39C91ED92341E3 ] aswMonFlt F:\WINDOWS\system32\drivers\aswMonFlt.sys
07:25:50.0328 0x0aac aswMonFlt - ok
07:25:50.0390 0x0aac [ 46B3ABE51856A9F5B2ABBA0221F4C360, EAAE03D497BA03EAE5EC0D29ADD7FBCED7E744B45071A9CA706D3B78F24D2868 ] AswRdr F:\WINDOWS\system32\drivers\aswRdr.sys
07:25:50.0390 0x0aac AswRdr - ok
07:25:50.0468 0x0aac [ 24B3BDA01DB3A704E33A5266C7B52DAF, FB2555504570E8FD6AA251BE9D05EDC2B73596EF830384130556EC64E518FE65 ] aswRvrt F:\WINDOWS\system32\drivers\aswRvrt.sys
07:25:50.0468 0x0aac aswRvrt - ok
07:25:50.0609 0x0aac [ A148A36F871BFDBF80654D28D6B59FAE, BA7B127D2B64EF969D0C040589CB740E068DF7CE8B964B3CABB7511BCD389DC5 ] aswSnx F:\WINDOWS\system32\drivers\aswSnx.sys
07:25:50.0640 0x0aac aswSnx - ok
07:25:50.0750 0x0aac [ EBD3B15E2E01EE94BA5262FAFC691A8E, F58A08B5467FCF527DC97E000496284584DFF890AAC3E19BC650FF160DD2EA79 ] aswSP F:\WINDOWS\system32\drivers\aswSP.sys
07:25:50.0765 0x0aac aswSP - ok
07:25:50.0828 0x0aac [ AF01CD260A9EF60B09029C9F5EF99040, C74A94598DC8DBD3AB13E43A60ED12698A121332446867FC3B75745626E0B7CB ] aswTdi F:\WINDOWS\system32\drivers\aswTdi.sys
07:25:50.0828 0x0aac aswTdi - ok
07:25:50.0906 0x0aac [ B2D7EE52633CA8831DDAFCA81C2D46C3, 017C6C376520380F29AF465F1464C3652D421C4B873B7AC2647498F356032361 ] aswVmm F:\WINDOWS\system32\drivers\aswVmm.sys
07:25:50.0921 0x0aac aswVmm - ok
07:25:51.0000 0x0aac [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac F:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:25:51.0000 0x0aac AsyncMac - ok
07:25:51.0046 0x0aac [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi F:\WINDOWS\system32\DRIVERS\atapi.sys
07:25:51.0046 0x0aac atapi - ok
07:25:51.0093 0x0aac Atdisk - ok
07:25:51.0156 0x0aac [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc F:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:25:51.0156 0x0aac Atmarpc - ok
07:25:51.0234 0x0aac [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv F:\WINDOWS\System32\audiosrv.dll
07:25:51.0234 0x0aac AudioSrv - ok
07:25:51.0296 0x0aac [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub F:\WINDOWS\system32\DRIVERS\audstub.sys
07:25:51.0296 0x0aac audstub - ok
07:25:51.0515 0x0aac [ 37D17AE2936867F88EB3C4CBCBC6B8A1, E1F4D288CE1E5482A5594C8F9EEDE1E8134466F5E0C7DA32D88985497CD8588B ] avast! Antivirus F:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:25:51.0531 0x0aac avast! Antivirus - ok
07:25:51.0609 0x0aac [ 9B281F5F673CBC5B9EC886D59E0B4F26, 1A4F16705EA6F5283D476C3C4C1F62AA4305A1FB7B9A63D02B41DBD3D8E6DF92 ] bdfsfltr F:\WINDOWS\system32\drivers\bdfsfltr.sys
07:25:51.0625 0x0aac bdfsfltr - ok
07:25:51.0687 0x0aac [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep F:\WINDOWS\system32\drivers\Beep.sys
07:25:51.0687 0x0aac Beep - ok
07:25:51.0765 0x0aac [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS F:\WINDOWS\system32\qmgr.dll
07:25:51.0796 0x0aac BITS - ok
07:25:51.0953 0x0aac [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service F:\Program Files\Bonjour\mDNSResponder.exe
07:25:51.0968 0x0aac Bonjour Service - ok
07:25:52.0046 0x0aac [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser F:\WINDOWS\System32\browser.dll
07:25:52.0046 0x0aac Browser - ok
07:25:52.0109 0x0aac [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k F:\WINDOWS\system32\drivers\cbidf2k.sys
07:25:52.0109 0x0aac cbidf2k - ok
07:25:52.0187 0x0aac [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE F:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:25:52.0187 0x0aac CCDECODE - ok
07:25:52.0234 0x0aac cd20xrnt - ok
07:25:52.0281 0x0aac [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio F:\WINDOWS\system32\drivers\Cdaudio.sys
07:25:52.0296 0x0aac Cdaudio - ok
07:25:52.0343 0x0aac [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs F:\WINDOWS\system32\drivers\Cdfs.sys
07:25:52.0359 0x0aac Cdfs - ok
07:25:52.0390 0x0aac [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom F:\WINDOWS\system32\DRIVERS\cdrom.sys
07:25:52.0390 0x0aac Cdrom - ok
07:25:52.0437 0x0aac Changer - ok
07:25:52.0562 0x0aac [ F9894A04E543D02539A4DB58BC44D5CF, 1B61581DFC78E2923E898DABCE295E7CF4F854CA17A91A97B6E73364FB701B13 ] chromoting F:\Program Files\Google\Chrome Remote Desktop\34.0.1847.86\remoting_host.exe
07:25:52.0562 0x0aac chromoting - ok
07:25:52.0625 0x0aac [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc F:\WINDOWS\system32\cisvc.exe
07:25:52.0640 0x0aac CiSvc - ok
07:25:52.0671 0x0aac [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv F:\WINDOWS\system32\clipsrv.exe
07:25:52.0671 0x0aac ClipSrv - ok
07:25:52.0765 0x0aac [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:25:52.0765 0x0aac clr_optimization_v2.0.50727_32 - ok
07:25:53.0046 0x0aac [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:25:53.0046 0x0aac clr_optimization_v4.0.30319_32 - ok
07:25:53.0093 0x0aac CmdIde - ok
07:25:53.0125 0x0aac COMSysApp - ok
07:25:53.0187 0x0aac Cpqarray - ok
07:25:53.0265 0x0aac [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc F:\WINDOWS\System32\cryptsvc.dll
07:25:53.0265 0x0aac CryptSvc - ok
07:25:53.0375 0x0aac [ CB6FF7012BB5D59D7C12350DB795CE1F, D0C614B206B69EBE735CFB158703730B42A72A46F6808D0D1C7385E3C1434AC5 ] ctxusbm F:\WINDOWS\system32\DRIVERS\ctxusbm.sys
07:25:53.0375 0x0aac ctxusbm - ok
07:25:53.0406 0x0aac dac2w2k - ok
07:25:53.0437 0x0aac dac960nt - ok
07:25:53.0531 0x0aac [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch F:\WINDOWS\system32\rpcss.dll
07:25:53.0546 0x0aac DcomLaunch - ok
07:25:53.0656 0x0aac [ 65C7122D1115A4E1DB3E8C11DF919A40, 1F26A0AE6F8C2F758C926EDF8F550539485C2611DF8C2EB24DA607A578C71CE6 ] DefragFS F:\WINDOWS\system32\drivers\DefragFS.sys
07:25:53.0656 0x0aac DefragFS - ok
07:25:53.0734 0x0aac [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp F:\WINDOWS\System32\dhcpcsvc.dll
07:25:53.0734 0x0aac Dhcp - ok
07:25:53.0812 0x0aac [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk F:\WINDOWS\system32\DRIVERS\disk.sys
07:25:53.0812 0x0aac Disk - ok
07:25:53.0859 0x0aac dmadmin - ok
07:25:53.0937 0x0aac [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot F:\WINDOWS\system32\drivers\dmboot.sys
07:25:53.0968 0x0aac dmboot - ok
07:25:54.0046 0x0aac [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio F:\WINDOWS\system32\drivers\dmio.sys
07:25:54.0062 0x0aac dmio - ok
07:25:54.0125 0x0aac [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload F:\WINDOWS\system32\drivers\dmload.sys
07:25:54.0125 0x0aac dmload - ok
07:25:54.0203 0x0aac [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver F:\WINDOWS\System32\dmserver.dll
07:25:54.0218 0x0aac dmserver - ok
07:25:54.0265 0x0aac [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic F:\WINDOWS\system32\drivers\DMusic.sys
07:25:54.0265 0x0aac DMusic - ok
07:25:54.0328 0x0aac [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache F:\WINDOWS\System32\dnsrslvr.dll
07:25:54.0328 0x0aac Dnscache - ok
07:25:54.0406 0x0aac [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc F:\WINDOWS\System32\dot3svc.dll
07:25:54.0406 0x0aac Dot3svc - ok
07:25:54.0453 0x0aac dpti2o - ok
07:25:54.0515 0x0aac [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud F:\WINDOWS\system32\drivers\drmkaud.sys
07:25:54.0515 0x0aac drmkaud - ok
07:25:54.0593 0x0aac [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost F:\WINDOWS\System32\eapsvc.dll
07:25:54.0593 0x0aac EapHost - ok
07:25:54.0656 0x0aac [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc F:\WINDOWS\System32\ersvc.dll
07:25:54.0671 0x0aac ERSvc - ok
07:25:54.0734 0x0aac [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog F:\WINDOWS\system32\services.exe
07:25:54.0750 0x0aac Eventlog - ok
07:25:54.0828 0x0aac [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem F:\WINDOWS\System32\es.dll
07:25:54.0843 0x0aac EventSystem - ok
07:25:54.0921 0x0aac [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat F:\WINDOWS\system32\drivers\Fastfat.sys
07:25:54.0937 0x0aac Fastfat - ok
07:25:55.0015 0x0aac [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility F:\WINDOWS\System32\shsvcs.dll
07:25:55.0031 0x0aac FastUserSwitchingCompatibility - ok
07:25:55.0093 0x0aac [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc F:\WINDOWS\system32\DRIVERS\fdc.sys
07:25:55.0093 0x0aac Fdc - ok
07:25:55.0156 0x0aac [ E9648254056BCE81A85380C0C3647DC4, AE58F498BD1C33360FE3BB9EA22C13EA562206B68E7946B587CB5A6DF94586A1 ] FETNDIS F:\WINDOWS\system32\DRIVERS\fetnd5.sys
07:25:55.0156 0x0aac FETNDIS - ok
07:25:55.0234 0x0aac [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips F:\WINDOWS\system32\drivers\Fips.sys
07:25:55.0250 0x0aac Fips - ok
07:25:55.0312 0x0aac [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk F:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:25:55.0312 0x0aac Flpydisk - ok
07:25:55.0375 0x0aac [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr F:\WINDOWS\system32\drivers\fltmgr.sys
07:25:55.0390 0x0aac FltMgr - ok
07:25:55.0500 0x0aac [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:25:55.0500 0x0aac FontCache3.0.0.0 - ok
07:25:55.0562 0x0aac [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec F:\WINDOWS\system32\drivers\Fs_Rec.sys
07:25:55.0578 0x0aac Fs_Rec - ok
07:25:55.0625 0x0aac [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk F:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:25:55.0625 0x0aac Ftdisk - ok
07:25:55.0703 0x0aac [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM F:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:25:55.0703 0x0aac GEARAspiWDM - ok
07:25:55.0781 0x0aac [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc F:\WINDOWS\system32\DRIVERS\msgpc.sys
07:25:55.0781 0x0aac Gpc - ok
07:25:55.0859 0x0aac [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate F:\Program Files\Google\Update\GoogleUpdate.exe
07:25:55.0875 0x0aac gupdate - ok
07:25:55.0921 0x0aac [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem F:\Program Files\Google\Update\GoogleUpdate.exe
07:25:55.0921 0x0aac gupdatem - ok
07:25:56.0015 0x0aac [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:25:56.0031 0x0aac gusvc - ok
07:25:56.0125 0x0aac [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc F:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:25:56.0140 0x0aac helpsvc - ok
07:25:56.0218 0x0aac [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc F:\WINDOWS\System32\kmsvc.dll
07:25:56.0234 0x0aac hkmsvc - ok
07:25:56.0265 0x0aac hpn - ok
07:25:56.0343 0x0aac [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP F:\WINDOWS\system32\Drivers\HTTP.sys
07:25:56.0359 0x0aac HTTP - ok
07:25:56.0421 0x0aac [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter F:\WINDOWS\System32\w3ssl.dll
07:25:56.0437 0x0aac HTTPFilter - ok

keithy397 · 2014/05/12

Part 3
07:25:56.0484 0x0aac i2omgmt - ok
07:25:56.0531 0x0aac i2omp - ok
07:25:56.0593 0x0aac [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt F:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:25:56.0593 0x0aac i8042prt - ok
07:25:56.0671 0x0aac [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:25:56.0671 0x0aac IDriverT - ok
07:25:56.0859 0x0aac [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:25:56.0890 0x0aac idsvc - ok
07:25:56.0953 0x0aac [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi F:\WINDOWS\system32\DRIVERS\imapi.sys
07:25:56.0968 0x0aac Imapi - ok
07:25:57.0031 0x0aac [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService F:\WINDOWS\System32\imapi.exe
07:25:57.0046 0x0aac ImapiService - ok
07:25:57.0093 0x0aac ini910u - ok
07:25:57.0156 0x0aac IntelIde - ok
07:25:57.0218 0x0aac [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw F:\WINDOWS\system32\drivers\ip6fw.sys
07:25:57.0218 0x0aac ip6fw - ok
07:25:57.0281 0x0aac [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver F:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:25:57.0296 0x0aac IpFilterDriver - ok
07:25:57.0359 0x0aac [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp F:\WINDOWS\system32\DRIVERS\ipinip.sys
07:25:57.0359 0x0aac IpInIp - ok
07:25:57.0421 0x0aac [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat F:\WINDOWS\system32\DRIVERS\ipnat.sys
07:25:57.0421 0x0aac IpNat - ok
07:25:57.0578 0x0aac [ 463790AEF94D8EAB674631257F53252E, A02972457F45AD6816CB5F60DE4CD15D68256695FA0F3E4EAD6F9E36CBE54576 ] iPod Service F:\Program Files\iPod\bin\iPodService.exe
07:25:57.0593 0x0aac iPod Service - ok
07:25:57.0640 0x0aac [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec F:\WINDOWS\system32\DRIVERS\ipsec.sys
07:25:57.0656 0x0aac IPSec - ok
07:25:57.0734 0x0aac [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM F:\WINDOWS\system32\DRIVERS\irenum.sys
07:25:57.0734 0x0aac IRENUM - ok
07:25:57.0796 0x0aac [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp F:\WINDOWS\system32\DRIVERS\isapnp.sys
07:25:57.0796 0x0aac isapnp - ok
07:25:57.0875 0x0aac [ 8F1BA487B35F0C8F637E05113AA815F8, ADD27A92A56D271BD841B303E1813D8449158E683BAC595B8E5B5E145F7693AE ] itchfltr F:\WINDOWS\system32\DRIVERS\itchfltr.sys
07:25:57.0875 0x0aac itchfltr - ok
07:25:57.0921 0x0aac [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass F:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:25:57.0921 0x0aac Kbdclass - ok
07:25:57.0953 0x0aac kednl6 - ok
07:25:58.0046 0x0aac [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer F:\WINDOWS\system32\drivers\kmixer.sys
07:25:58.0046 0x0aac kmixer - ok
07:25:58.0125 0x0aac [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD F:\WINDOWS\system32\drivers\KSecDD.sys
07:25:58.0125 0x0aac KSecDD - ok
07:25:58.0218 0x0aac [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver F:\WINDOWS\System32\srvsvc.dll
07:25:58.0218 0x0aac lanmanserver - ok
07:25:58.0296 0x0aac [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation F:\WINDOWS\System32\wkssvc.dll
07:25:58.0312 0x0aac lanmanworkstation - ok
07:25:58.0359 0x0aac lbrtfdc - ok
07:25:58.0468 0x0aac [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts F:\WINDOWS\System32\lmhsvc.dll
07:25:58.0468 0x0aac LmHosts - ok
07:25:58.0531 0x0aac [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger F:\WINDOWS\System32\msgsvc.dll
07:25:58.0546 0x0aac Messenger - ok
07:25:58.0609 0x0aac [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd F:\WINDOWS\system32\drivers\mnmdd.sys
07:25:58.0609 0x0aac mnmdd - ok
07:25:58.0687 0x0aac [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc F:\WINDOWS\System32\mnmsrvc.exe
07:25:58.0703 0x0aac mnmsrvc - ok
07:25:58.0765 0x0aac [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem F:\WINDOWS\system32\drivers\Modem.sys
07:25:58.0781 0x0aac Modem - ok
07:25:58.0812 0x0aac [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass F:\WINDOWS\system32\DRIVERS\mouclass.sys
07:25:58.0828 0x0aac Mouclass - ok
07:25:58.0875 0x0aac [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr F:\WINDOWS\system32\drivers\MountMgr.sys
07:25:58.0875 0x0aac MountMgr - ok
07:25:58.0937 0x0aac [ E1B6FCAE82474FC071155263E2841D54, 341E2CEB1A86586730130311C4FAF86851151D5F08EF915A5F89B6C4094AE1F4 ] MozillaMaintenance F:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:25:58.0937 0x0aac MozillaMaintenance - ok
07:25:58.0984 0x0aac mraid35x - ok
07:25:59.0062 0x0aac [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV F:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:25:59.0078 0x0aac MRxDAV - ok
07:25:59.0171 0x0aac [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb F:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:25:59.0187 0x0aac MRxSmb - ok
07:25:59.0281 0x0aac [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC F:\WINDOWS\System32\msdtc.exe
07:25:59.0281 0x0aac MSDTC - ok
07:25:59.0375 0x0aac [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs F:\WINDOWS\system32\drivers\Msfs.sys
07:25:59.0390 0x0aac Msfs - ok
07:25:59.0421 0x0aac MSIServer - ok
07:25:59.0468 0x0aac [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV F:\WINDOWS\system32\drivers\MSKSSRV.sys
07:25:59.0484 0x0aac MSKSSRV - ok
07:25:59.0546 0x0aac [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK F:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:25:59.0546 0x0aac MSPCLOCK - ok
07:25:59.0609 0x0aac [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM F:\WINDOWS\system32\drivers\MSPQM.sys
07:25:59.0609 0x0aac MSPQM - ok
07:25:59.0687 0x0aac [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios F:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:25:59.0687 0x0aac mssmbios - ok
07:25:59.0796 0x0aac MSSQL$SQLEXPRESS - ok
07:25:59.0921 0x0aac [ ADAF062116B4E6D96E44D26486A87AF6, 1A2EE7C4598E8442F24A5C97FEBF7AC6A20703F7EA9097B6E48BE4A05E231D8C ] MSSQLServerADHelper F:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
07:25:59.0921 0x0aac MSSQLServerADHelper - ok
07:25:59.0984 0x0aac [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE F:\WINDOWS\system32\drivers\MSTEE.sys
07:25:59.0984 0x0aac MSTEE - ok
07:26:00.0046 0x0aac [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup F:\WINDOWS\system32\drivers\Mup.sys
07:26:00.0062 0x0aac Mup - ok
07:26:00.0140 0x0aac [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC F:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:26:00.0140 0x0aac NABTSFEC - ok
07:26:00.0250 0x0aac [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent F:\WINDOWS\System32\qagentrt.dll
07:26:00.0281 0x0aac napagent - ok
07:26:00.0359 0x0aac [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS F:\WINDOWS\system32\drivers\NDIS.sys
07:26:00.0375 0x0aac NDIS - ok
07:26:00.0421 0x0aac [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP F:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:26:00.0421 0x0aac NdisIP - ok
07:26:00.0484 0x0aac [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi F:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:26:00.0484 0x0aac NdisTapi - ok
07:26:00.0546 0x0aac [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio F:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:26:00.0562 0x0aac Ndisuio - ok
07:26:00.0609 0x0aac [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan F:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:26:00.0625 0x0aac NdisWan - ok
07:26:00.0671 0x0aac [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy F:\WINDOWS\system32\drivers\NDProxy.sys
07:26:00.0687 0x0aac NDProxy - ok
07:26:00.0750 0x0aac [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS F:\WINDOWS\system32\DRIVERS\netbios.sys
07:26:00.0750 0x0aac NetBIOS - ok
07:26:00.0812 0x0aac [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT F:\WINDOWS\system32\DRIVERS\netbt.sys
07:26:00.0843 0x0aac NetBT - ok
07:26:00.0906 0x0aac [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE F:\WINDOWS\system32\netdde.exe
07:26:00.0921 0x0aac NetDDE - ok
07:26:00.0953 0x0aac [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm F:\WINDOWS\system32\netdde.exe
07:26:00.0968 0x0aac NetDDEdsdm - ok
07:26:01.0031 0x0aac [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon F:\WINDOWS\System32\lsass.exe
07:26:01.0046 0x0aac Netlogon - ok
07:26:01.0109 0x0aac [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman F:\WINDOWS\System32\netman.dll
07:26:01.0125 0x0aac Netman - ok
07:26:01.0218 0x0aac [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:26:01.0234 0x0aac NetTcpPortSharing - ok
07:26:01.0296 0x0aac [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla F:\WINDOWS\System32\mswsock.dll
07:26:01.0312 0x0aac Nla - ok
07:26:01.0359 0x0aac nmwcdnsu - ok
07:26:01.0421 0x0aac [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs F:\WINDOWS\system32\drivers\Npfs.sys
07:26:01.0421 0x0aac Npfs - ok
07:26:01.0484 0x0aac [ 9131FE60ADFAB595C8DA53AD6A06AA31, 25284CAE27071FA4391765862A81F9BDFC5398ABF4CCF4E2DF5B0972CFE66E72 ] NPPTNT2 F:\WINDOWS\System32\npptNT2.sys
07:26:01.0500 0x0aac NPPTNT2 - ok
07:26:01.0593 0x0aac [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs F:\WINDOWS\system32\drivers\Ntfs.sys
07:26:01.0625 0x0aac Ntfs - ok
07:26:01.0671 0x0aac [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp F:\WINDOWS\System32\lsass.exe
07:26:01.0687 0x0aac NtLmSsp - ok
07:26:01.0765 0x0aac [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc F:\WINDOWS\system32\ntmssvc.dll
07:26:01.0796 0x0aac NtmsSvc - ok
07:26:01.0859 0x0aac [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null F:\WINDOWS\system32\drivers\Null.sys
07:26:01.0859 0x0aac Null - ok
07:26:02.0015 0x0aac [ 71DBDC08DF86B80511E72953FA1AD6B0, 7E4D1BE7548FD9C0FDDA40B54F8728D8167230703009FCBF26F19871B7AA6C16 ] nv F:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:26:02.0078 0x0aac nv - ok
07:26:02.0171 0x0aac [ 5ED834603C36414B579979B3A9C90F54, 0FCDBCEC76935C0DCB8AAD6EA665EFF6249E7B0BA212EC9AFEBB64C5AD86E616 ] NVSvc F:\WINDOWS\System32\nvsvc32.exe
07:26:02.0171 0x0aac NVSvc - ok
07:26:02.0234 0x0aac [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt F:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:26:02.0234 0x0aac NwlnkFlt - ok
07:26:02.0281 0x0aac [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd F:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:26:02.0281 0x0aac NwlnkFwd - ok
07:26:02.0359 0x0aac [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport F:\WINDOWS\system32\DRIVERS\parport.sys
07:26:02.0359 0x0aac Parport - ok
07:26:02.0406 0x0aac [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr F:\WINDOWS\system32\drivers\PartMgr.sys
07:26:02.0421 0x0aac PartMgr - ok
07:26:02.0468 0x0aac [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm F:\WINDOWS\system32\drivers\ParVdm.sys
07:26:02.0484 0x0aac ParVdm - ok
07:26:02.0546 0x0aac [ FD2041E9BA03DB7764B2248F02475079, DECEED110524BF83B4097188BF24BF0DDE1CE838DF7748B0DC807ABE351EB20A ] pccsmcfd F:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
07:26:02.0546 0x0aac pccsmcfd - ok
07:26:02.0609 0x0aac [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI F:\WINDOWS\system32\DRIVERS\pci.sys
07:26:02.0609 0x0aac PCI - ok
07:26:02.0656 0x0aac PCIDump - ok
07:26:02.0703 0x0aac PCIIde - ok
07:26:02.0765 0x0aac [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia F:\WINDOWS\system32\drivers\Pcmcia.sys
07:26:02.0781 0x0aac Pcmcia - ok
07:26:03.0000 0x0aac [ 82D8354DB7CE7131FB939E8482DDF511, C5AD571BC4FF447A82496435D8643D2CF576FEA2A788954D702AC83F511ACF24 ] PDAgent F:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
07:26:03.0031 0x0aac PDAgent - ok
07:26:03.0078 0x0aac PDCOMP - ok
07:26:03.0281 0x0aac [ 3719DE4180E251AB91D8C183F2D949BF, A045FAB951F40EA94BF8E94209E8980D7A357D3B762CFFCEA3767B38246BDEAF ] PDEngine F:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
07:26:03.0312 0x0aac PDEngine - ok
07:26:03.0359 0x0aac PDFRAME - ok
07:26:03.0390 0x0aac PDRELI - ok
07:26:03.0453 0x0aac PDRFRAME - ok
07:26:03.0484 0x0aac perc2 - ok
07:26:03.0515 0x0aac perc2hib - ok
07:26:03.0640 0x0aac [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay F:\WINDOWS\system32\services.exe
07:26:03.0656 0x0aac PlugPlay - ok
07:26:03.0718 0x0aac [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent F:\WINDOWS\System32\lsass.exe
07:26:03.0734 0x0aac PolicyAgent - ok
07:26:03.0796 0x0aac [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport F:\WINDOWS\system32\DRIVERS\raspptp.sys
07:26:03.0796 0x0aac PptpMiniport - ok
07:26:03.0843 0x0aac [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor F:\WINDOWS\system32\DRIVERS\processr.sys
07:26:03.0859 0x0aac Processor - ok
07:26:03.0890 0x0aac Profos - ok
07:26:03.0937 0x0aac [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage F:\WINDOWS\system32\lsass.exe
07:26:03.0953 0x0aac ProtectedStorage - ok
07:26:04.0015 0x0aac [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched F:\WINDOWS\system32\DRIVERS\psched.sys
07:26:04.0015 0x0aac PSched - ok
07:26:04.0078 0x0aac [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink F:\WINDOWS\system32\DRIVERS\ptilink.sys
07:26:04.0078 0x0aac Ptilink - ok
07:26:04.0125 0x0aac ql1080 - ok
07:26:04.0156 0x0aac Ql10wnt - ok
07:26:04.0187 0x0aac ql12160 - ok
07:26:04.0234 0x0aac ql1240 - ok
07:26:04.0265 0x0aac ql1280 - ok
07:26:04.0312 0x0aac RadialpointIDSDriver - ok
07:26:04.0375 0x0aac [ 2457250CA176E7FDE9C3D3B2C94341F0, 2DC9531E2BB5205CB24531AA8E88ECEF9AE457736AA7BDC961B378C1BFD34886 ] RadialpointIDSEH F:\WINDOWS\system32\drivers\AVGIDSEH.sys
07:26:04.0375 0x0aac RadialpointIDSEH - ok
07:26:04.0406 0x0aac RadialpointIDSFilter - ok
07:26:04.0437 0x0aac RadialpointIDSShim - ok
07:26:04.0484 0x0aac [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd F:\WINDOWS\system32\DRIVERS\rasacd.sys
07:26:04.0500 0x0aac RasAcd - ok
07:26:04.0562 0x0aac [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto F:\WINDOWS\System32\rasauto.dll
07:26:04.0578 0x0aac RasAuto - ok
07:26:04.0656 0x0aac [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp F:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:26:04.0656 0x0aac Rasl2tp - ok
07:26:04.0734 0x0aac [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan F:\WINDOWS\System32\rasmans.dll
07:26:04.0765 0x0aac RasMan - ok
07:26:04.0796 0x0aac [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe F:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:26:04.0812 0x0aac RasPppoe - ok
07:26:04.0859 0x0aac [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti F:\WINDOWS\system32\DRIVERS\raspti.sys
07:26:04.0859 0x0aac Raspti - ok
07:26:04.0953 0x0aac [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss F:\WINDOWS\system32\DRIVERS\rdbss.sys
07:26:04.0968 0x0aac Rdbss - ok
07:26:05.0031 0x0aac [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD F:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:26:05.0031 0x0aac RDPCDD - ok
07:26:05.0140 0x0aac [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD F:\WINDOWS\system32\drivers\RDPWD.sys
07:26:05.0140 0x0aac RDPWD - ok
07:26:05.0250 0x0aac [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr F:\WINDOWS\system32\sessmgr.exe
07:26:05.0281 0x0aac RDSessMgr - ok
07:26:05.0406 0x0aac [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service F:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
07:26:05.0406 0x0aac RealNetworks Downloader Resolver Service - ok
07:26:05.0484 0x0aac [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook F:\WINDOWS\system32\DRIVERS\redbook.sys
07:26:05.0484 0x0aac redbook - ok
07:26:05.0562 0x0aac [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess F:\WINDOWS\System32\mprdim.dll
07:26:05.0578 0x0aac RemoteAccess - ok
07:26:05.0656 0x0aac [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator F:\WINDOWS\System32\locator.exe
07:26:05.0656 0x0aac RpcLocator - ok
07:26:05.0734 0x0aac [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs F:\WINDOWS\system32\rpcss.dll
07:26:05.0765 0x0aac RpcSs - ok
07:26:05.0843 0x0aac [ B7E136986BB3DAC249A00E760281F0A9, 58B9E1B09FCA10615C182BED510F95FD1289F52E3BB1524CFF818C326579C74C ] RPPKT F:\WINDOWS\system32\DRIVERS\rp_pkt32.sys
07:26:05.0843 0x0aac RPPKT - ok
07:26:05.0906 0x0aac [ 750D83C39D60964B6BC2B8A75ED7A165, 3E0BAD42C05D6426C4D22B3A14629E142C3DAF2E48AD1B9F27B09FDD5BA240AF ] RPSKT F:\WINDOWS\system32\DRIVERS\rp_skt32.sys
07:26:05.0921 0x0aac RPSKT - ok
07:26:06.0000 0x0aac [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP F:\WINDOWS\System32\rsvp.exe
07:26:06.0015 0x0aac RSVP - ok
07:26:06.0078 0x0aac [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs F:\WINDOWS\system32\lsass.exe
07:26:06.0078 0x0aac SamSs - ok
07:26:06.0140 0x0aac [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:26:06.0140 0x0aac SASDIFSV - ok
07:26:06.0187 0x0aac [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
07:26:06.0203 0x0aac SASKUTIL - ok
07:26:06.0281 0x0aac [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr F:\WINDOWS\System32\SCardSvr.exe
07:26:06.0312 0x0aac SCardSvr - ok
07:26:06.0390 0x0aac [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule F:\WINDOWS\system32\schedsvc.dll
07:26:06.0406 0x0aac Schedule - ok
07:26:06.0484 0x0aac [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv F:\WINDOWS\system32\DRIVERS\secdrv.sys
07:26:06.0484 0x0aac Secdrv - ok
07:26:06.0578 0x0aac [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon F:\WINDOWS\System32\seclogon.dll
07:26:06.0578 0x0aac seclogon - ok
07:26:06.0640 0x0aac [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS F:\WINDOWS\system32\sens.dll
07:26:06.0640 0x0aac SENS - ok
07:26:06.0687 0x0aac [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum F:\WINDOWS\system32\DRIVERS\serenum.sys
07:26:06.0703 0x0aac serenum - ok
07:26:06.0750 0x0aac [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial F:\WINDOWS\system32\DRIVERS\serial.sys
07:26:06.0750 0x0aac Serial - ok
07:26:06.0921 0x0aac [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy F:\WINDOWS\system32\DRIVERS\sfloppy.sys
07:26:06.0921 0x0aac Sfloppy - ok
07:26:07.0015 0x0aac [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess F:\WINDOWS\System32\ipnathlp.dll
07:26:07.0031 0x0aac SharedAccess - ok
07:26:07.0093 0x0aac [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection F:\WINDOWS\System32\shsvcs.dll
07:26:07.0109 0x0aac ShellHWDetection - ok
07:26:07.0140 0x0aac Simbad - ok
07:26:07.0218 0x0aac [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP F:\WINDOWS\system32\DRIVERS\SLIP.sys
07:26:07.0218 0x0aac SLIP - ok
07:26:07.0328 0x0aac [ 088C0AF35D6FF62B48F19A23D91B1DA6, E64E924254C7D775C427BB0D505106A053A28C20A17F6E939A1FB2D120E20ACB ] SNPT513 F:\WINDOWS\system32\DRIVERS\snpt513.sys
07:26:07.0359 0x0aac SNPT513 - ok
07:26:07.0390 0x0aac Sparrow - ok
07:26:07.0437 0x0aac [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter F:\WINDOWS\system32\drivers\splitter.sys
07:26:07.0453 0x0aac splitter - ok
07:26:07.0515 0x0aac [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler F:\WINDOWS\system32\spoolsv.exe
07:26:07.0531 0x0aac Spooler - ok
07:26:07.0640 0x0aac [ 6A74EEAEBB658B50F825DFBFD3331542, 4CD1637C04D4E8E81300981AF81DD52D684E1DDCBBC8AB79CFE12E1EDE7FB668 ] sptd F:\WINDOWS\system32\Drivers\sptd.sys
07:26:07.0640 0x0aac Suspicious file ( NoAccess ): F:\WINDOWS\system32\Drivers\sptd.sys. md5: 6A74EEAEBB658B50F825DFBFD3331542, sha256: 4CD1637C04D4E8E81300981AF81DD52D684E1DDCBBC8AB79CFE12E1EDE7FB668
07:26:07.0640 0x0aac sptd - detected LockedFile.Multi.Generic ( 1 )
07:26:07.0640 0x0aac sptd ( LockedFile.Multi.Generic ) - warning
07:26:10.0156 0x0aac [ 3612108D36EA74F6F9FC5005E88E353B, 643BB3DC5C5F7AAA57E770D6FB1416DF744631E46F401A2AE4699BF58516F26E ] SQLBrowser F:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
07:26:10.0171 0x0aac SQLBrowser - ok
07:26:10.0250 0x0aac [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr F:\WINDOWS\system32\DRIVERS\sr.sys
07:26:10.0250 0x0aac sr - ok
07:26:10.0328 0x0aac [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice F:\WINDOWS\System32\srsvc.dll
07:26:10.0343 0x0aac srservice - ok
07:26:10.0437 0x0aac [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv F:\WINDOWS\system32\DRIVERS\srv.sys
07:26:10.0453 0x0aac Srv - ok
07:26:10.0546 0x0aac [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV F:\WINDOWS\System32\ssdpsrv.dll
07:26:10.0562 0x0aac SSDPSRV - ok
07:26:10.0671 0x0aac [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc F:\WINDOWS\system32\wiaservc.dll
07:26:10.0703 0x0aac stisvc - ok
07:26:10.0765 0x0aac [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip F:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:26:10.0781 0x0aac streamip - ok
07:26:10.0828 0x0aac [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum F:\WINDOWS\system32\DRIVERS\swenum.sys
07:26:10.0828 0x0aac swenum - ok
07:26:10.0890 0x0aac [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi F:\WINDOWS\system32\drivers\swmidi.sys
07:26:10.0906 0x0aac swmidi - ok
07:26:10.0953 0x0aac SwPrv - ok
07:26:11.0015 0x0aac symc810 - ok
07:26:11.0046 0x0aac symc8xx - ok
07:26:11.0093 0x0aac sym_hi - ok
07:26:11.0125 0x0aac sym_u3 - ok
07:26:11.0171 0x0aac [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio F:\WINDOWS\system32\drivers\sysaudio.sys
07:26:11.0187 0x0aac sysaudio - ok
07:26:11.0250 0x0aac [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog F:\WINDOWS\system32\smlogsvc.exe
07:26:11.0281 0x0aac SysmonLog - ok
07:26:11.0375 0x0aac [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv F:\WINDOWS\System32\tapisrv.dll
07:26:11.0406 0x0aac TapiSrv - ok
07:26:11.0484 0x0aac [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip F:\WINDOWS\system32\DRIVERS\tcpip.sys
07:26:11.0515 0x0aac Tcpip - ok
07:26:11.0578 0x0aac [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE F:\WINDOWS\system32\drivers\TDPIPE.sys
07:26:11.0578 0x0aac TDPIPE - ok
07:26:11.0625 0x0aac [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP F:\WINDOWS\system32\drivers\TDTCP.sys
07:26:11.0625 0x0aac TDTCP - ok
07:26:12.0234 0x0aac [ 97F6FFB8A305A77D25C6C0E07B71D252, 97C5FC73A250FC2016E29148A6A37E54BD74AE983D99AAF4890C059719C93EC2 ] TeamViewer9 F:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
07:26:12.0421 0x0aac TeamViewer9 - ok
07:26:12.0515 0x0aac [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD F:\WINDOWS\system32\DRIVERS\termdd.sys
07:26:12.0515 0x0aac TermDD - ok
07:26:12.0593 0x0aac [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService F:\WINDOWS\System32\termsrv.dll
07:26:12.0625 0x0aac TermService - ok
07:26:12.0671 0x0aac [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes F:\WINDOWS\System32\shsvcs.dll
07:26:12.0687 0x0aac Themes - ok
07:26:12.0734 0x0aac TosIde - ok
07:26:12.0796 0x0aac [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks F:\WINDOWS\system32\trkwks.dll
07:26:12.0812 0x0aac TrkWks - ok
07:26:12.0843 0x0aac Trufos - ok
07:26:12.0921 0x0aac [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs F:\WINDOWS\system32\drivers\Udfs.sys
07:26:12.0937 0x0aac Udfs - ok
07:26:12.0968 0x0aac ultra - ok
07:26:13.0046 0x0aac [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update F:\WINDOWS\system32\DRIVERS\update.sys
07:26:13.0078 0x0aac Update - ok
07:26:13.0140 0x0aac [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost F:\WINDOWS\System32\upnphost.dll
07:26:13.0156 0x0aac upnphost - ok
07:26:13.0203 0x0aac upperdev - ok
07:26:13.0250 0x0aac [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS F:\WINDOWS\System32\ups.exe
07:26:13.0265 0x0aac UPS - ok
07:26:13.0343 0x0aac [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci F:\WINDOWS\system32\DRIVERS\usbehci.sys
07:26:13.0343 0x0aac usbehci - ok
07:26:13.0390 0x0aac [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub F:\WINDOWS\system32\DRIVERS\usbhub.sys
07:26:13.0390 0x0aac usbhub - ok
07:26:13.0484 0x0aac [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint F:\WINDOWS\system32\DRIVERS\usbprint.sys
07:26:13.0484 0x0aac usbprint - ok
07:26:13.0562 0x0aac [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan F:\WINDOWS\system32\DRIVERS\usbscan.sys
07:26:13.0562 0x0aac usbscan - ok
07:26:13.0625 0x0aac [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:26:13.0640 0x0aac USBSTOR - ok
07:26:13.0671 0x0aac [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci F:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:26:13.0687 0x0aac usbuhci - ok
07:26:13.0750 0x0aac [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E, CFA47A71403419CA7C94333B4F7766DFC97C5DCDBC3AD1B106044B93C979A5C5 ] usb_rndisx F:\WINDOWS\system32\DRIVERS\usb8023x.sys
07:26:13.0765 0x0aac usb_rndisx - ok
07:26:13.0843 0x0aac [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave F:\WINDOWS\System32\drivers\vga.sys
07:26:13.0843 0x0aac VgaSave - ok
07:26:13.0906 0x0aac [ 0E3E3FAE3A0A58B8D936A8E841A17D16, 956CE2A9D527DFA7E6D1800B0EBFC05D2CC40EAA8FB5580BAF5B4607D19BB078 ] viaagp1 F:\WINDOWS\system32\DRIVERS\viaagp1.sys
07:26:13.0921 0x0aac viaagp1 - ok
07:26:14.0015 0x0aac [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde F:\WINDOWS\system32\DRIVERS\viaide.sys
07:26:14.0015 0x0aac ViaIde - ok
07:26:14.0093 0x0aac [ A6FCCA426660D3FC5A5CB7C0623A257B, CDB97DCBC82525052F118964D1DE75CED63B47DED01799004D191AFB797981EE ] VIAudio F:\WINDOWS\system32\drivers\vinyl97.sys
07:26:14.0109 0x0aac VIAudio - ok

keithy397 · 2014/05/12

Part 4
07:26:14.0171 0x0aac [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap F:\WINDOWS\system32\drivers\VolSnap.sys
07:26:14.0187 0x0aac VolSnap - ok
07:26:14.0281 0x0aac [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS F:\WINDOWS\System32\vssvc.exe
07:26:14.0296 0x0aac VSS - ok
07:26:14.0375 0x0aac [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time F:\WINDOWS\System32\w32time.dll
07:26:14.0390 0x0aac W32Time - ok
07:26:14.0484 0x0aac [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp F:\WINDOWS\system32\DRIVERS\wanarp.sys
07:26:14.0500 0x0aac Wanarp - ok
07:26:14.0562 0x0aac [ A38370DF15EF4D1033ACB963E68570C5, D20237BDBC21CB207457839AA7206BA389A27D203D896AD0B4ADD673C1E7F6CE ] WBHWDOCT F:\WINDOWS\system32\drivers\WBHWDOCT.sys
07:26:14.0562 0x0aac WBHWDOCT - ok
07:26:14.0640 0x0aac [ A826E07DE3C43F352C049532F84A0260, 5B708030914A216C726639B0F12082A9063B2DC7BB47DBD87AEA6B7F51ECEE86 ] wceusbsh F:\WINDOWS\system32\DRIVERS\wceusbsh.sys
07:26:14.0640 0x0aac wceusbsh - ok
07:26:14.0734 0x0aac [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000 F:\WINDOWS\system32\Drivers\wdf01000.sys
07:26:14.0765 0x0aac Wdf01000 - ok
07:26:14.0812 0x0aac WDICA - ok
07:26:14.0875 0x0aac [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud F:\WINDOWS\system32\drivers\wdmaud.sys
07:26:14.0875 0x0aac wdmaud - ok
07:26:14.0953 0x0aac [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient F:\WINDOWS\System32\webclnt.dll
07:26:14.0968 0x0aac WebClient - ok
07:26:15.0109 0x0aac [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt F:\WINDOWS\system32\wbem\WMIsvc.dll
07:26:15.0125 0x0aac winmgmt - ok
07:26:15.0234 0x0aac [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN F:\WINDOWS\system32\MsPMSNSv.dll
07:26:15.0250 0x0aac WmdmPmSN - ok
07:26:15.0343 0x0aac [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv F:\WINDOWS\System32\wbem\wmiapsrv.exe
07:26:15.0343 0x0aac WmiApSrv - ok
07:26:15.0484 0x0aac [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc F:\Program Files\Windows Media Player\WMPNetwk.exe
07:26:15.0531 0x0aac WMPNetworkSvc - ok
07:26:15.0609 0x0aac [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb F:\WINDOWS\system32\DRIVERS\wpdusb.sys
07:26:15.0609 0x0aac WpdUsb - ok
07:26:15.0843 0x0aac [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:26:15.0875 0x0aac WPFFontCache_v0400 - ok
07:26:15.0937 0x0aac [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc F:\WINDOWS\system32\wscsvc.dll
07:26:15.0953 0x0aac wscsvc - ok
07:26:16.0015 0x0aac [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC F:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:26:16.0015 0x0aac WSTCODEC - ok
07:26:16.0093 0x0aac [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv F:\WINDOWS\system32\wuauserv.dll
07:26:16.0093 0x0aac wuauserv - ok
07:26:16.0171 0x0aac [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf F:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:26:16.0171 0x0aac WudfPf - ok
07:26:16.0218 0x0aac [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd F:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:26:16.0234 0x0aac WudfRd - ok
07:26:16.0296 0x0aac [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc F:\WINDOWS\System32\WUDFSvc.dll
07:26:16.0296 0x0aac WudfSvc - ok
07:26:16.0421 0x0aac [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC F:\WINDOWS\System32\wzcsvc.dll
07:26:16.0453 0x0aac WZCSVC - ok
07:26:16.0531 0x0aac [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov F:\WINDOWS\System32\xmlprov.dll
07:26:16.0546 0x0aac xmlprov - ok
07:26:16.0609 0x0aac ================ Scan global ===============================
07:26:16.0671 0x0aac [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] F:\WINDOWS\system32\basesrv.dll
07:26:16.0750 0x0aac [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] F:\WINDOWS\system32\winsrv.dll
07:26:16.0812 0x0aac [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] F:\WINDOWS\system32\winsrv.dll
07:26:16.0890 0x0aac [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] F:\WINDOWS\system32\services.exe
07:26:16.0921 0x0aac [ Global ] - ok
07:26:16.0937 0x0aac ================ Scan MBR ==================================
07:26:16.0968 0x0aac [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:26:17.0156 0x0aac \Device\Harddisk0\DR0 - ok
07:26:17.0187 0x0aac [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
07:26:17.0203 0x0aac \Device\Harddisk1\DR1 - ok
07:26:17.0218 0x0aac ================ Scan VBR ==================================
07:26:17.0234 0x0aac [ 558FA4C5F4C7DAFCBC88D363F349DF77 ] \Device\Harddisk0\DR0\Partition1
07:26:17.0234 0x0aac \Device\Harddisk0\DR0\Partition1 - ok
07:26:17.0265 0x0aac [ 00038F898BFC127EF39BD7D166F7E2D8 ] \Device\Harddisk1\DR1\Partition1
07:26:17.0265 0x0aac \Device\Harddisk1\DR1\Partition1 - ok
07:26:17.0328 0x0aac AV detected via SS1: Virgin Media Security Anti-Virus, 9.0.34, disabled, updated
07:26:17.0328 0x0aac AV detected via SS1: avast! Antivirus, 5.0.150996962, enabled, updated
07:26:17.0328 0x0aac FW detected via SS1: Virgin Media Security Firewall, 9.0.34, disabled
07:26:17.0328 0x0aac Win FW state via NFM: enabled
07:26:19.0703 0x0aac ============================================================
07:26:19.0703 0x0aac Scan finished
07:26:19.0703 0x0aac ============================================================
07:26:19.0765 0x0bb4 Detected object count: 1
07:26:19.0765 0x0bb4 Actual detected object count: 1
07:26:25.0015 0x0bb4 sptd ( LockedFile.Multi.Generic ) - skipped by user
07:26:25.0015 0x0bb4 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
07:26:28.0734 0x0fa8 ============================================================
07:26:28.0734 0x0fa8 Scan started
07:26:28.0734 0x0fa8 Mode: Manual;
07:26:28.0734 0x0fa8 ============================================================
07:26:28.0734 0x0fa8 KSN ping started
07:26:31.0156 0x0fa8 KSN ping finished: true
07:26:31.0359 0x0fa8 ================ Scan system memory ========================
07:26:31.0359 0x0fa8 System memory - ok
07:26:31.0390 0x0fa8 ================ Scan services =============================
07:26:31.0515 0x0fa8 [ 01E81C84AD1D0ACC61CF3CFD06632210, 1140756BA2F28CA8DFCFF8FD223654E6A78BA1B770A169CC557ECE0E01381B17 ] !SASCORE F:\Program Files\SUPERAntiSpyware\SASCORE.EXE
07:26:31.0515 0x0fa8 !SASCORE - ok
07:26:32.0171 0x0fa8 Abiosdsk - ok
07:26:32.0203 0x0fa8 abp480n5 - ok
07:26:32.0296 0x0fa8 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI F:\WINDOWS\system32\DRIVERS\ACPI.sys
07:26:32.0296 0x0fa8 ACPI - ok
07:26:32.0359 0x0fa8 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC F:\WINDOWS\system32\drivers\ACPIEC.sys
07:26:32.0359 0x0fa8 ACPIEC - ok
07:26:32.0468 0x0fa8 [ 7C7E868E1D8096ED08D80FF7712BB9D8, EB4438F3CC377728173E018A763F0D0A8D5BBA4A289F554036D06B24030D2D62 ] AdobeFlashPlayerUpdateSvc F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:26:32.0484 0x0fa8 AdobeFlashPlayerUpdateSvc - ok
07:26:32.0531 0x0fa8 adpu160m - ok
07:26:32.0578 0x0fa8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec F:\WINDOWS\system32\drivers\aec.sys
07:26:32.0593 0x0fa8 aec - ok
07:26:32.0671 0x0fa8 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD F:\WINDOWS\System32\drivers\afd.sys
07:26:32.0671 0x0fa8 AFD - ok
07:26:32.0718 0x0fa8 AFGMp50 - ok
07:26:32.0750 0x0fa8 AFGSp50 - ok
07:26:32.0781 0x0fa8 Aha154x - ok
07:26:32.0812 0x0fa8 aic78u2 - ok
07:26:32.0843 0x0fa8 aic78xx - ok
07:26:32.0906 0x0fa8 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter F:\WINDOWS\system32\alrsvc.dll
07:26:32.0921 0x0fa8 Alerter - ok
07:26:32.0984 0x0fa8 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG F:\WINDOWS\System32\alg.exe
07:26:32.0984 0x0fa8 ALG - ok
07:26:33.0015 0x0fa8 AliIde - ok
07:26:33.0093 0x0fa8 [ 8FCE268CDBDD83B23419D1F35F42C7B1, DF1A5097DC5B5C35427460E866E16ED25C3DDD9217065B26C3214A5674BE37DB ] AmdK7 F:\WINDOWS\system32\DRIVERS\amdk7.sys
07:26:33.0093 0x0fa8 AmdK7 - ok
07:26:33.0140 0x0fa8 amsint - ok
07:26:33.0296 0x0fa8 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:26:33.0296 0x0fa8 Apple Mobile Device - ok
07:26:33.0343 0x0fa8 asc - ok
07:26:33.0390 0x0fa8 asc3350p - ok
07:26:33.0421 0x0fa8 asc3550 - ok
07:26:33.0640 0x0fa8 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:26:33.0640 0x0fa8 aspnet_state - ok
07:26:33.0687 0x0fa8 [ 4D6C6E0505A8E5A0656DCB223497D37C, 7F9457AF4B6E4FC6C4F77BD39DB5EB5520C44D22974B9781EA0F984D6830637C ] aswHwid F:\WINDOWS\system32\drivers\aswHwid.sys
07:26:33.0687 0x0fa8 aswHwid - ok
07:26:33.0765 0x0fa8 [ 1A2CC93BBD77C2D95A7567938D7D7239, DD082ACA011DA63CC1A69BAD8C42B9DA3A9975194D87B5584A39C91ED92341E3 ] aswMonFlt F:\WINDOWS\system32\drivers\aswMonFlt.sys
07:26:33.0781 0x0fa8 aswMonFlt - ok
07:26:33.0859 0x0fa8 [ 46B3ABE51856A9F5B2ABBA0221F4C360, EAAE03D497BA03EAE5EC0D29ADD7FBCED7E744B45071A9CA706D3B78F24D2868 ] AswRdr F:\WINDOWS\system32\drivers\aswRdr.sys
07:26:33.0859 0x0fa8 AswRdr - ok
07:26:33.0937 0x0fa8 [ 24B3BDA01DB3A704E33A5266C7B52DAF, FB2555504570E8FD6AA251BE9D05EDC2B73596EF830384130556EC64E518FE65 ] aswRvrt F:\WINDOWS\system32\drivers\aswRvrt.sys
07:26:33.0937 0x0fa8 aswRvrt - ok
07:26:34.0093 0x0fa8 [ A148A36F871BFDBF80654D28D6B59FAE, BA7B127D2B64EF969D0C040589CB740E068DF7CE8B964B3CABB7511BCD389DC5 ] aswSnx F:\WINDOWS\system32\drivers\aswSnx.sys
07:26:34.0125 0x0fa8 aswSnx - ok
07:26:34.0234 0x0fa8 [ EBD3B15E2E01EE94BA5262FAFC691A8E, F58A08B5467FCF527DC97E000496284584DFF890AAC3E19BC650FF160DD2EA79 ] aswSP F:\WINDOWS\system32\drivers\aswSP.sys
07:26:34.0265 0x0fa8 aswSP - ok
07:26:34.0328 0x0fa8 [ AF01CD260A9EF60B09029C9F5EF99040, C74A94598DC8DBD3AB13E43A60ED12698A121332446867FC3B75745626E0B7CB ] aswTdi F:\WINDOWS\system32\drivers\aswTdi.sys
07:26:34.0328 0x0fa8 aswTdi - ok
07:26:34.0406 0x0fa8 [ B2D7EE52633CA8831DDAFCA81C2D46C3, 017C6C376520380F29AF465F1464C3652D421C4B873B7AC2647498F356032361 ] aswVmm F:\WINDOWS\system32\drivers\aswVmm.sys
07:26:34.0406 0x0fa8 aswVmm - ok
07:26:34.0468 0x0fa8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac F:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:26:34.0468 0x0fa8 AsyncMac - ok
07:26:34.0515 0x0fa8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi F:\WINDOWS\system32\DRIVERS\atapi.sys
07:26:34.0515 0x0fa8 atapi - ok
07:26:34.0546 0x0fa8 Atdisk - ok
07:26:34.0609 0x0fa8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc F:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:26:34.0609 0x0fa8 Atmarpc - ok
07:26:34.0687 0x0fa8 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv F:\WINDOWS\System32\audiosrv.dll
07:26:34.0687 0x0fa8 AudioSrv - ok
07:26:34.0750 0x0fa8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub F:\WINDOWS\system32\DRIVERS\audstub.sys
07:26:34.0750 0x0fa8 audstub - ok
07:26:34.0984 0x0fa8 [ 37D17AE2936867F88EB3C4CBCBC6B8A1, E1F4D288CE1E5482A5594C8F9EEDE1E8134466F5E0C7DA32D88985497CD8588B ] avast! Antivirus F:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:26:35.0000 0x0fa8 avast! Antivirus - ok
07:26:35.0109 0x0fa8 [ 9B281F5F673CBC5B9EC886D59E0B4F26, 1A4F16705EA6F5283D476C3C4C1F62AA4305A1FB7B9A63D02B41DBD3D8E6DF92 ] bdfsfltr F:\WINDOWS\system32\drivers\bdfsfltr.sys
07:26:35.0109 0x0fa8 bdfsfltr - ok
07:26:35.0187 0x0fa8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep F:\WINDOWS\system32\drivers\Beep.sys
07:26:35.0187 0x0fa8 Beep - ok
07:26:35.0281 0x0fa8 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS F:\WINDOWS\system32\qmgr.dll
07:26:35.0328 0x0fa8 BITS - ok
07:26:35.0453 0x0fa8 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service F:\Program Files\Bonjour\mDNSResponder.exe
07:26:35.0468 0x0fa8 Bonjour Service - ok
07:26:35.0546 0x0fa8 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser F:\WINDOWS\System32\browser.dll
07:26:35.0578 0x0fa8 Browser - ok
07:26:35.0640 0x0fa8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k F:\WINDOWS\system32\drivers\cbidf2k.sys
07:26:35.0640 0x0fa8 cbidf2k - ok
07:26:35.0718 0x0fa8 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE F:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:26:35.0718 0x0fa8 CCDECODE - ok
07:26:35.0750 0x0fa8 cd20xrnt - ok
07:26:35.0812 0x0fa8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio F:\WINDOWS\system32\drivers\Cdaudio.sys
07:26:35.0812 0x0fa8 Cdaudio - ok
07:26:35.0875 0x0fa8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs F:\WINDOWS\system32\drivers\Cdfs.sys
07:26:35.0875 0x0fa8 Cdfs - ok
07:26:35.0921 0x0fa8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom F:\WINDOWS\system32\DRIVERS\cdrom.sys
07:26:35.0921 0x0fa8 Cdrom - ok
07:26:35.0968 0x0fa8 Changer - ok
07:26:36.0093 0x0fa8 [ F9894A04E543D02539A4DB58BC44D5CF, 1B61581DFC78E2923E898DABCE295E7CF4F854CA17A91A97B6E73364FB701B13 ] chromoting F:\Program Files\Google\Chrome Remote Desktop\34.0.1847.86\remoting_host.exe
07:26:36.0125 0x0fa8 chromoting - ok
07:26:36.0187 0x0fa8 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc F:\WINDOWS\system32\cisvc.exe
07:26:36.0218 0x0fa8 CiSvc - ok
07:26:36.0250 0x0fa8 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv F:\WINDOWS\system32\clipsrv.exe
07:26:36.0250 0x0fa8 ClipSrv - ok
07:26:36.0359 0x0fa8 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:26:36.0375 0x0fa8 clr_optimization_v2.0.50727_32 - ok
07:26:36.0625 0x0fa8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:26:36.0640 0x0fa8 clr_optimization_v4.0.30319_32 - ok
07:26:36.0671 0x0fa8 CmdIde - ok
07:26:36.0703 0x0fa8 COMSysApp - ok
07:26:36.0781 0x0fa8 Cpqarray - ok
07:26:36.0843 0x0fa8 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc F:\WINDOWS\System32\cryptsvc.dll
07:26:36.0859 0x0fa8 CryptSvc - ok
07:26:36.0937 0x0fa8 [ CB6FF7012BB5D59D7C12350DB795CE1F, D0C614B206B69EBE735CFB158703730B42A72A46F6808D0D1C7385E3C1434AC5 ] ctxusbm F:\WINDOWS\system32\DRIVERS\ctxusbm.sys
07:26:36.0937 0x0fa8 ctxusbm - ok
07:26:36.0984 0x0fa8 dac2w2k - ok
07:26:37.0015 0x0fa8 dac960nt - ok
07:26:37.0093 0x0fa8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch F:\WINDOWS\system32\rpcss.dll
07:26:37.0125 0x0fa8 DcomLaunch - ok
07:26:37.0203 0x0fa8 [ 65C7122D1115A4E1DB3E8C11DF919A40, 1F26A0AE6F8C2F758C926EDF8F550539485C2611DF8C2EB24DA607A578C71CE6 ] DefragFS F:\WINDOWS\system32\drivers\DefragFS.sys
07:26:37.0218 0x0fa8 DefragFS - ok
07:26:37.0296 0x0fa8 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp F:\WINDOWS\System32\dhcpcsvc.dll
07:26:37.0375 0x0fa8 Dhcp - ok
07:26:37.0468 0x0fa8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk F:\WINDOWS\system32\DRIVERS\disk.sys
07:26:37.0468 0x0fa8 Disk - ok
07:26:37.0515 0x0fa8 dmadmin - ok
07:26:37.0625 0x0fa8 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot F:\WINDOWS\system32\drivers\dmboot.sys
07:26:37.0656 0x0fa8 dmboot - ok
07:26:37.0750 0x0fa8 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio F:\WINDOWS\system32\drivers\dmio.sys
07:26:37.0750 0x0fa8 dmio - ok
07:26:37.0812 0x0fa8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload F:\WINDOWS\system32\drivers\dmload.sys
07:26:37.0812 0x0fa8 dmload - ok
07:26:37.0890 0x0fa8 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver F:\WINDOWS\System32\dmserver.dll
07:26:37.0890 0x0fa8 dmserver - ok
07:26:37.0953 0x0fa8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic F:\WINDOWS\system32\drivers\DMusic.sys
07:26:37.0953 0x0fa8 DMusic - ok
07:26:38.0015 0x0fa8 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache F:\WINDOWS\System32\dnsrslvr.dll
07:26:38.0015 0x0fa8 Dnscache - ok
07:26:38.0093 0x0fa8 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc F:\WINDOWS\System32\dot3svc.dll
07:26:38.0109 0x0fa8 Dot3svc - ok
07:26:38.0140 0x0fa8 dpti2o - ok
07:26:38.0218 0x0fa8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud F:\WINDOWS\system32\drivers\drmkaud.sys
07:26:38.0218 0x0fa8 drmkaud - ok
07:26:38.0296 0x0fa8 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost F:\WINDOWS\System32\eapsvc.dll
07:26:38.0296 0x0fa8 EapHost - ok
07:26:38.0359 0x0fa8 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc F:\WINDOWS\System32\ersvc.dll
07:26:38.0375 0x0fa8 ERSvc - ok
07:26:38.0437 0x0fa8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog F:\WINDOWS\system32\services.exe
07:26:38.0593 0x0fa8 Eventlog - ok
07:26:38.0671 0x0fa8 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem F:\WINDOWS\System32\es.dll
07:26:38.0687 0x0fa8 EventSystem - ok
07:26:38.0765 0x0fa8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat F:\WINDOWS\system32\drivers\Fastfat.sys
07:26:38.0781 0x0fa8 Fastfat - ok
07:26:38.0859 0x0fa8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility F:\WINDOWS\System32\shsvcs.dll
07:26:38.0875 0x0fa8 FastUserSwitchingCompatibility - ok
07:26:38.0937 0x0fa8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc F:\WINDOWS\system32\DRIVERS\fdc.sys
07:26:38.0953 0x0fa8 Fdc - ok
07:26:39.0000 0x0fa8 [ E9648254056BCE81A85380C0C3647DC4, AE58F498BD1C33360FE3BB9EA22C13EA562206B68E7946B587CB5A6DF94586A1 ] FETNDIS F:\WINDOWS\system32\DRIVERS\fetnd5.sys
07:26:39.0015 0x0fa8 FETNDIS - ok
07:26:39.0078 0x0fa8 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips F:\WINDOWS\system32\drivers\Fips.sys
07:26:39.0078 0x0fa8 Fips - ok
07:26:39.0125 0x0fa8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk F:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:26:39.0140 0x0fa8 Flpydisk - ok
07:26:39.0203 0x0fa8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr F:\WINDOWS\system32\drivers\fltmgr.sys
07:26:39.0203 0x0fa8 FltMgr - ok
07:26:39.0359 0x0fa8 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:26:39.0359 0x0fa8 FontCache3.0.0.0 - ok
07:26:39.0421 0x0fa8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec F:\WINDOWS\system32\drivers\Fs_Rec.sys
07:26:39.0421 0x0fa8 Fs_Rec - ok
07:26:39.0468 0x0fa8 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk F:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:26:39.0484 0x0fa8 Ftdisk - ok
07:26:39.0546 0x0fa8 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM F:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:26:39.0546 0x0fa8 GEARAspiWDM - ok
07:26:39.0609 0x0fa8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc F:\WINDOWS\system32\DRIVERS\msgpc.sys
07:26:39.0640 0x0fa8 Gpc - ok
07:26:39.0718 0x0fa8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate F:\Program Files\Google\Update\GoogleUpdate.exe
07:26:39.0734 0x0fa8 gupdate - ok
07:26:39.0796 0x0fa8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem F:\Program Files\Google\Update\GoogleUpdate.exe
07:26:39.0796 0x0fa8 gupdatem - ok
07:26:39.0890 0x0fa8 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:26:39.0906 0x0fa8 gusvc - ok
07:26:40.0000 0x0fa8 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc F:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:26:40.0015 0x0fa8 helpsvc - ok
07:26:40.0093 0x0fa8 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc F:\WINDOWS\System32\kmsvc.dll
07:26:40.0093 0x0fa8 hkmsvc - ok
07:26:40.0140 0x0fa8 hpn - ok
07:26:40.0203 0x0fa8 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP F:\WINDOWS\system32\Drivers\HTTP.sys
07:26:40.0218 0x0fa8 HTTP - ok
07:26:40.0281 0x0fa8 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter F:\WINDOWS\System32\w3ssl.dll
07:26:40.0296 0x0fa8 HTTPFilter - ok
07:26:40.0343 0x0fa8 i2omgmt - ok
07:26:40.0375 0x0fa8 i2omp - ok
07:26:40.0453 0x0fa8 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt F:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:26:40.0453 0x0fa8 i8042prt - ok
07:26:40.0531 0x0fa8 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:26:40.0531 0x0fa8 IDriverT - ok
07:26:40.0718 0x0fa8 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:26:40.0750 0x0fa8 idsvc - ok
07:26:40.0859 0x0fa8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi F:\WINDOWS\system32\DRIVERS\imapi.sys
07:26:40.0859 0x0fa8 Imapi - ok
07:26:40.0937 0x0fa8 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService F:\WINDOWS\System32\imapi.exe
07:26:40.0968 0x0fa8 ImapiService - ok
07:26:41.0015 0x0fa8 ini910u - ok
07:26:41.0093 0x0fa8 IntelIde - ok
07:26:41.0156 0x0fa8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw F:\WINDOWS\system32\drivers\ip6fw.sys
07:26:41.0156 0x0fa8 ip6fw - ok
07:26:41.0218 0x0fa8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver F:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:26:41.0218 0x0fa8 IpFilterDriver - ok
07:26:41.0296 0x0fa8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp F:\WINDOWS\system32\DRIVERS\ipinip.sys
07:26:41.0296 0x0fa8 IpInIp - ok
07:26:41.0359 0x0fa8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat F:\WINDOWS\system32\DRIVERS\ipnat.sys
07:26:41.0359 0x0fa8 IpNat - ok
07:26:41.0500 0x0fa8 [ 463790AEF94D8EAB674631257F53252E, A02972457F45AD6816CB5F60DE4CD15D68256695FA0F3E4EAD6F9E36CBE54576 ] iPod Service F:\Program Files\iPod\bin\iPodService.exe
07:26:41.0531 0x0fa8 iPod Service - ok
07:26:41.0578 0x0fa8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec F:\WINDOWS\system32\DRIVERS\ipsec.sys
07:26:41.0593 0x0fa8 IPSec - ok
07:26:41.0656 0x0fa8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM F:\WINDOWS\system32\DRIVERS\irenum.sys
07:26:41.0671 0x0fa8 IRENUM - ok
07:26:41.0734 0x0fa8 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp F:\WINDOWS\system32\DRIVERS\isapnp.sys
07:26:41.0734 0x0fa8 isapnp - ok
07:26:41.0796 0x0fa8 [ 8F1BA487B35F0C8F637E05113AA815F8, ADD27A92A56D271BD841B303E1813D8449158E683BAC595B8E5B5E145F7693AE ] itchfltr F:\WINDOWS\system32\DRIVERS\itchfltr.sys
07:26:41.0796 0x0fa8 itchfltr - ok
07:26:41.0843 0x0fa8 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass F:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:26:41.0859 0x0fa8 Kbdclass - ok
07:26:41.0890 0x0fa8 kednl6 - ok
07:26:41.0968 0x0fa8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer F:\WINDOWS\system32\drivers\kmixer.sys
07:26:41.0984 0x0fa8 kmixer - ok
07:26:42.0046 0x0fa8 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD F:\WINDOWS\system32\drivers\KSecDD.sys
07:26:42.0046 0x0fa8 KSecDD - ok
07:26:42.0140 0x0fa8 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver F:\WINDOWS\System32\srvsvc.dll
07:26:42.0156 0x0fa8 lanmanserver - ok
07:26:42.0218 0x0fa8 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation F:\WINDOWS\System32\wkssvc.dll
07:26:42.0234 0x0fa8 lanmanworkstation - ok
07:26:42.0281 0x0fa8 lbrtfdc - ok
07:26:42.0375 0x0fa8 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts F:\WINDOWS\System32\lmhsvc.dll
07:26:42.0390 0x0fa8 LmHosts - ok
07:26:42.0484 0x0fa8 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger F:\WINDOWS\System32\msgsvc.dll
07:26:42.0484 0x0fa8 Messenger - ok
07:26:42.0546 0x0fa8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd F:\WINDOWS\system32\drivers\mnmdd.sys
07:26:42.0562 0x0fa8 mnmdd - ok
07:26:42.0625 0x0fa8 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc F:\WINDOWS\System32\mnmsrvc.exe
07:26:42.0640 0x0fa8 mnmsrvc - ok
07:26:42.0718 0x0fa8 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem F:\WINDOWS\system32\drivers\Modem.sys
07:26:42.0734 0x0fa8 Modem - ok
07:26:42.0765 0x0fa8 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass F:\WINDOWS\system32\DRIVERS\mouclass.sys
07:26:42.0781 0x0fa8 Mouclass - ok
07:26:42.0828 0x0fa8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr F:\WINDOWS\system32\drivers\MountMgr.sys
07:26:42.0828 0x0fa8 MountMgr - ok
07:26:42.0890 0x0fa8 [ E1B6FCAE82474FC071155263E2841D54, 341E2CEB1A86586730130311C4FAF86851151D5F08EF915A5F89B6C4094AE1F4 ] MozillaMaintenance F:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:26:42.0890 0x0fa8 MozillaMaintenance - ok
07:26:42.0937 0x0fa8 mraid35x - ok
07:26:43.0031 0x0fa8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV F:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:26:43.0031 0x0fa8 MRxDAV - ok
07:26:43.0140 0x0fa8 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb F:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:26:43.0156 0x0fa8 MRxSmb - ok
07:26:43.0234 0x0fa8 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC F:\WINDOWS\System32\msdtc.exe
07:26:43.0234 0x0fa8 MSDTC - ok
07:26:43.0343 0x0fa8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs F:\WINDOWS\system32\drivers\Msfs.sys
07:26:43.0343 0x0fa8 Msfs - ok
07:26:43.0375 0x0fa8 MSIServer - ok
07:26:43.0421 0x0fa8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV F:\WINDOWS\system32\drivers\MSKSSRV.sys
07:26:43.0437 0x0fa8 MSKSSRV - ok
07:26:43.0515 0x0fa8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK F:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:26:43.0515 0x0fa8 MSPCLOCK - ok
07:26:43.0578 0x0fa8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM F:\WINDOWS\system32\drivers\MSPQM.sys
07:26:43.0578 0x0fa8 MSPQM - ok

keithy397 · 2014/05/12

Final Part
07:26:43.0640 0x0fa8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios F:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:26:43.0656 0x0fa8 mssmbios - ok
07:26:43.0750 0x0fa8 MSSQL$SQLEXPRESS - ok
07:26:43.0875 0x0fa8 [ ADAF062116B4E6D96E44D26486A87AF6, 1A2EE7C4598E8442F24A5C97FEBF7AC6A20703F7EA9097B6E48BE4A05E231D8C ] MSSQLServerADHelper F:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
07:26:43.0890 0x0fa8 MSSQLServerADHelper - ok
07:26:43.0937 0x0fa8 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE F:\WINDOWS\system32\drivers\MSTEE.sys
07:26:43.0937 0x0fa8 MSTEE - ok
07:26:44.0031 0x0fa8 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup F:\WINDOWS\system32\drivers\Mup.sys
07:26:44.0031 0x0fa8 Mup - ok
07:26:44.0109 0x0fa8 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC F:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:26:44.0125 0x0fa8 NABTSFEC - ok
07:26:44.0203 0x0fa8 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent F:\WINDOWS\System32\qagentrt.dll
07:26:44.0234 0x0fa8 napagent - ok
07:26:44.0296 0x0fa8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS F:\WINDOWS\system32\drivers\NDIS.sys
07:26:44.0312 0x0fa8 NDIS - ok
07:26:44.0359 0x0fa8 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP F:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:26:44.0359 0x0fa8 NdisIP - ok
07:26:44.0421 0x0fa8 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi F:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:26:44.0421 0x0fa8 NdisTapi - ok
07:26:44.0484 0x0fa8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio F:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:26:44.0500 0x0fa8 Ndisuio - ok
07:26:44.0546 0x0fa8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan F:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:26:44.0546 0x0fa8 NdisWan - ok
07:26:44.0593 0x0fa8 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy F:\WINDOWS\system32\drivers\NDProxy.sys
07:26:44.0593 0x0fa8 NDProxy - ok
07:26:44.0671 0x0fa8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS F:\WINDOWS\system32\DRIVERS\netbios.sys
07:26:44.0687 0x0fa8 NetBIOS - ok
07:26:44.0750 0x0fa8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT F:\WINDOWS\system32\DRIVERS\netbt.sys
07:26:44.0750 0x0fa8 NetBT - ok
07:26:44.0843 0x0fa8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE F:\WINDOWS\system32\netdde.exe
07:26:44.0859 0x0fa8 NetDDE - ok
07:26:44.0890 0x0fa8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm F:\WINDOWS\system32\netdde.exe
07:26:44.0906 0x0fa8 NetDDEdsdm - ok
07:26:44.0968 0x0fa8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon F:\WINDOWS\System32\lsass.exe
07:26:44.0984 0x0fa8 Netlogon - ok
07:26:45.0046 0x0fa8 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman F:\WINDOWS\System32\netman.dll
07:26:45.0078 0x0fa8 Netman - ok
07:26:45.0171 0x0fa8 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:26:45.0187 0x0fa8 NetTcpPortSharing - ok
07:26:45.0250 0x0fa8 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla F:\WINDOWS\System32\mswsock.dll
07:26:45.0265 0x0fa8 Nla - ok
07:26:45.0312 0x0fa8 nmwcdnsu - ok
07:26:45.0375 0x0fa8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs F:\WINDOWS\system32\drivers\Npfs.sys
07:26:45.0390 0x0fa8 Npfs - ok
07:26:45.0437 0x0fa8 [ 9131FE60ADFAB595C8DA53AD6A06AA31, 25284CAE27071FA4391765862A81F9BDFC5398ABF4CCF4E2DF5B0972CFE66E72 ] NPPTNT2 F:\WINDOWS\System32\npptNT2.sys
07:26:45.0453 0x0fa8 NPPTNT2 - ok
07:26:45.0546 0x0fa8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs F:\WINDOWS\system32\drivers\Ntfs.sys
07:26:45.0562 0x0fa8 Ntfs - ok
07:26:45.0625 0x0fa8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp F:\WINDOWS\System32\lsass.exe
07:26:45.0640 0x0fa8 NtLmSsp - ok
07:26:45.0734 0x0fa8 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc F:\WINDOWS\system32\ntmssvc.dll
07:26:45.0750 0x0fa8 NtmsSvc - ok
07:26:45.0812 0x0fa8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null F:\WINDOWS\system32\drivers\Null.sys
07:26:45.0812 0x0fa8 Null - ok
07:26:45.0968 0x0fa8 [ 71DBDC08DF86B80511E72953FA1AD6B0, 7E4D1BE7548FD9C0FDDA40B54F8728D8167230703009FCBF26F19871B7AA6C16 ] nv F:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:26:46.0031 0x0fa8 nv - ok
07:26:46.0125 0x0fa8 [ 5ED834603C36414B579979B3A9C90F54, 0FCDBCEC76935C0DCB8AAD6EA665EFF6249E7B0BA212EC9AFEBB64C5AD86E616 ] NVSvc F:\WINDOWS\System32\nvsvc32.exe
07:26:46.0140 0x0fa8 NVSvc - ok
07:26:46.0187 0x0fa8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt F:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:26:46.0203 0x0fa8 NwlnkFlt - ok
07:26:46.0234 0x0fa8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd F:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:26:46.0250 0x0fa8 NwlnkFwd - ok
07:26:46.0312 0x0fa8 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport F:\WINDOWS\system32\DRIVERS\parport.sys
07:26:46.0312 0x0fa8 Parport - ok
07:26:46.0359 0x0fa8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr F:\WINDOWS\system32\drivers\PartMgr.sys
07:26:46.0359 0x0fa8 PartMgr - ok
07:26:46.0421 0x0fa8 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm F:\WINDOWS\system32\drivers\ParVdm.sys
07:26:46.0421 0x0fa8 ParVdm - ok
07:26:46.0484 0x0fa8 [ FD2041E9BA03DB7764B2248F02475079, DECEED110524BF83B4097188BF24BF0DDE1CE838DF7748B0DC807ABE351EB20A ] pccsmcfd F:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
07:26:46.0484 0x0fa8 pccsmcfd - ok
07:26:46.0531 0x0fa8 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI F:\WINDOWS\system32\DRIVERS\pci.sys
07:26:46.0546 0x0fa8 PCI - ok
07:26:46.0578 0x0fa8 PCIDump - ok
07:26:46.0625 0x0fa8 PCIIde - ok
07:26:46.0703 0x0fa8 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia F:\WINDOWS\system32\drivers\Pcmcia.sys
07:26:46.0703 0x0fa8 Pcmcia - ok
07:26:46.0921 0x0fa8 [ 82D8354DB7CE7131FB939E8482DDF511, C5AD571BC4FF447A82496435D8643D2CF576FEA2A788954D702AC83F511ACF24 ] PDAgent F:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
07:26:46.0953 0x0fa8 PDAgent - ok
07:26:47.0000 0x0fa8 PDCOMP - ok
07:26:47.0203 0x0fa8 [ 3719DE4180E251AB91D8C183F2D949BF, A045FAB951F40EA94BF8E94209E8980D7A357D3B762CFFCEA3767B38246BDEAF ] PDEngine F:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
07:26:47.0234 0x0fa8 PDEngine - ok
07:26:47.0281 0x0fa8 PDFRAME - ok
07:26:47.0312 0x0fa8 PDRELI - ok
07:26:47.0359 0x0fa8 PDRFRAME - ok
07:26:47.0406 0x0fa8 perc2 - ok
07:26:47.0437 0x0fa8 perc2hib - ok
07:26:47.0546 0x0fa8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay F:\WINDOWS\system32\services.exe
07:26:47.0562 0x0fa8 PlugPlay - ok
07:26:47.0609 0x0fa8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent F:\WINDOWS\System32\lsass.exe
07:26:47.0625 0x0fa8 PolicyAgent - ok
07:26:47.0687 0x0fa8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport F:\WINDOWS\system32\DRIVERS\raspptp.sys
07:26:47.0687 0x0fa8 PptpMiniport - ok
07:26:47.0750 0x0fa8 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor F:\WINDOWS\system32\DRIVERS\processr.sys
07:26:47.0750 0x0fa8 Processor - ok
07:26:47.0781 0x0fa8 Profos - ok
07:26:47.0843 0x0fa8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage F:\WINDOWS\system32\lsass.exe
07:26:47.0859 0x0fa8 ProtectedStorage - ok
07:26:47.0906 0x0fa8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched F:\WINDOWS\system32\DRIVERS\psched.sys
07:26:47.0921 0x0fa8 PSched - ok
07:26:47.0984 0x0fa8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink F:\WINDOWS\system32\DRIVERS\ptilink.sys
07:26:47.0984 0x0fa8 Ptilink - ok
07:26:48.0031 0x0fa8 ql1080 - ok
07:26:48.0062 0x0fa8 Ql10wnt - ok
07:26:48.0093 0x0fa8 ql12160 - ok
07:26:48.0140 0x0fa8 ql1240 - ok
07:26:48.0171 0x0fa8 ql1280 - ok
07:26:48.0218 0x0fa8 RadialpointIDSDriver - ok
07:26:48.0296 0x0fa8 [ 2457250CA176E7FDE9C3D3B2C94341F0, 2DC9531E2BB5205CB24531AA8E88ECEF9AE457736AA7BDC961B378C1BFD34886 ] RadialpointIDSEH F:\WINDOWS\system32\drivers\AVGIDSEH.sys
07:26:48.0296 0x0fa8 RadialpointIDSEH - ok
07:26:48.0328 0x0fa8 RadialpointIDSFilter - ok
07:26:48.0359 0x0fa8 RadialpointIDSShim - ok
07:26:48.0406 0x0fa8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd F:\WINDOWS\system32\DRIVERS\rasacd.sys
07:26:48.0421 0x0fa8 RasAcd - ok
07:26:48.0484 0x0fa8 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto F:\WINDOWS\System32\rasauto.dll
07:26:48.0500 0x0fa8 RasAuto - ok
07:26:48.0578 0x0fa8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp F:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:26:48.0578 0x0fa8 Rasl2tp - ok
07:26:48.0656 0x0fa8 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan F:\WINDOWS\System32\rasmans.dll
07:26:48.0671 0x0fa8 RasMan - ok
07:26:48.0718 0x0fa8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe F:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:26:48.0718 0x0fa8 RasPppoe - ok
07:26:48.0781 0x0fa8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti F:\WINDOWS\system32\DRIVERS\raspti.sys
07:26:48.0781 0x0fa8 Raspti - ok
07:26:48.0859 0x0fa8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss F:\WINDOWS\system32\DRIVERS\rdbss.sys
07:26:48.0875 0x0fa8 Rdbss - ok
07:26:48.0937 0x0fa8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD F:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:26:48.0937 0x0fa8 RDPCDD - ok
07:26:49.0046 0x0fa8 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD F:\WINDOWS\system32\drivers\RDPWD.sys
07:26:49.0062 0x0fa8 RDPWD - ok
07:26:49.0140 0x0fa8 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr F:\WINDOWS\system32\sessmgr.exe
07:26:49.0156 0x0fa8 RDSessMgr - ok
07:26:49.0265 0x0fa8 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service F:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
07:26:49.0265 0x0fa8 RealNetworks Downloader Resolver Service - ok
07:26:49.0328 0x0fa8 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook F:\WINDOWS\system32\DRIVERS\redbook.sys
07:26:49.0343 0x0fa8 redbook - ok
07:26:49.0421 0x0fa8 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess F:\WINDOWS\System32\mprdim.dll
07:26:49.0421 0x0fa8 RemoteAccess - ok
07:26:49.0500 0x0fa8 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator F:\WINDOWS\System32\locator.exe
07:26:49.0515 0x0fa8 RpcLocator - ok
07:26:49.0578 0x0fa8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs F:\WINDOWS\system32\rpcss.dll
07:26:49.0609 0x0fa8 RpcSs - ok
07:26:49.0687 0x0fa8 [ B7E136986BB3DAC249A00E760281F0A9, 58B9E1B09FCA10615C182BED510F95FD1289F52E3BB1524CFF818C326579C74C ] RPPKT F:\WINDOWS\system32\DRIVERS\rp_pkt32.sys
07:26:49.0687 0x0fa8 RPPKT - ok
07:26:49.0750 0x0fa8 [ 750D83C39D60964B6BC2B8A75ED7A165, 3E0BAD42C05D6426C4D22B3A14629E142C3DAF2E48AD1B9F27B09FDD5BA240AF ] RPSKT F:\WINDOWS\system32\DRIVERS\rp_skt32.sys
07:26:49.0750 0x0fa8 RPSKT - ok
07:26:49.0843 0x0fa8 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP F:\WINDOWS\System32\rsvp.exe
07:26:49.0859 0x0fa8 RSVP - ok
07:26:49.0906 0x0fa8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs F:\WINDOWS\system32\lsass.exe
07:26:49.0921 0x0fa8 SamSs - ok
07:26:49.0968 0x0fa8 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV F:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:26:49.0968 0x0fa8 SASDIFSV - ok
07:26:50.0031 0x0fa8 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
07:26:50.0031 0x0fa8 SASKUTIL - ok
07:26:50.0109 0x0fa8 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr F:\WINDOWS\System32\SCardSvr.exe
07:26:50.0125 0x0fa8 SCardSvr - ok
07:26:50.0203 0x0fa8 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule F:\WINDOWS\system32\schedsvc.dll
07:26:50.0218 0x0fa8 Schedule - ok
07:26:50.0296 0x0fa8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv F:\WINDOWS\system32\DRIVERS\secdrv.sys
07:26:50.0296 0x0fa8 Secdrv - ok
07:26:50.0375 0x0fa8 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon F:\WINDOWS\System32\seclogon.dll
07:26:50.0390 0x0fa8 seclogon - ok
07:26:50.0437 0x0fa8 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS F:\WINDOWS\system32\sens.dll
07:26:50.0437 0x0fa8 SENS - ok
07:26:50.0500 0x0fa8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum F:\WINDOWS\system32\DRIVERS\serenum.sys
07:26:50.0500 0x0fa8 serenum - ok
07:26:50.0546 0x0fa8 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial F:\WINDOWS\system32\DRIVERS\serial.sys
07:26:50.0546 0x0fa8 Serial - ok
07:26:50.0750 0x0fa8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy F:\WINDOWS\system32\DRIVERS\sfloppy.sys
07:26:50.0750 0x0fa8 Sfloppy - ok
07:26:50.0828 0x0fa8 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess F:\WINDOWS\System32\ipnathlp.dll
07:26:50.0859 0x0fa8 SharedAccess - ok
07:26:50.0921 0x0fa8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection F:\WINDOWS\System32\shsvcs.dll
07:26:50.0937 0x0fa8 ShellHWDetection - ok
07:26:50.0984 0x0fa8 Simbad - ok
07:26:51.0046 0x0fa8 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP F:\WINDOWS\system32\DRIVERS\SLIP.sys
07:26:51.0046 0x0fa8 SLIP - ok
07:26:51.0156 0x0fa8 [ 088C0AF35D6FF62B48F19A23D91B1DA6, E64E924254C7D775C427BB0D505106A053A28C20A17F6E939A1FB2D120E20ACB ] SNPT513 F:\WINDOWS\system32\DRIVERS\snpt513.sys
07:26:51.0171 0x0fa8 SNPT513 - ok
07:26:51.0203 0x0fa8 Sparrow - ok
07:26:51.0265 0x0fa8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter F:\WINDOWS\system32\drivers\splitter.sys
07:26:51.0265 0x0fa8 splitter - ok
07:26:51.0343 0x0fa8 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler F:\WINDOWS\system32\spoolsv.exe
07:26:51.0343 0x0fa8 Spooler - ok
07:26:51.0453 0x0fa8 [ 6A74EEAEBB658B50F825DFBFD3331542, 4CD1637C04D4E8E81300981AF81DD52D684E1DDCBBC8AB79CFE12E1EDE7FB668 ] sptd F:\WINDOWS\system32\Drivers\sptd.sys
07:26:51.0453 0x0fa8 Suspicious file ( NoAccess ): F:\WINDOWS\system32\Drivers\sptd.sys. md5: 6A74EEAEBB658B50F825DFBFD3331542, sha256: 4CD1637C04D4E8E81300981AF81DD52D684E1DDCBBC8AB79CFE12E1EDE7FB668
07:26:51.0468 0x0fa8 sptd - detected LockedFile.Multi.Generic ( 1 )
07:26:51.0468 0x0fa8 sptd ( LockedFile.Multi.Generic ) - warning
07:26:54.0000 0x0fa8 [ 3612108D36EA74F6F9FC5005E88E353B, 643BB3DC5C5F7AAA57E770D6FB1416DF744631E46F401A2AE4699BF58516F26E ] SQLBrowser F:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
07:26:54.0000 0x0fa8 SQLBrowser - ok
07:26:54.0093 0x0fa8 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr F:\WINDOWS\system32\DRIVERS\sr.sys
07:26:54.0093 0x0fa8 sr - ok
07:26:54.0187 0x0fa8 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice F:\WINDOWS\System32\srsvc.dll
07:26:54.0203 0x0fa8 srservice - ok
07:26:54.0281 0x0fa8 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv F:\WINDOWS\system32\DRIVERS\srv.sys
07:26:54.0296 0x0fa8 Srv - ok
07:26:54.0390 0x0fa8 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV F:\WINDOWS\System32\ssdpsrv.dll
07:26:54.0406 0x0fa8 SSDPSRV - ok
07:26:54.0515 0x0fa8 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc F:\WINDOWS\system32\wiaservc.dll
07:26:54.0531 0x0fa8 stisvc - ok
07:26:54.0609 0x0fa8 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip F:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:26:54.0609 0x0fa8 streamip - ok
07:26:54.0656 0x0fa8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum F:\WINDOWS\system32\DRIVERS\swenum.sys
07:26:54.0656 0x0fa8 swenum - ok
07:26:54.0734 0x0fa8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi F:\WINDOWS\system32\drivers\swmidi.sys
07:26:54.0734 0x0fa8 swmidi - ok
07:26:54.0765 0x0fa8 SwPrv - ok
07:26:54.0843 0x0fa8 symc810 - ok
07:26:54.0875 0x0fa8 symc8xx - ok
07:26:54.0921 0x0fa8 sym_hi - ok
07:26:54.0953 0x0fa8 sym_u3 - ok
07:26:55.0000 0x0fa8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio F:\WINDOWS\system32\drivers\sysaudio.sys
07:26:55.0015 0x0fa8 sysaudio - ok
07:26:55.0093 0x0fa8 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog F:\WINDOWS\system32\smlogsvc.exe
07:26:55.0109 0x0fa8 SysmonLog - ok
07:26:55.0171 0x0fa8 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv F:\WINDOWS\System32\tapisrv.dll
07:26:55.0203 0x0fa8 TapiSrv - ok
07:26:55.0296 0x0fa8 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip F:\WINDOWS\system32\DRIVERS\tcpip.sys
07:26:55.0312 0x0fa8 Tcpip - ok
07:26:55.0390 0x0fa8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE F:\WINDOWS\system32\drivers\TDPIPE.sys
07:26:55.0406 0x0fa8 TDPIPE - ok
07:26:55.0453 0x0fa8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP F:\WINDOWS\system32\drivers\TDTCP.sys
07:26:55.0453 0x0fa8 TDTCP - ok
07:26:56.0062 0x0fa8 [ 97F6FFB8A305A77D25C6C0E07B71D252, 97C5FC73A250FC2016E29148A6A37E54BD74AE983D99AAF4890C059719C93EC2 ] TeamViewer9 F:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
07:26:56.0265 0x0fa8 TeamViewer9 - ok
07:26:56.0343 0x0fa8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD F:\WINDOWS\system32\DRIVERS\termdd.sys
07:26:56.0343 0x0fa8 TermDD - ok
07:26:56.0437 0x0fa8 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService F:\WINDOWS\System32\termsrv.dll
07:26:56.0468 0x0fa8 TermService - ok
07:26:56.0921 0x0fa8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes F:\WINDOWS\System32\shsvcs.dll
07:26:56.0937 0x0fa8 Themes - ok
07:26:56.0984 0x0fa8 TosIde - ok
07:26:57.0062 0x0fa8 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks F:\WINDOWS\system32\trkwks.dll
07:26:57.0078 0x0fa8 TrkWks - ok
07:26:57.0109 0x0fa8 Trufos - ok
07:26:57.0187 0x0fa8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs F:\WINDOWS\system32\drivers\Udfs.sys
07:26:57.0187 0x0fa8 Udfs - ok
07:26:57.0250 0x0fa8 ultra - ok
07:26:57.0328 0x0fa8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update F:\WINDOWS\system32\DRIVERS\update.sys
07:26:57.0343 0x0fa8 Update - ok
07:26:57.0421 0x0fa8 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost F:\WINDOWS\System32\upnphost.dll
07:26:57.0437 0x0fa8 upnphost - ok
07:26:57.0500 0x0fa8 upperdev - ok
07:26:57.0546 0x0fa8 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS F:\WINDOWS\System32\ups.exe
07:26:57.0562 0x0fa8 UPS - ok
07:26:57.0625 0x0fa8 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci F:\WINDOWS\system32\DRIVERS\usbehci.sys
07:26:57.0625 0x0fa8 usbehci - ok
07:26:57.0671 0x0fa8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub F:\WINDOWS\system32\DRIVERS\usbhub.sys
07:26:57.0687 0x0fa8 usbhub - ok
07:26:57.0765 0x0fa8 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint F:\WINDOWS\system32\DRIVERS\usbprint.sys
07:26:57.0765 0x0fa8 usbprint - ok
07:26:57.0843 0x0fa8 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan F:\WINDOWS\system32\DRIVERS\usbscan.sys
07:26:57.0843 0x0fa8 usbscan - ok
07:26:57.0921 0x0fa8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:26:57.0921 0x0fa8 USBSTOR - ok
07:26:57.0968 0x0fa8 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci F:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:26:57.0968 0x0fa8 usbuhci - ok
07:26:58.0046 0x0fa8 [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E, CFA47A71403419CA7C94333B4F7766DFC97C5DCDBC3AD1B106044B93C979A5C5 ] usb_rndisx F:\WINDOWS\system32\DRIVERS\usb8023x.sys
07:26:58.0046 0x0fa8 usb_rndisx - ok
07:26:58.0125 0x0fa8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave F:\WINDOWS\System32\drivers\vga.sys
07:26:58.0140 0x0fa8 VgaSave - ok
07:26:58.0203 0x0fa8 [ 0E3E3FAE3A0A58B8D936A8E841A17D16, 956CE2A9D527DFA7E6D1800B0EBFC05D2CC40EAA8FB5580BAF5B4607D19BB078 ] viaagp1 F:\WINDOWS\system32\DRIVERS\viaagp1.sys
07:26:58.0203 0x0fa8 viaagp1 - ok
07:26:58.0281 0x0fa8 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde F:\WINDOWS\system32\DRIVERS\viaide.sys
07:26:58.0296 0x0fa8 ViaIde - ok
07:26:58.0359 0x0fa8 [ A6FCCA426660D3FC5A5CB7C0623A257B, CDB97DCBC82525052F118964D1DE75CED63B47DED01799004D191AFB797981EE ] VIAudio F:\WINDOWS\system32\drivers\vinyl97.sys
07:26:58.0375 0x0fa8 VIAudio - ok
07:26:58.0453 0x0fa8 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap F:\WINDOWS\system32\drivers\VolSnap.sys
07:26:58.0453 0x0fa8 VolSnap - ok
07:26:58.0546 0x0fa8 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS F:\WINDOWS\System32\vssvc.exe
07:26:58.0562 0x0fa8 VSS - ok
07:26:58.0640 0x0fa8 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time F:\WINDOWS\System32\w32time.dll
07:26:58.0671 0x0fa8 W32Time - ok
07:26:58.0750 0x0fa8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp F:\WINDOWS\system32\DRIVERS\wanarp.sys
07:26:58.0765 0x0fa8 Wanarp - ok
07:26:58.0828 0x0fa8 [ A38370DF15EF4D1033ACB963E68570C5, D20237BDBC21CB207457839AA7206BA389A27D203D896AD0B4ADD673C1E7F6CE ] WBHWDOCT F:\WINDOWS\system32\drivers\WBHWDOCT.sys
07:26:58.0828 0x0fa8 WBHWDOCT - ok
07:26:58.0906 0x0fa8 [ A826E07DE3C43F352C049532F84A0260, 5B708030914A216C726639B0F12082A9063B2DC7BB47DBD87AEA6B7F51ECEE86 ] wceusbsh F:\WINDOWS\system32\DRIVERS\wceusbsh.sys
07:26:58.0921 0x0fa8 wceusbsh - ok
07:26:59.0000 0x0fa8 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000 F:\WINDOWS\system32\Drivers\wdf01000.sys
07:26:59.0046 0x0fa8 Wdf01000 - ok
07:26:59.0078 0x0fa8 WDICA - ok
07:26:59.0140 0x0fa8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud F:\WINDOWS\system32\drivers\wdmaud.sys
07:26:59.0156 0x0fa8 wdmaud - ok
07:26:59.0218 0x0fa8 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient F:\WINDOWS\System32\webclnt.dll
07:26:59.0234 0x0fa8 WebClient - ok
07:26:59.0406 0x0fa8 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt F:\WINDOWS\system32\wbem\WMIsvc.dll
07:26:59.0406 0x0fa8 winmgmt - ok
07:26:59.0531 0x0fa8 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN F:\WINDOWS\system32\MsPMSNSv.dll
07:26:59.0531 0x0fa8 WmdmPmSN - ok
07:26:59.0640 0x0fa8 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv F:\WINDOWS\System32\wbem\wmiapsrv.exe
07:26:59.0640 0x0fa8 WmiApSrv - ok
07:26:59.0781 0x0fa8 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc F:\Program Files\Windows Media Player\WMPNetwk.exe
07:26:59.0828 0x0fa8 WMPNetworkSvc - ok
07:26:59.0906 0x0fa8 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb F:\WINDOWS\system32\DRIVERS\wpdusb.sys
07:26:59.0906 0x0fa8 WpdUsb - ok
07:27:00.0140 0x0fa8 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 F:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:27:00.0171 0x0fa8 WPFFontCache_v0400 - ok
07:27:00.0281 0x0fa8 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc F:\WINDOWS\system32\wscsvc.dll
07:27:00.0296 0x0fa8 wscsvc - ok
07:27:00.0375 0x0fa8 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC F:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:27:00.0375 0x0fa8 WSTCODEC - ok
07:27:00.0437 0x0fa8 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv F:\WINDOWS\system32\wuauserv.dll
07:27:00.0453 0x0fa8 wuauserv - ok
07:27:00.0515 0x0fa8 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf F:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:27:00.0531 0x0fa8 WudfPf - ok
07:27:00.0578 0x0fa8 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd F:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:27:00.0593 0x0fa8 WudfRd - ok
07:27:00.0656 0x0fa8 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc F:\WINDOWS\System32\WUDFSvc.dll
07:27:00.0671 0x0fa8 WudfSvc - ok
07:27:00.0781 0x0fa8 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC F:\WINDOWS\System32\wzcsvc.dll
07:27:00.0812 0x0fa8 WZCSVC - ok
07:27:00.0890 0x0fa8 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov F:\WINDOWS\System32\xmlprov.dll
07:27:00.0906 0x0fa8 xmlprov - ok
07:27:00.0984 0x0fa8 ================ Scan global ===============================
07:27:01.0031 0x0fa8 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] F:\WINDOWS\system32\basesrv.dll
07:27:01.0109 0x0fa8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] F:\WINDOWS\system32\winsrv.dll
07:27:01.0187 0x0fa8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] F:\WINDOWS\system32\winsrv.dll
07:27:01.0265 0x0fa8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] F:\WINDOWS\system32\services.exe
07:27:01.0265 0x0fa8 [ Global ] - ok
07:27:01.0281 0x0fa8 ================ Scan MBR ==================================
07:27:01.0312 0x0fa8 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:27:01.0531 0x0fa8 \Device\Harddisk0\DR0 - ok
07:27:01.0562 0x0fa8 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
07:27:01.0578 0x0fa8 \Device\Harddisk1\DR1 - ok
07:27:01.0593 0x0fa8 ================ Scan VBR ==================================
07:27:01.0625 0x0fa8 [ 558FA4C5F4C7DAFCBC88D363F349DF77 ] \Device\Harddisk0\DR0\Partition1
07:27:01.0625 0x0fa8 \Device\Harddisk0\DR0\Partition1 - ok
07:27:01.0671 0x0fa8 [ 00038F898BFC127EF39BD7D166F7E2D8 ] \Device\Harddisk1\DR1\Partition1
07:27:01.0671 0x0fa8 \Device\Harddisk1\DR1\Partition1 - ok
07:27:01.0703 0x0fa8 AV detected via SS1: Virgin Media Security Anti-Virus, 9.0.34, disabled, updated
07:27:01.0718 0x0fa8 AV detected via SS1: avast! Antivirus, 5.0.150996962, enabled, updated
07:27:01.0718 0x0fa8 FW detected via SS1: Virgin Media Security Firewall, 9.0.34, disabled
07:27:01.0718 0x0fa8 Win FW state via NFM: enabled
07:27:04.0140 0x0fa8 ============================================================
07:27:04.0140 0x0fa8 Scan finished
07:27:04.0140 0x0fa8 ============================================================
07:27:04.0187 0x0188 Detected object count: 1
07:27:04.0187 0x0188 Actual detected object count: 1
07:27:49.0718 0x0188 sptd ( LockedFile.Multi.Generic ) - skipped by user
07:27:49.0718 0x0188 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

That's the lot!

broni · 2014/05/12

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.

Open the folder where the contents were unzipped and run mbar.exe

Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

Click on the Cleanup button to remove any threats and reboot if prompted to do so.

Wait while the system shuts down and the cleanup process is performed.

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

keithy397 · 2014/05/13

Ok. Firstly the MBAR scan found nothing.

The RogueKiller scan produced 2 reports plus I copied and pasted into Notepad as instructed.

First report is the one I copied:-
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Remove -- Date : 05/13/2014 08:46:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (f:\docume~1\alluse~1\applic~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll [x]) -> REPLACED ()

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Maxtor 6L080L0 +++++
--- User ---
[MBR] 6cceffbb90e0c73461bb3654a9545288
[BSP] 1348174d36f9938913e3cb795826c680 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78152 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD400BB-00DEA0 +++++
--- User ---
[MBR] 4c8b9b4119800753220bf3613e284938
[BSP] cfd9449fd86a8553eaccc74a6f3a0203 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38162 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_05132014_084616.txt >>
RKreport[0]_S_05132014_083751.txt

1st RogueKiller report:-
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Scan -- Date : 05/13/2014 08:37:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (f:\docume~1\alluse~1\applic~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll [x]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Maxtor 6L080L0 +++++
--- User ---
[MBR] 6cceffbb90e0c73461bb3654a9545288
[BSP] 1348174d36f9938913e3cb795826c680 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78152 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD400BB-00DEA0 +++++
--- User ---
[MBR] 4c8b9b4119800753220bf3613e284938
[BSP] cfd9449fd86a8553eaccc74a6f3a0203 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38162 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_05132014_083751.txt >>

2nd RogueKiller report:-
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Remove -- Date : 05/13/2014 08:46:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (f:\docume~1\alluse~1\applic~1\bitguard\271832~1.68\{16cdf~1\bitguard.dll [x]) -> REPLACED ()

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Maxtor 6L080L0 +++++
--- User ---
[MBR] 6cceffbb90e0c73461bb3654a9545288
[BSP] 1348174d36f9938913e3cb795826c680 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78152 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD400BB-00DEA0 +++++
--- User ---
[MBR] 4c8b9b4119800753220bf3613e284938
[BSP] cfd9449fd86a8553eaccc74a6f3a0203 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38162 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_05132014_084616.txt >>
RKreport[0]_S_05132014_083751.txt

Thanks again...

broni · 2014/05/13

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

keithy397 · 2014/05/14

Hi Broni, thanks for the above! ComboFix ran faultlessly and the here's the report :-

ComboFix 14-05-13.01 - Paul 14/05/2014 7:25.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.689 [GMT 1:00]
Running from: f:\documents and settings\Paul\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Virgin Media Security Anti-Virus *Disabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Virgin Media Security Firewall *Disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\documents and settings\All Users\Application Data\TEMP
f:\documents and settings\Paul\dds.com
f:\documents and settings\Paul\WINDOWS
f:\windows\system32\DEBUG.log
f:\windows\system32\dllcache\wmpvis.dll
f:\windows\system32\pthreadVC.dll
f:\windows\system32\SET250.tmp
f:\windows\system32\SET252.tmp
f:\windows\system32\SET25E.tmp
f:\windows\system32\SET30.tmp
f:\windows\system32\SET3B.tmp
f:\windows\system32\SET3C.tmp
f:\windows\system32\SET3D.tmp
f:\windows\system32\SET3E.tmp
f:\windows\system32\SET43.tmp
f:\windows\system32\SET4B.tmp
f:\windows\system32\SET4D.tmp
f:\windows\system32\system
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2014-04-14 to 2014-05-14 )))))))))))))))))))))))))))))))
.
.
2014-05-13 15:39 . 2014-05-13 15:36 145408 ----a-w- f:\windows\system32\javacpl.cpl
2014-05-13 15:37 . 2014-05-13 15:37 94632 ----a-w- f:\windows\system32\WindowsAccessBridge.dll
2014-05-13 07:56 . 2014-05-13 10:02 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-05-11 08:15 . 2014-05-13 07:56 107224 ----a-w- f:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-11 08:15 . 2014-05-13 07:55 52312 ----a-w- f:\windows\system32\drivers\mbamchameleon.sys
2014-05-11 08:15 . 2014-04-03 08:50 23256 ----a-w- f:\windows\system32\drivers\mbam.sys
2014-05-11 08:15 . 2014-05-11 08:15 -------- d-----w- f:\program files\Malwarebytes Anti-Malware
2014-05-07 06:42 . 2014-05-07 06:42 -------- d-----w- f:\program files\7-Zip
2014-04-30 13:56 . 2014-04-30 13:56 -------- d-----w- f:\documents and settings\Paul\Local Settings\Application Data\Opera Software
2014-04-30 13:56 . 2014-04-30 13:56 -------- d-----w- f:\documents and settings\Paul\Application Data\Opera Software
2014-04-30 13:56 . 2014-04-30 13:56 -------- d-----w- f:\program files\Opera
2014-04-30 13:53 . 2014-04-30 13:53 -------- d-----w- f:\program files\sweetpacks bundle uninstaller
2014-04-29 06:36 . 2014-04-29 06:36 -------- d-----w- f:\documents and settings\Paul\Application Data\DriverCure
2014-04-29 06:36 . 2014-04-29 06:36 -------- d-----w- f:\documents and settings\Paul\Application Data\ParetoLogic
2014-04-29 06:35 . 2014-05-07 09:02 -------- d-----w- f:\documents and settings\All Users\Application Data\ParetoLogic
2014-04-29 06:21 . 2014-04-30 09:24 -------- d-----w- f:\documents and settings\All Users\Application Data\BoostSoftware
2014-04-22 10:03 . 2014-04-22 10:03 -------- d-----w- f:\documents and settings\Paul\Application Data\addpcs
2014-04-22 09:52 . 2014-04-22 10:03 -------- d-----w- f:\program files\Temp File Cleaner
2014-04-22 08:04 . 2014-04-22 08:04 -------- d-----w- f:\program files\Clipdiary
2014-04-22 07:28 . 2014-04-22 07:31 -------- d-----w- f:\program files\MyPC Backup
2014-04-22 07:19 . 2014-05-13 14:07 -------- d-----w- f:\documents and settings\Paul\Application Data\Clipdiary
2014-04-20 09:32 . 2014-04-20 09:32 24184 ----a-w- f:\windows\system32\drivers\aswHwid.sys
2014-04-20 09:32 . 2014-04-20 09:32 43152 ----a-w- f:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 11:18 . 2012-10-30 18:00 692400 ----a-w- f:\windows\system32\FlashPlayerApp.exe
2014-04-29 11:18 . 2011-09-25 07:53 70832 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-20 09:32 . 2013-04-05 20:27 180632 ----a-w- f:\windows\system32\drivers\aswVmm.sys
2014-04-20 09:32 . 2013-04-05 20:27 49944 ----a-w- f:\windows\system32\drivers\aswRvrt.sys
2014-04-20 09:32 . 2013-04-05 20:27 67824 ----a-w- f:\windows\system32\drivers\aswMonFlt.sys
2014-04-20 09:32 . 2012-10-29 17:08 411552 ----a-w- f:\windows\system32\drivers\aswSP.sys
2014-04-20 09:32 . 2012-10-29 17:08 54832 ----a-w- f:\windows\system32\drivers\aswRdr.sys
2014-04-20 09:32 . 2012-10-29 17:08 57672 ----a-w- f:\windows\system32\drivers\aswTdi.sys
2014-04-20 09:32 . 2012-10-29 17:08 776976 ----a-w- f:\windows\system32\drivers\aswSnx.sys
2014-04-20 09:32 . 2012-10-29 17:07 271264 ----a-w- f:\windows\system32\aswBoot.exe
2014-03-06 17:59 . 2006-02-24 13:26 920064 ----a-w- f:\windows\system32\wininet.dll
2014-03-06 17:59 . 2003-03-31 12:00 43520 ----a-w- f:\windows\system32\licmgr10.dll
2014-03-06 17:59 . 2003-03-31 12:00 18944 ----a-w- f:\windows\system32\corpol.dll
2014-03-06 17:59 . 2003-03-31 12:00 1469440 ------w- f:\windows\system32\inetcpl.cpl
2014-03-06 00:46 . 2004-08-04 05:59 385024 ----a-w- f:\windows\system32\html.iec
2014-02-26 01:59 . 2014-04-02 16:00 13312 ------w- f:\windows\system32\xp_eos.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-20 09:32 260976 ----a-w- f:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 09:03 579400 ----a-w- f:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} "
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 09:03 579400 ----a-w- f:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} "
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 09:03 579400 ----a-w- f:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 09:03 579400 ----a-w- f:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 09:03 579400 ----a-w- f:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 09:03 579400 ----a-w- f:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent "= "f:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg "= "f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]
"GoogleDriveSync "= "f:\program files\Google\Drive\googledrivesync.exe" [2014-04-25 22415552]
"Gadwin PrintScreen "= "f:\documents and settings\Paul\My Documents\Other Programs\PrintScreen\PrintScreen.exe" [2012-05-30 1842384]
"clipdiary "= "f:\program files\Clipdiary\clipdiary.exe" [2007-05-22 208896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "f:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"zBrowser Launcher "= "f:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"ConnectionCenter "= "f:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"APSDaemon "= "f:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"QuickTime Task "= "f:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"AvastUI.exe "= "f:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-20 3873704]
"ZoomIt "= "f:\documents and settings\Paul\My Documents\Other Programs\Zoomit\ZoomIt.exe" [2009-10-20 551784]
"iTunesHelper "= "f:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"TkBellExe "= "f:\program files\Real\update\realsched.exe" [2014-04-10 295512]
"SunJavaUpdateSched "= "f:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "f:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
f:\documents and settings\Paul\Start Menu\Programs\Startup\
Locate32 Autorun.lnk - f:\documents and settings\Paul\My Documents\Other Programs\Locate32\locate32.exe /S [2012-10-10 1555456]
MedalFolders.lnk - f:\program files\MedalFolders\MedalFolders.exe [2012-10-31 1006080]
OpenOffice.org 3.4.1.lnk - f:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
Philips Media Manager.lnk - f:\program files\Philips\Media Manager\Philips Media Manager.exe -silent [2013-1-27 136704]
.
f:\documents and settings\All Users\Start Menu\Programs\Startup\
PhraseExpress.lnk - f:\program files\PhraseExpress\phraseexpress.exe [2012-12-1 21858600]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications "= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"f:\\Program Files\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"f:\\Program Files\\BitTornado\\btdownloadgui.exe "=
"f:\program files\Microsoft ActiveSync\rapimgr.exe "= f:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"f:\program files\Microsoft ActiveSync\wcescomm.exe "= f:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"f:\program files\Microsoft ActiveSync\WCESMgr.exe "= f:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"f:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"f:\\WINDOWS\\system32\\muzapp.exe "=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"f:\\Program Files\\TV-Browser\\tvbrowser.exe "=
"f:\\Program Files\\TV-Browser\\tvbrowser_noDD.exe "=
"f:\\Program Files\\Java\\jre7\\bin\\java.exe "=
"f:\\Program Files\\Java\\jre7\\bin\\javaw.exe "=
"f:\\Program Files\\iTunes\\iTunes.exe "=
"f:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe "=
"f:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe "=
"f:\\Program Files\\PhraseExpress\\PhraseExpress.exe "=
"f:\\Program Files\\Google\\Chrome Remote Desktop\\34.0.1847.86\\remoting_host.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP "= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP "= 6881:TCP:Blizzard Downloader: 6881
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 aswRvrt;avast! Revert;f:\windows\system32\drivers\aswRvrt.sys [05/04/2013 21:27 49944]
R0 aswVmm;avast! VM Monitor;f:\windows\system32\drivers\aswVmm.sys [05/04/2013 21:27 180632]
R0 RadialpointIDSEH;RadialpointIDSEH;f:\windows\system32\drivers\AVGIDSEH.sys [11/11/2010 12:04 25608]
R0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [09/07/2006 21:45 642560]
R1 aswSnx;aswSnx;f:\windows\system32\drivers\aswSnx.sys [29/10/2012 18:08 776976]
R1 aswSP;aswSP;f:\windows\system32\drivers\aswSP.sys [29/10/2012 18:08 411552]
R1 ctxusbm;Citrix USB Monitor Driver;f:\windows\system32\drivers\ctxusbm.sys [08/09/2009 19:13 65584]
R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;f:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 19:54 116608]
R2 aswHwid;avast! HardwareID;f:\windows\system32\drivers\aswHwid.sys [20/04/2014 10:32 24184]
R2 aswMonFlt;aswMonFlt;f:\windows\system32\drivers\aswMonFlt.sys [05/04/2013 21:27 67824]
R2 chromoting;Chrome Remote Desktop Service;f:\program files\Google\Chrome Remote Desktop\34.0.1847.86\remoting_host.exe [23/03/2014 11:53 50504]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;f:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [14/08/2013 15:19 39056]
R2 TeamViewer9;TeamViewer 9;f:\program files\TeamViewer\Version9\TeamViewer_Service.exe [29/04/2014 12:17 5024576]
S2 RadialpointIDSAgent;RadialpointIDSAgent; [x]
S3 kednl6;AVSearch service;\??\f:\windows\System32\kednl6.sys --> f:\windows\System32\kednl6.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys --> f:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 RadialpointIDSDriver;RadialpointIDSDriver;\??\f:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys --> f:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [?]
S3 RadialpointIDSFilter;RadialpointIDSFilter;\??\f:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys --> f:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [?]
S3 RadialpointIDSShim;RadialpointIDSShim;\??\f:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys --> f:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [?]
S3 SNPT513;PC Camera (6025 VGA);f:\windows\system32\drivers\snpt513.sys [14/05/2006 22:39 183040]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-14 f:\windows\Tasks\Adobe Flash Player Updater.job
- f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-30 11:18]
.
2014-05-09 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2014-05-14 f:\windows\Tasks\avast! Emergency Update.job
- f:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-20 09:31]
.
2014-05-14 f:\windows\Tasks\GoogleUpdateTaskMachineCore1cc5518eebf6b00.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 20:48]
.
2014-05-14 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 20:48]
.
2014-05-14 f:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- f:\windows\system32\xp_eos.exe [2014-04-02 01:59]
.
2014-05-08 f:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- f:\windows\system32\xp_eos.exe [2014-04-02 01:59]
.
2014-05-07 f:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-448539723-2139871995-725345543-1004.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - f:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\jf2v1cjf.default\
FF - prefs.js: browser.startup.homepage - google.co.uk
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
AddRemove-FastCAD - c:\program files\UNINST.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-14 07:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-2139871995-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2428)
f:\windows\system32\WININET.dll
f:\program files\TeamViewer\Version9\tv_w32.dll
f:\program files\Google\Drive\googledrivesync32.dll
f:\program files\Logitech\iTouch\iTchHk.dll
f:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
f:\program files\AVAST Software\Avast\AvastSvc.exe
f:\program files\Bonjour\mDNSResponder.exe
f:\program files\Java\jre7\bin\jqs.exe
f:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
f:\windows\System32\nvsvc32.exe
f:\program files\Citrix\ICA Client\wfcrun32.exe
f:\progra~1\MICROS~3\rapimgr.exe
f:\documents and settings\Paul\My Documents\Other Programs\Locate32\locate32.exe
f:\program files\Philips\Media Manager\Philips Media Manager.exe
f:\program files\OpenOffice.org 3\program\soffice.exe
f:\program files\OpenOffice.org 3\program\soffice.bin
f:\program files\iPod\bin\iPodService.exe
f:\program files\TeamViewer\Version9\TeamViewer.exe
f:\program files\TeamViewer\Version9\tv_w32.exe
.
**************************************************************************
.
Completion time: 2014-05-14 07:56:58 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-14 06:56
.
Pre-Run: 8,454,811,648 bytes free
Post-Run: 8,905,498,624 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 23B3483FEC50D6847A18C88BB2EBF8BF
671B81004FDD1588FA9ED1331C9CECA9

Thanks again.....

broni · 2014/05/14

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
SecCenter::
{5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
{80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}


File::
f:\windows\System32\kednl6.sys


Folder::
f:\program files\MyPC Backup
f:\program files\Virgin Media

Driver::
RadialpointIDSAgent
kednl6
RadialpointIDSDriver
RadialpointIDSFilter
RadialpointIDSShim

Registry::

ClearJavaCache::
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

keithy397 · 2014/05/15

Ok, no probs with your instructions. Here's the report:-

ComboFix 14-05-13.01 - Paul 15/05/2014 10:30:40.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.557 [GMT 1:00]
Running from: f:\documents and settings\Paul\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\Paul\My Documents\Internet Stuff\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"f:\windows\System32\kednl6.sys "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\_ctypes.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\_elementtree.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\_hashlib.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\_multiprocessing.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\_socket.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\_ssl.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\pyexpat.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\pysqlite2._sqlite.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\python27.dll
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\pythoncom27.dll
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\PyWinTypes27.dll
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\select.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\unicodedata.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\win32api.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\win32com.shell.shell.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\win32crypt.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\win32event.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\win32file.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\win32gui.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\win32inet.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\win32pdh.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\win32pipe.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\win32process.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\win32profile.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\win32security.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\win32ts.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\windows._lib_cacheinvalidation.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\wx._animate.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\wx._controls_.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\wx._core_.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\wx._gdi_.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\wx._html2.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\wx._misc_.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\wx._windows_.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\wx._wizard.pyd
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\wxbase294u_net_vc90.dll
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\wxbase294u_vc90.dll
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\wxmsw294u_adv_vc90.dll
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\wxmsw294u_core_vc90.dll
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\wxmsw294u_html_vc90.dll
f:\docume~1\Paul\LOCALS~1\Temp\_MEI31362\wxmsw294u_webview_vc90.dll
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\_ctypes.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\_elementtree.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\_hashlib.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\_multiprocessing.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\_socket.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\_ssl.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\pyexpat.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\pysqlite2._sqlite.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\python27.dll
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\pythoncom27.dll
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\PyWinTypes27.dll
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\select.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\unicodedata.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\win32api.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\win32com.shell.shell.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\win32crypt.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\win32event.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\win32file.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\win32gui.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\win32inet.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\win32pdh.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\win32pipe.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\win32process.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\win32profile.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\win32security.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\win32ts.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\windows._lib_cacheinvalidation.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\wx._animate.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\wx._controls_.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\wx._core_.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\wx._gdi_.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\wx._html2.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\wx._misc_.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\wx._windows_.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\wx._wizard.pyd
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\wxbase294u_net_vc90.dll
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\wxbase294u_vc90.dll
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\wxmsw294u_adv_vc90.dll
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\wxmsw294u_core_vc90.dll
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\wxmsw294u_html_vc90.dll
f:\documents and settings\Paul\Local Settings\Temp\_MEI31362\wxmsw294u_webview_vc90.dll
f:\program files\MyPC Backup
f:\program files\MyPC Backup\DEL_AWSSDK.dll
f:\program files\MyPC Backup\DEL_GetText.dll
f:\program files\MyPC Backup\DEL_MPCBClient.dll
f:\program files\MyPC Backup\DEL_MyPC Backup.exe
f:\program files\MyPC Backup\DEL_ObjectListView.dll
f:\program files\MyPC Backup\DEL_Shared Stack.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KEDNL6
-------\Legacy_RADIALPOINTIDSAGENT
-------\Legacy_RADIALPOINTIDSDRIVER
-------\Legacy_RADIALPOINTIDSFILTER
-------\Legacy_RADIALPOINTIDSSHIM
-------\Service_kednl6
-------\Service_RadialpointIDSAgent
-------\Service_RadialpointIDSDriver
-------\Service_RadialpointIDSFilter
-------\Service_RadialpointIDSShim
.
.
((((((((((((((((((((((((( Files Created from 2014-04-15 to 2014-05-15 )))))))))))))))))))))))))))))))
.
.
2014-05-13 15:39 . 2014-05-13 15:36 145408 ----a-w- f:\windows\system32\javacpl.cpl
2014-05-13 15:37 . 2014-05-13 15:37 94632 ----a-w- f:\windows\system32\WindowsAccessBridge.dll
2014-05-13 07:56 . 2014-05-13 10:02 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-05-11 08:15 . 2014-05-13 07:56 107224 ----a-w- f:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-11 08:15 . 2014-05-13 07:55 52312 ----a-w- f:\windows\system32\drivers\mbamchameleon.sys
2014-05-11 08:15 . 2014-04-03 08:50 23256 ----a-w- f:\windows\system32\drivers\mbam.sys
2014-05-11 08:15 . 2014-05-11 08:15 -------- d-----w- f:\program files\Malwarebytes Anti-Malware
2014-05-07 06:42 . 2014-05-07 06:42 -------- d-----w- f:\program files\7-Zip
2014-04-30 13:56 . 2014-04-30 13:56 -------- d-----w- f:\documents and settings\Paul\Local Settings\Application Data\Opera Software
2014-04-30 13:56 . 2014-04-30 13:56 -------- d-----w- f:\documents and settings\Paul\Application Data\Opera Software
2014-04-30 13:56 . 2014-04-30 13:56 -------- d-----w- f:\program files\Opera
2014-04-30 13:53 . 2014-04-30 13:53 -------- d-----w- f:\program files\sweetpacks bundle uninstaller
2014-04-29 06:36 . 2014-04-29 06:36 -------- d-----w- f:\documents and settings\Paul\Application Data\DriverCure
2014-04-29 06:36 . 2014-04-29 06:36 -------- d-----w- f:\documents and settings\Paul\Application Data\ParetoLogic
2014-04-29 06:35 . 2014-05-07 09:02 -------- d-----w- f:\documents and settings\All Users\Application Data\ParetoLogic
2014-04-29 06:21 . 2014-04-30 09:24 -------- d-----w- f:\documents and settings\All Users\Application Data\BoostSoftware
2014-04-22 10:03 . 2014-04-22 10:03 -------- d-----w- f:\documents and settings\Paul\Application Data\addpcs
2014-04-22 09:52 . 2014-04-22 10:03 -------- d-----w- f:\program files\Temp File Cleaner
2014-04-22 08:04 . 2014-04-22 08:04 -------- d-----w- f:\program files\Clipdiary
2014-04-22 07:19 . 2014-05-15 09:23 -------- d-----w- f:\documents and settings\Paul\Application Data\Clipdiary
2014-04-20 09:32 . 2014-04-20 09:32 24184 ----a-w- f:\windows\system32\drivers\aswHwid.sys
2014-04-20 09:32 . 2014-04-20 09:32 43152 ----a-w- f:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 09:56 . 2012-10-29 17:08 777488 ----a-w- f:\windows\system32\drivers\aswsnx.sys
2014-05-15 09:56 . 2012-10-29 17:08 54832 ----a-w- f:\windows\system32\drivers\aswrdr.sys
2014-05-15 09:56 . 2012-10-29 17:08 411680 ----a-w- f:\windows\system32\drivers\aswsp.sys
2014-05-14 11:18 . 2012-10-30 18:00 692400 ----a-w- f:\windows\system32\FlashPlayerApp.exe
2014-05-14 11:18 . 2011-09-25 07:53 70832 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-20 09:32 . 2013-04-05 20:27 180632 ----a-w- f:\windows\system32\drivers\aswVmm.sys
2014-04-20 09:32 . 2013-04-05 20:27 49944 ----a-w- f:\windows\system32\drivers\aswRvrt.sys
2014-04-20 09:32 . 2013-04-05 20:27 67824 ----a-w- f:\windows\system32\drivers\aswMonFlt.sys
2014-04-20 09:32 . 2012-10-29 17:08 411552 ----a-w- f:\windows\system32\drivers\aswsp.sys.1400147803375
2014-04-20 09:32 . 2012-10-29 17:08 54832 ----a-w- f:\windows\system32\drivers\aswrdr.sys.1400147803375
2014-04-20 09:32 . 2012-10-29 17:08 57672 ----a-w- f:\windows\system32\drivers\aswTdi.sys
2014-04-20 09:32 . 2012-10-29 17:08 776976 ----a-w- f:\windows\system32\drivers\aswsnx.sys.1400147803375
2014-04-20 09:32 . 2012-10-29 17:07 271264 ----a-w- f:\windows\system32\aswBoot.exe
2014-03-06 17:59 . 2006-02-24 13:26 920064 ----a-w- f:\windows\system32\wininet.dll
2014-03-06 17:59 . 2003-03-31 12:00 43520 ----a-w- f:\windows\system32\licmgr10.dll
2014-03-06 17:59 . 2003-03-31 12:00 18944 ----a-w- f:\windows\system32\corpol.dll
2014-03-06 17:59 . 2003-03-31 12:00 1469440 ------w- f:\windows\system32\inetcpl.cpl
2014-03-06 00:46 . 2004-08-04 05:59 385024 ----a-w- f:\windows\system32\html.iec
2014-02-26 01:59 . 2014-04-02 16:00 13312 ------w- f:\windows\system32\xp_eos.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-20 09:32 260976 ----a-w- f:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 09:03 579400 ----a-w- f:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} "
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 09:03 579400 ----a-w- f:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} "
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 09:03 579400 ----a-w- f:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 09:03 579400 ----a-w- f:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 09:03 579400 ----a-w- f:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@= "{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} "
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 09:03 579400 ----a-w- f:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent "= "f:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg "= "f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]
"GoogleDriveSync "= "f:\program files\Google\Drive\googledrivesync.exe" [2014-04-25 22415552]
"Gadwin PrintScreen "= "f:\documents and settings\Paul\My Documents\Other Programs\PrintScreen\PrintScreen.exe" [2012-05-30 1842384]
"clipdiary "= "f:\program files\Clipdiary\clipdiary.exe" [2007-05-22 208896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "f:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"zBrowser Launcher "= "f:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"ConnectionCenter "= "f:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"APSDaemon "= "f:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"QuickTime Task "= "f:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"AvastUI.exe "= "f:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-20 3873704]
"ZoomIt "= "f:\documents and settings\Paul\My Documents\Other Programs\Zoomit\ZoomIt.exe" [2009-10-20 551784]
"iTunesHelper "= "f:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"TkBellExe "= "f:\program files\Real\update\realsched.exe" [2014-04-10 295512]
"SunJavaUpdateSched "= "f:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "f:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
f:\documents and settings\Paul\Start Menu\Programs\Startup\
Locate32 Autorun.lnk - f:\documents and settings\Paul\My Documents\Other Programs\Locate32\locate32.exe /S [2012-10-10 1555456]
MedalFolders.lnk - f:\program files\MedalFolders\MedalFolders.exe [2012-10-31 1006080]
OpenOffice.org 3.4.1.lnk - f:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
Philips Media Manager.lnk - f:\program files\Philips\Media Manager\Philips Media Manager.exe -silent [2013-1-27 136704]
.
f:\documents and settings\All Users\Start Menu\Programs\Startup\
PhraseExpress.lnk - f:\program files\PhraseExpress\phraseexpress.exe [2012-12-1 21858600]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications "= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"f:\\Program Files\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"f:\\Program Files\\BitTornado\\btdownloadgui.exe "=
"f:\program files\Microsoft ActiveSync\rapimgr.exe "= f:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"f:\program files\Microsoft ActiveSync\wcescomm.exe "= f:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"f:\program files\Microsoft ActiveSync\WCESMgr.exe "= f:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"f:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"f:\\WINDOWS\\system32\\muzapp.exe "=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"f:\\Program Files\\TV-Browser\\tvbrowser.exe "=
"f:\\Program Files\\TV-Browser\\tvbrowser_noDD.exe "=
"f:\\Program Files\\Java\\jre7\\bin\\java.exe "=
"f:\\Program Files\\Java\\jre7\\bin\\javaw.exe "=
"f:\\Program Files\\iTunes\\iTunes.exe "=
"f:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe "=
"f:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe "=
"f:\\Program Files\\PhraseExpress\\PhraseExpress.exe "=
"f:\\Program Files\\Google\\Chrome Remote Desktop\\34.0.1847.86\\remoting_host.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP "= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP "= 6881:TCP:Blizzard Downloader: 6881
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 aswRvrt;avast! Revert;f:\windows\system32\drivers\aswRvrt.sys [05/04/2013 21:27 49944]
R0 aswVmm;avast! VM Monitor;f:\windows\system32\drivers\aswVmm.sys [05/04/2013 21:27 180632]
R0 RadialpointIDSEH;RadialpointIDSEH;f:\windows\system32\drivers\AVGIDSEH.sys [11/11/2010 12:04 25608]
R0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [09/07/2006 21:45 642560]
R1 aswSnx;aswSnx;f:\windows\system32\drivers\aswsnx.sys [29/10/2012 18:08 777488]
R1 aswSP;aswSP;f:\windows\system32\drivers\aswsp.sys [29/10/2012 18:08 411680]
R1 ctxusbm;Citrix USB Monitor Driver;f:\windows\system32\drivers\ctxusbm.sys [08/09/2009 19:13 65584]
R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;f:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 19:54 116608]
R2 aswHwid;avast! HardwareID;f:\windows\system32\drivers\aswHwid.sys [20/04/2014 10:32 24184]
R2 aswMonFlt;aswMonFlt;f:\windows\system32\drivers\aswMonFlt.sys [05/04/2013 21:27 67824]
R2 chromoting;Chrome Remote Desktop Service;f:\program files\Google\Chrome Remote Desktop\34.0.1847.86\remoting_host.exe [23/03/2014 11:53 50504]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;f:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [14/08/2013 15:19 39056]
R2 TeamViewer9;TeamViewer 9;f:\program files\TeamViewer\Version9\TeamViewer_Service.exe [29/04/2014 12:17 5024576]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;f:\windows\system32\drivers\nmwcdnsu.sys --> f:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 SNPT513;PC Camera (6025 VGA);f:\windows\system32\drivers\snpt513.sys [14/05/2006 22:39 183040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-15 f:\windows\Tasks\Adobe Flash Player Updater.job
- f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-30 11:18]
.
2014-05-09 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2014-05-15 f:\windows\Tasks\avast! Emergency Update.job
- f:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-20 09:31]
.
2014-05-15 f:\windows\Tasks\GoogleUpdateTaskMachineCore1cc5518eebf6b00.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 20:48]
.
2014-05-15 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 20:48]
.
2014-05-15 f:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- f:\windows\system32\xp_eos.exe [2014-04-02 01:59]
.
2014-05-08 f:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- f:\windows\system32\xp_eos.exe [2014-04-02 01:59]
.
2014-05-14 f:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-448539723-2139871995-725345543-1004.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - f:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\jf2v1cjf.default\
FF - prefs.js: browser.startup.homepage - google.co.uk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-15 10:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448539723-2139871995-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2212)
f:\windows\system32\WININET.dll
f:\program files\TeamViewer\Version9\tv_w32.dll
f:\program files\Google\Drive\googledrivesync32.dll
f:\program files\Logitech\iTouch\iTchHk.dll
f:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
f:\program files\AVAST Software\Avast\AvastSvc.exe
f:\program files\Bonjour\mDNSResponder.exe
f:\program files\Java\jre7\bin\jqs.exe
f:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
f:\windows\System32\nvsvc32.exe
f:\program files\Citrix\ICA Client\wfcrun32.exe
f:\progra~1\MICROS~3\rapimgr.exe
f:\documents and settings\Paul\My Documents\Other Programs\Locate32\locate32.exe
f:\program files\Philips\Media Manager\Philips Media Manager.exe
f:\program files\OpenOffice.org 3\program\soffice.exe
f:\program files\OpenOffice.org 3\program\soffice.bin
f:\program files\TeamViewer\Version9\TeamViewer.exe
f:\program files\TeamViewer\Version9\tv_w32.exe
.
**************************************************************************
.
Completion time: 2014-05-15 11:04:09 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-15 10:04
ComboFix2.txt 2014-05-14 06:57
.
Pre-Run: 8,715,247,616 bytes free
Post-Run: 8,638,840,832 bytes free
.
- - End Of File - - 35BA0C74BD2ECD3B7B6BC0BD20D7BDA6
671B81004FDD1588FA9ED1331C9CECA9

broni · 2014/05/15

Good.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

keithy397 · 2014/05/15

Here come the reports in the order of instructions in your previous post:-

# AdwCleaner v3.208 - Report created 15/05/2014 at 18:50:38
# Updated 11/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Paul - PC
# Running from : F:\Documents and Settings\Paul\Desktop\adwcleaner_3.208.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : F:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : F:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : F:\Program Files\PlaySushi
Folder Deleted : F:\Program Files\sweetpacks bundle uninstaller
Folder Deleted : F:\Program Files\VideoEgg
Folder Deleted : F:\Documents and Settings\Paul\Application Data\Babylon
Folder Deleted : F:\Documents and Settings\Paul\Application Data\DriverCure
Folder Deleted : F:\Documents and Settings\Paul\Application Data\ParetoLogic
Folder Deleted : F:\Documents and Settings\Paul\Application Data\Uniblue
Folder Deleted : F:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\jf2v1cjf.default\Extensions\isreaditlater@ideashower.com
Folder Deleted : F:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\jf2v1cjf.default\Extensions\savefileto@mozdev.org

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PSText.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKCU\Software\5d2d8dde538e544
Key Deleted : HKLM\SOFTWARE\5d2d8dde538e544
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\PlaySushi
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoEgg
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VideoEgg
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : F:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\jf2v1cjf.default\prefs.js ]

Line Deleted : user_pref( "extensions.textlinks@playsushi.com.install-event-fired ", true);

*************************

AdwCleaner[R0].txt - [4923 octets] - [15/05/2014 18:46:46]
AdwCleaner[S0].txt - [4960 octets] - [15/05/2014 18:50:38]

########## EOF - F:\AdwCleaner\AdwCleaner[S0].txt - [5020 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Paul on 15/05/2014 at 19:23:24.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-448539723-2139871995-725345543-1004\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{648748D3-83CC-44E3-9418-5445CA26535F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{764A8C5D-51F5-4C17-A951-B8AE4A018269}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{dec6d58c-0490-497d-970a-fca45aebe8e9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{dec6d58c-0490-497d-970a-fca45aebe8e9}

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [File] F:\Documents and Settings\Paul\Application Data\mozilla\firefox\profiles\jf2v1cjf.default\extensions\savefileto@mozdev.org.xpi [Tracur]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/05/2014 at 19:36:31.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log in or Sign up

Inactive Host Process Problems + MBAM logs

keithy397 Well-Known Member Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

keithy397 Well-Known Member Thread Starter

broni Moderator Malware Analyst

keithy397 Well-Known Member Thread Starter

Admin. Administrator Administrator Staff

keithy397 Well-Known Member Thread Starter

keithy397 Well-Known Member Thread Starter

keithy397 Well-Known Member Thread Starter

keithy397 Well-Known Member Thread Starter

keithy397 Well-Known Member Thread Starter

broni Moderator Malware Analyst

keithy397 Well-Known Member Thread Starter

broni Moderator Malware Analyst

keithy397 Well-Known Member Thread Starter

broni Moderator Malware Analyst

keithy397 Well-Known Member Thread Starter

broni Moderator Malware Analyst

keithy397 Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Inactive Host Process Problems + MBAM logs

keithy397 Well-Known Member Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

keithy397 Well-Known Member Thread Starter

broni Moderator Malware Analyst

keithy397 Well-Known Member Thread Starter

Admin. Administrator Administrator Staff

keithy397 Well-Known Member Thread Starter

keithy397 Well-Known Member Thread Starter

keithy397 Well-Known Member Thread Starter

keithy397 Well-Known Member Thread Starter

keithy397 Well-Known Member Thread Starter

broni Moderator Malware Analyst

keithy397 Well-Known Member Thread Starter

broni Moderator Malware Analyst

keithy397 Well-Known Member Thread Starter

broni Moderator Malware Analyst

keithy397 Well-Known Member Thread Starter

broni Moderator Malware Analyst

keithy397 Well-Known Member Thread Starter

Share This Page

Useful Searches