Jump to content

Help with some shady processes please!


Recommended Posts

*NOTE Sorry if this is in the wrong thread!*

My mum's laptop wass infected with something so her homepage on IE was a scam Bing 'Giveaway' and Chrome had pop-ups, I scanned with MBAM, found over 100 viruses, most of them being PUP Crossrider, babylon plus hd and Start Page. Hitman Pro found some leftovers, Ask.com toolbar, Couduit, SpeedUpMyPC and baby lon. AdwCleaner and junkware removal tool got rid of the rests, ESET online scanner found 2 trojans, 4 worms, 2 baby lon, 2 PUPs and 2 unsafe applications, TDSS killer found 1 virus. Emsisoft Emergecy Kit found 1 PUP and backdoor. Now, this got deleted and I don't get those stuff and the laptop is faster, but I still see 3 shady processes. Wuauclt.exe(Windows update is not even active!), wdfmgr.exe and wscntfy.exe. Is the laptop still infected?

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt




Please attach this file to your next reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014

Ran by Nedjo Baslac (administrator) on HOME-AMILO on 15-04-2014 16:33:12

Running from C:\Documents and Settings\Nedjo Baslac\My Documents

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE

(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE

(Lexmark International, Inc.) C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Lexmark International, Inc.) C:\Program Files\Lexmark X5100 Series\lxbabmon.exe

(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe

(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [] => [X]

HKLM\...\Run: [Lexmark X5100 Series] => C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe [86100 2003-03-04] (Lexmark International, Inc.)

HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)

HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-05] (AVAST Software)

HKU\S-1-5-21-1801674531-507921405-1547161642-1003\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [15360 2008-03-07] (Microsoft Corporation)

HKU\S-1-5-21-1801674531-507921405-1547161642-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-03-07] (Microsoft Corporation)

HKU\S-1-5-21-1801674531-507921405-1547161642-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

HKU\S-1-5-21-1801674531-507921405-1547161642-1003\...\MountPoints2: {8ab2e37e-185e-11e3-8615-00140b30d04c} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.rs/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM - DefaultScope value is missing.

BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Nedjo Baslac\Application Data\Mozilla\Firefox\Profiles\hfq8c0et.default

FF DefaultSearchEngine: Ask Search

FF SearchEngineOrder.1: Ask Search

FF SearchEngineOrder.3: Bing 

FF SelectedSearchEngine: Ask Search

FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Extension: KMP Media Toolbar - C:\Documents and Settings\Nedjo Baslac\Application Data\Mozilla\Firefox\Profiles\hfq8c0et.default\Extensions\toolbar_KMPV7@apn.ask.com.xpi [2013-10-09]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-05]

 

Chrome: 

=======

CHR Extension: (Google документи) - C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]

CHR Extension: (avast! Online Security) - C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-05]

CHR Extension: (Google новчаник) - C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-05]

 

========================== Services (Whitelisted) =================

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-05] (AVAST Software)

R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-02-28] (Lexmark International, Inc.)

R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [107624 2014-04-14] (RaMMicHaeL)

S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [488992 2006-03-23] (Atheros Communications, Inc.)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-05] (AVAST Software)

R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-04-05] (AVAST Software)

R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-05] ()

R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-04-05] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-04-05] (AVAST Software)

R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-05] (AVAST Software)

R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180760 2014-04-05] ()

R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-01] (AVG Technologies)

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-03-06] (Microsoft Corporation)

S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-04-05] (Emsisoft GmbH)

R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )

R3 HdAudAddService; C:\WINDOWS\System32\drivers\CHDAud.sys [594432 2006-08-24] (Conexant Systems Inc.)

R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [206976 2006-03-09] (Conexant Systems, Inc.)

R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [995712 2006-03-09] (Conexant Systems, Inc.)

S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-03-06] (Microsoft Corporation)

R3 S3GIGP; C:\WINDOWS\System32\DRIVERS\S3gIGPm.sys [634880 2006-11-15] (S3 Graphics Co., Ltd.)

S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35088 2013-04-30] (The OpenVPN Project)

S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-03-06] (Microsoft Corporation)

S4 IntelIde; No ImagePath

S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

U1 WS2IFSL; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-15 16:33 - 2014-04-15 16:33 - 00009582 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\FRST.txt

2014-04-15 16:32 - 2014-04-15 16:33 - 00000000 ____D () C:\FRST

2014-04-15 16:31 - 2014-04-15 16:32 - 01042944 _____ (Farbar) C:\Documents and Settings\Nedjo Baslac\My Documents\FRST.exe

2014-04-14 20:41 - 2014-04-14 20:41 - 135748352 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\setup_11.0.1.1245.x01_2014_04_14_20_12.exe

2014-04-14 18:41 - 2014-04-14 18:52 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\NPE

2014-04-14 18:41 - 2014-04-14 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton

2014-04-14 18:40 - 2014-04-14 18:40 - 03053496 ____N (Symantec Corporation) C:\Documents and Settings\Nedjo Baslac\My Documents\NPE.exe

2014-04-14 16:12 - 2014-04-14 16:12 - 00000596 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\JRT.txt

2014-04-14 15:48 - 2014-04-14 15:48 - 01016261 _____ (Thisisu) C:\Documents and Settings\Nedjo Baslac\My Documents\JRT.exe

2014-04-14 15:48 - 2014-04-14 15:48 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-04-14 14:28 - 2014-04-14 15:41 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor Web.evt

2014-04-14 14:28 - 2014-04-14 15:39 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Doctor Web

2014-04-14 14:16 - 2014-04-14 14:25 - 146408624 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\h6z39t6y.exe

2014-04-14 14:02 - 2014-04-14 14:02 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-04-14 14:00 - 2014-04-14 14:00 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Nedjo Baslac\My Documents\tdsskiller.exe

2014-04-12 13:35 - 2014-04-12 13:35 - 00000000 _RSHD () C:\Win

2014-04-12 08:44 - 2014-04-12 08:44 - 00001688 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\Skype.lnk

2014-04-09 15:38 - 2014-04-09 15:38 - 00000000 ____D () C:\Program Files\ESET

2014-04-08 14:02 - 2014-04-08 14:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2014-04-08 14:00 - 2014-04-08 14:32 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Desktop\mbar

2014-04-05 19:37 - 2014-04-05 19:37 - 00000815 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\Launch Internet Explorer Browser.lnk

2014-04-05 19:33 - 2014-04-11 13:38 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2014-04-05 19:33 - 2014-04-05 19:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

2014-04-05 19:31 - 2014-04-15 16:29 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-05 19:31 - 2014-04-15 13:36 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-05 19:31 - 2014-04-05 19:31 - 00884680 _____ (Google Inc.) C:\Documents and Settings\Nedjo Baslac\My Documents\ChromeSetup.exe

2014-04-05 19:17 - 2014-04-05 19:17 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

2014-04-05 19:17 - 2014-04-05 19:17 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Application Data\AVAST Software

2014-04-05 19:17 - 2014-04-05 19:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast

2014-04-05 19:16 - 2014-04-15 16:30 - 00000376 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job

2014-04-05 19:16 - 2014-04-05 19:16 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2014-04-05 19:16 - 2014-04-05 19:16 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2014-04-05 19:16 - 2014-04-05 19:16 - 00180760 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys

2014-04-05 19:16 - 2014-04-05 19:16 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2014-04-05 19:16 - 2014-04-05 19:16 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys

2014-04-05 19:16 - 2014-04-05 19:16 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys

2014-04-05 19:16 - 2014-04-05 19:16 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys

2014-04-05 19:16 - 2014-04-05 19:16 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2014-04-05 19:12 - 2014-04-05 19:14 - 88551496 _____ (AVAST Software) C:\Documents and Settings\Nedjo Baslac\My Documents\avast_free_antivirus_setup.exe

2014-04-05 15:57 - 2014-04-05 15:57 - 00002388 _____ () C:\EamClean.log

2014-04-05 14:43 - 2014-04-05 14:43 - 00000462 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\Emsisoft Emergency Kit.lnk

2014-04-05 14:42 - 2014-04-05 14:43 - 00000000 ____D () C:\EEK

2014-04-05 14:34 - 2014-04-05 14:41 - 225609112 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\EmsisoftEmergencyKit.exe

2014-04-05 11:34 - 2014-04-05 11:34 - 18568328 _____ (SUPERAntiSpyware) C:\Documents and Settings\Nedjo Baslac\My Documents\SUPERAntiSpyware.exe

2014-04-05 11:25 - 2014-04-05 11:25 - 00154888 _____ (SurfRight B.V.) C:\WINDOWS\system32\LnkProtect.dll

2014-04-05 10:27 - 2014-04-08 14:20 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-04-05 10:27 - 2014-04-08 14:20 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-04-05 10:27 - 2014-04-05 10:27 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-05 10:27 - 2014-04-05 10:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-05 10:27 - 2014-04-05 10:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-04-05 10:25 - 2014-04-05 10:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Nedjo Baslac\My Documents\mbam-setup-2.0.1.1004.exe

2014-04-05 10:13 - 2014-04-05 10:13 - 00000706 _____ () C:\Documents and Settings\All Users\Desktop\Unchecky.lnk

2014-04-05 10:13 - 2014-04-05 10:13 - 00000000 ____D () C:\Program Files\Unchecky

2014-04-05 10:13 - 2014-04-05 10:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Unchecky

2014-04-05 10:12 - 2014-04-05 10:13 - 00690424 _____ (RaMMicHaeL) C:\Documents and Settings\Nedjo Baslac\My Documents\unchecky_setup.exe

2014-04-05 10:03 - 2014-04-05 10:18 - 00000000 ____D () C:\AdwCleaner

2014-04-05 10:02 - 2014-04-05 10:02 - 01426178 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\AdwCleaner.exe

2014-04-04 19:07 - 2014-04-05 19:08 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt

2014-04-04 18:51 - 2014-04-04 19:03 - 230532272 _____ (COMODO) C:\Documents and Settings\Nedjo Baslac\My Documents\cispremium_installer_5764_af.exe

2014-04-04 16:19 - 2014-04-04 16:19 - 00000669 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk

2014-04-04 16:19 - 2014-04-04 16:19 - 00000669 _____ () C:\Documents and Settings\All Users\Desktop\Opera.lnk

2014-04-04 16:19 - 2014-04-04 16:19 - 00000000 ____D () C:\Program Files\Opera

2014-04-04 16:19 - 2014-04-04 16:19 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\Opera Software

2014-04-04 16:19 - 2014-04-04 16:19 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Application Data\Opera Software

2014-04-04 12:24 - 2014-04-04 12:24 - 00027912 _____ () C:\WINDOWS\system32\.crusader

2014-04-04 12:16 - 2014-04-04 12:16 - 00001610 _____ () C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk

2014-04-04 12:16 - 2014-04-04 12:16 - 00000000 ____D () C:\Program Files\HitmanPro

2014-04-04 12:16 - 2014-04-04 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro

2014-04-04 12:15 - 2014-04-04 12:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro

2014-04-04 12:13 - 2014-04-04 12:13 - 00000000 ____D () C:\Program Files\Reason

 

==================== One Month Modified Files and Folders =======

 

2014-04-15 16:33 - 2014-04-15 16:33 - 00009582 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\FRST.txt

2014-04-15 16:33 - 2014-04-15 16:32 - 00000000 ____D () C:\FRST

2014-04-15 16:32 - 2014-04-15 16:31 - 01042944 _____ (Farbar) C:\Documents and Settings\Nedjo Baslac\My Documents\FRST.exe

2014-04-15 16:30 - 2014-04-05 19:16 - 00000376 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job

2014-04-15 16:30 - 2013-03-23 18:24 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Application Data\Skype

2014-04-15 16:30 - 2013-03-23 15:03 - 00000159 _____ () C:\WINDOWS\wiadebug.log

2014-04-15 16:30 - 2013-03-23 15:03 - 00000049 _____ () C:\WINDOWS\wiaservc.log

2014-04-15 16:30 - 2013-03-23 14:11 - 00399383 _____ () C:\WINDOWS\WindowsUpdate.log

2014-04-15 16:29 - 2014-04-05 19:31 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-15 16:29 - 2013-03-23 14:18 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-04-15 14:51 - 2013-03-23 14:19 - 00000278 ___SH () C:\Documents and Settings\Nedjo Baslac\ntuser.ini

2014-04-15 14:51 - 2013-03-23 14:18 - 00032454 _____ () C:\WINDOWS\SchedLgU.Txt

2014-04-15 13:56 - 2013-10-01 08:56 - 00000420 _____ () C:\WINDOWS\Tasks\At1.job

2014-04-15 13:36 - 2014-04-05 19:31 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-15 13:13 - 2013-03-23 14:59 - 00646895 _____ () C:\WINDOWS\setupapi.log

2014-04-14 20:41 - 2014-04-14 20:41 - 135748352 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\setup_11.0.1.1245.x01_2014_04_14_20_12.exe

2014-04-14 18:52 - 2014-04-14 18:41 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\NPE

2014-04-14 18:52 - 2013-03-23 14:56 - 00000211 _____ () C:\boot.ini

2014-04-14 18:43 - 2013-03-23 14:19 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac

2014-04-14 18:41 - 2014-04-14 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton

2014-04-14 18:40 - 2014-04-14 18:40 - 03053496 ____N (Symantec Corporation) C:\Documents and Settings\Nedjo Baslac\My Documents\NPE.exe

2014-04-14 16:12 - 2014-04-14 16:12 - 00000596 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\JRT.txt

2014-04-14 15:48 - 2014-04-14 15:48 - 01016261 _____ (Thisisu) C:\Documents and Settings\Nedjo Baslac\My Documents\JRT.exe

2014-04-14 15:48 - 2014-04-14 15:48 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-04-14 15:41 - 2014-04-14 14:28 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor Web.evt

2014-04-14 15:39 - 2014-04-14 14:28 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Doctor Web

2014-04-14 14:25 - 2014-04-14 14:16 - 146408624 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\h6z39t6y.exe

2014-04-14 14:02 - 2014-04-14 14:02 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-04-14 14:00 - 2014-04-14 14:00 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Nedjo Baslac\My Documents\tdsskiller.exe

2014-04-14 13:57 - 2004-08-04 20:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

2014-04-12 13:35 - 2014-04-12 13:35 - 00000000 _RSHD () C:\Win

2014-04-12 08:44 - 2014-04-12 08:44 - 00001688 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\Skype.lnk

2014-04-11 13:38 - 2014-04-05 19:33 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2014-04-09 20:59 - 2004-08-04 20:00 - 00000573 _____ () C:\WINDOWS\win.ini

2014-04-09 20:59 - 2004-08-04 20:00 - 00000227 _____ () C:\WINDOWS\system.ini

2014-04-09 18:54 - 2013-10-03 11:48 - 00000000 ____D () C:\Program Files\The KMPlayer

2014-04-09 15:38 - 2014-04-09 15:38 - 00000000 ____D () C:\Program Files\ESET

2014-04-08 14:32 - 2014-04-08 14:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2014-04-08 14:32 - 2014-04-08 14:00 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Desktop\mbar

2014-04-08 14:20 - 2014-04-05 10:27 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-04-08 14:20 - 2014-04-05 10:27 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-04-05 19:37 - 2014-04-05 19:37 - 00000815 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\Launch Internet Explorer Browser.lnk

2014-04-05 19:33 - 2014-04-05 19:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

2014-04-05 19:33 - 2013-05-30 12:42 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\Google

2014-04-05 19:32 - 2013-05-30 12:42 - 00000000 ____D () C:\Program Files\Google

2014-04-05 19:31 - 2014-04-05 19:31 - 00884680 _____ (Google Inc.) C:\Documents and Settings\Nedjo Baslac\My Documents\ChromeSetup.exe

2014-04-05 19:17 - 2014-04-05 19:17 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

2014-04-05 19:17 - 2014-04-05 19:17 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Application Data\AVAST Software

2014-04-05 19:17 - 2014-04-05 19:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast

2014-04-05 19:16 - 2014-04-05 19:16 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2014-04-05 19:16 - 2014-04-05 19:16 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2014-04-05 19:16 - 2014-04-05 19:16 - 00180760 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys

2014-04-05 19:16 - 2014-04-05 19:16 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2014-04-05 19:16 - 2014-04-05 19:16 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys

2014-04-05 19:16 - 2014-04-05 19:16 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys

2014-04-05 19:16 - 2014-04-05 19:16 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys

2014-04-05 19:16 - 2014-04-05 19:16 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2014-04-05 19:16 - 2013-03-23 15:58 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2014-04-05 19:14 - 2014-04-05 19:12 - 88551496 _____ (AVAST Software) C:\Documents and Settings\Nedjo Baslac\My Documents\avast_free_antivirus_setup.exe

2014-04-05 19:14 - 2013-03-23 15:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software

2014-04-05 19:08 - 2014-04-04 19:07 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt

2014-04-05 15:57 - 2014-04-05 15:57 - 00002388 _____ () C:\EamClean.log

2014-04-05 14:43 - 2014-04-05 14:43 - 00000462 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\Emsisoft Emergency Kit.lnk

2014-04-05 14:43 - 2014-04-05 14:42 - 00000000 ____D () C:\EEK

2014-04-05 14:41 - 2014-04-05 14:34 - 225609112 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\EmsisoftEmergencyKit.exe

2014-04-05 11:34 - 2014-04-05 11:34 - 18568328 _____ (SUPERAntiSpyware) C:\Documents and Settings\Nedjo Baslac\My Documents\SUPERAntiSpyware.exe

2014-04-05 11:25 - 2014-04-05 11:25 - 00154888 _____ (SurfRight B.V.) C:\WINDOWS\system32\LnkProtect.dll

2014-04-05 11:12 - 2013-03-23 15:14 - 00000000 ____D () C:\WINDOWS\SHELLNEW

2014-04-05 10:27 - 2014-04-05 10:27 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-05 10:27 - 2014-04-05 10:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-04-05 10:27 - 2014-04-05 10:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-04-05 10:27 - 2013-10-03 10:20 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Application Data\Malwarebytes

2014-04-05 10:27 - 2013-10-03 10:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes

2014-04-05 10:26 - 2014-04-05 10:25 - 17305616 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Nedjo Baslac\My Documents\mbam-setup-2.0.1.1004.exe

2014-04-05 10:18 - 2014-04-05 10:03 - 00000000 ____D () C:\AdwCleaner

2014-04-05 10:13 - 2014-04-05 10:13 - 00000706 _____ () C:\Documents and Settings\All Users\Desktop\Unchecky.lnk

2014-04-05 10:13 - 2014-04-05 10:13 - 00000000 ____D () C:\Program Files\Unchecky

2014-04-05 10:13 - 2014-04-05 10:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Unchecky

2014-04-05 10:13 - 2014-04-05 10:12 - 00690424 _____ (RaMMicHaeL) C:\Documents and Settings\Nedjo Baslac\My Documents\unchecky_setup.exe

2014-04-05 10:02 - 2014-04-05 10:02 - 01426178 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\AdwCleaner.exe

2014-04-04 19:03 - 2014-04-04 18:51 - 230532272 _____ (COMODO) C:\Documents and Settings\Nedjo Baslac\My Documents\cispremium_installer_5764_af.exe

2014-04-04 18:47 - 2013-10-31 13:03 - 00000000 ___HD () C:\$AVG

2014-04-04 18:47 - 2013-10-31 13:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014

2014-04-04 18:47 - 2013-10-31 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData

2014-04-04 16:19 - 2014-04-04 16:19 - 00000669 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk

2014-04-04 16:19 - 2014-04-04 16:19 - 00000669 _____ () C:\Documents and Settings\All Users\Desktop\Opera.lnk

2014-04-04 16:19 - 2014-04-04 16:19 - 00000000 ____D () C:\Program Files\Opera

2014-04-04 16:19 - 2014-04-04 16:19 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\Opera Software

2014-04-04 16:19 - 2014-04-04 16:19 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Application Data\Opera Software

2014-04-04 13:28 - 2013-03-23 15:27 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk

2014-04-04 12:24 - 2014-04-04 12:24 - 00027912 _____ () C:\WINDOWS\system32\.crusader

2014-04-04 12:24 - 2014-04-04 12:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro

2014-04-04 12:16 - 2014-04-04 12:16 - 00001610 _____ () C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk

2014-04-04 12:16 - 2014-04-04 12:16 - 00000000 ____D () C:\Program Files\HitmanPro

2014-04-04 12:16 - 2014-04-04 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro

2014-04-04 12:13 - 2014-04-04 12:13 - 00000000 ____D () C:\Program Files\Reason

2014-04-03 09:50 - 2013-10-03 10:19 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-03-31 08:10 - 2013-03-23 15:00 - 00468100 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

 

Files to move or delete:

====================

C:\Windows\Tasks\At1.job

 

 

Some content of TEMP:

====================

C:\Documents and Settings\Nedjo Baslac\Local Settings\Temp\3078fb18-73e8-4363-a37b-2f401a52d94f.exe

C:\Documents and Settings\Nedjo Baslac\Local Settings\Temp\BackupSetup.exe

C:\Documents and Settings\Nedjo Baslac\Local Settings\Temp\fp_pl_pfs_installer.exe

C:\Documents and Settings\Nedjo Baslac\Local Settings\Temp\Quarantine.exe

C:\Documents and Settings\Nedjo Baslac\Local Settings\Temp\SkypeSetup.exe

C:\Documents and Settings\Nedjo Baslac\Local Settings\Temp\uninst1.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\WINDOWS\explorer.exe

[2008-03-07 11:46] - [2008-03-07 11:46] - 1033728 ____A (Microsoft Corporation) a546ad755fa358195c9e1386e8b10de1 

 

C:\WINDOWS\system32\winlogon.exe

[2008-03-07 11:46] - [2008-03-07 11:46] - 0507904 ____A (Microsoft Corporation) 3339d062572762f8e2ff102a7f8f621d 

 

C:\WINDOWS\system32\svchost.exe

[2008-03-07 11:46] - [2008-03-07 11:46] - 0014336 ____A (Microsoft Corporation) 90cef742abe7ec1da7df8ef2016817cd 

 

C:\WINDOWS\system32\services.exe

[2008-03-07 11:46] - [2008-03-07 11:46] - 0108544 ____A (Microsoft Corporation) 5c031f7e17e3ca7760ca2d7cfff973d2 

 

C:\WINDOWS\system32\User32.dll

[2008-03-07 11:46] - [2008-03-07 11:46] - 0578560 ____A (Microsoft Corporation) 65a57a5d7099b439d54332a213f62efe 

 

C:\WINDOWS\system32\userinit.exe

[2008-03-07 11:46] - [2008-03-07 11:46] - 0026112 ____A (Microsoft Corporation) 72535e77c6057f8167bbf38fc9c03fe9 

 

C:\WINDOWS\system32\rpcss.dll

[2008-03-07 11:46] - [2008-03-07 11:46] - 0399360 ____A (Microsoft Corporation) bc44c99c09151d8bd36491bc1321f510 

 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.

C:\WINDOWS\system32\Drivers\volsnap.sys

[2008-03-07 04:16] - [2008-03-07 04:16] - 0052352 ____A (Microsoft Corporation) 734738d29213de1ee15fdb7bbd134fe7 

 

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-04-2014

Ran by Nedjo Baslac at 2014-04-15 16:34:11

Running from C:\Documents and Settings\Nedjo Baslac\My Documents

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

==================== Installed Programs ======================

 

ABBYY FineReader 5.0 Sprint (HKLM\...\{4468EF97-A253-4699-9E1C-88CAE2C6832D}) (Version: 5.0.0.22227 - ABBYY Software House)

ACDSee 7.0 PowerPack (HKLM\...\{B0625F16-B742-4F75-9FD8-20B47ACC7DE2}) (Version: 7.0.47 - ACD Systems Ltd.)

Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.1.0 - Adobe Systems) Hidden

Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 7.0 Professional - EFG) (Version: 7.1.0 - Adobe Systems)

avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2016 - Avast Software)

Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version:  - )

ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )

FaxTools (HKLM\...\{F45298E5-0083-426F-A668-1A2C5F04B8A0}) (Version: 5.08 - BVRP Software)

Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)

K-Lite Codec Pack 10.0.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.0 - )

KMP Media Toolbar (HKLM\...\{4B4D5056-3700-A76A-76A7-A758B70C0A03}) (Version: 12.10.3.4602 - APN, LLC)

Lexmark X5100 Series (HKLM\...\Lexmark X5100 Series) (Version:  - )

Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )

Opera Stable 20.0.1387.91 (HKLM\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)

Platform (Version: 1.21 - VIA Technologies, Inc.) Hidden

Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)

Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_5045&SUBSYS_15091E40) (Version:  - )

Subtitle Workshop 2.51 (HKLM\...\SubtitleWorkshop) (Version:  - )

The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.7.0.109 - KMP Media co., Ltd)

Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version:  - )

Unchecky v0.2.11 (HKLM\...\Unchecky) (Version: 0.2.11 - RaMMicHaeL)

VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.21 - VIA Technologies, Inc.)

VIA/S3G Display Driver 6.14.10.0078 (HKLM\...\VIA Chrome9 HC IGP Display) (Version:  - )

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Winamp (HKLM\...\Winamp) (Version: 5.56  - Nullsoft, Inc)

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )

WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version:  - ) <==== ATTENTION

 

==================== Restore Points  =========================

 

18-01-2014 17:47:06 System Checkpoint

22-01-2014 13:32:12 System Checkpoint

23-01-2014 10:41:50 Printer Driver Lexmark X5100 Series Installed

04-02-2014 10:06:27 System Checkpoint

13-02-2014 07:20:38 System Checkpoint

06-03-2014 15:29:28 System Checkpoint

18-03-2014 11:01:20 System Checkpoint

28-03-2014 09:30:18 System Checkpoint

04-04-2014 16:45:28 Uklonjeno AVG 2014

04-04-2014 16:47:30 Uklonjeno AVG 2014

05-04-2014 17:07:12 Removed COMODO Internet Security Premium

05-04-2014 17:15:45 avast! antivirus system restore point

07-04-2014 13:37:03 System Checkpoint

09-04-2014 15:52:12 System Checkpoint

09-04-2014 17:18:25 Installed Kaspersky Security Scan.

09-04-2014 19:05:14 Removed Kaspersky Security Scan.

11-04-2014 11:11:48 System Checkpoint

 

==================== Hosts content: ==========================

 

2004-08-04 20:00 - 2014-04-15 16:30 - 00001887 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

0.0.0.0 tracking.opencandy.com.s3.amazonaws.com

0.0.0.0 media.opencandy.com

0.0.0.0 cdn.opencandy.com

0.0.0.0 tracking.opencandy.com

0.0.0.0 api.opencandy.com

0.0.0.0 installer.betterinstaller.com

0.0.0.0 installer.filebulldog.com

0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

0.0.0.0 inno.bisrv.com

0.0.0.0 nsis.bisrv.com

0.0.0.0 cdn.file2desktop.com

0.0.0.0 cdn.goateastcach.us

0.0.0.0 cdn.guttastatdk.us

0.0.0.0 cdn.inskinmedia.com

0.0.0.0 cdn.insta.oibundles2.com

0.0.0.0 cdn.insta.playbryte.com

0.0.0.0 cdn.llogetfastcach.us

0.0.0.0 cdn.montiera.com

0.0.0.0 cdn.msdwnld.com

0.0.0.0 cdn.mypcbackup.com

0.0.0.0 cdn.ppdownload.com

0.0.0.0 cdn.riceateastcach.us

0.0.0.0 cdn.shyapotato.us

0.0.0.0 cdn.solimba.com

0.0.0.0 cdn.tuto4pc.com

0.0.0.0 cdn.appround.biz

0.0.0.0 cdn.bigspeedpro.com

0.0.0.0 cdn.bispd.com

 

There are 4 more lines.

 

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\NEDJOB~1\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-04-15 13:12 - 2014-04-15 13:12 - 02212352 _____ () C:\Program Files\AVAST Software\Avast\defs\14041500\algo.dll

2013-07-19 20:53 - 2006-01-12 21:20 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.DEU

2013-07-19 20:53 - 2006-01-12 21:13 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.FRA

2014-04-05 19:16 - 2014-04-05 19:16 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2008-03-07 11:46 - 2008-03-07 11:46 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2008-03-07 11:46 - 2008-03-07 11:46 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\58617646.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\58617646.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

 

==================== Disabled items from MSCONFIG ==============

 

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

MSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

MSCONFIG\startupreg: KSS => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun

MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe

MSCONFIG\startupreg: S3Trayp => S3trayp.exe

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: VModes => VModes AttachToDesktop

MSCONFIG\startupreg: VTTimer => VTTimer.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/14/2014 03:27:19 PM) (Source: Application Hang) (User: )

Description: Hanging application opera.exe, version 20.0.1387.91, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error: (04/05/2014 08:57:41 PM) (Source: KMPService.exe) (User: )

Description: Socket Error # 10065

No route to host.

 

Error: (04/04/2014 01:42:30 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )

Description: Faulting application herdprotectscan.exe, version 1.0.3.0, stamp 5339d635, faulting module kernel32.dll, version 5.1.2600.5503, stamp 47d05f02, debug? 0, fault address 0x00012aeb.

 

Error: (04/04/2014 01:41:20 PM) (Source: MsiInstaller) (User: HOME-AMILO)

Description: The installation of d:\8376166429323dc5374776e0\vs_setup.ms_ is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

 

Error: (04/04/2014 01:28:39 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )

Description: Faulting application herdprotectscan.exe, version 1.0.3.0, stamp 5339d635, faulting module kernel32.dll, version 5.1.2600.5503, stamp 47d05f02, debug? 0, fault address 0x00012aeb.

 

Error: (04/04/2014 00:13:45 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )

Description: Faulting application herdprotectscan.exe, version 1.0.3.0, stamp 5339d635, faulting module kernel32.dll, version 5.1.2600.5503, stamp 47d05f02, debug? 0, fault address 0x00012aeb.

 

Error: (03/31/2014 08:08:48 AM) (Source: KMPService.exe) (User: )

Description: Socket Error # 11001

Host not found.

 

Error: (03/18/2014 00:36:17 PM) (Source: KMPService.exe) (User: )

Description: The service process could not connect to the service controller

 

Error: (03/09/2014 10:21:41 AM) (Source: KMPService.exe) (User: )

Description: Socket Error # 11001

Host not found.

 

Error: (02/25/2014 06:43:58 PM) (Source: KMPService.exe) (User: )

Description: Socket Error # 11001

Host not found.

 

 

System errors:

=============

Error: (04/15/2014 01:56:04 PM) (Source: Schedule) (User: )

Description: The At1.job command failed to start due to the following error: 

%%2147942403

 

Error: (04/14/2014 08:56:00 PM) (Source: Schedule) (User: )

Description: The At1.job command failed to start due to the following error: 

%%2147942403

 

Error: (04/14/2014 06:58:26 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (04/14/2014 06:57:38 PM) (Source: DCOM) (User: HOME-AMILO)

Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error: (04/14/2014 06:56:20 PM) (Source: DCOM) (User: HOME-AMILO)

Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""

in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error: (04/14/2014 06:56:13 PM) (Source: DCOM) (User: HOME-AMILO)

Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""

in order to run the server:

{BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

Error: (04/14/2014 06:55:43 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

AFD

aswRdr

aswRvrt

aswSnx

aswSP

aswTdi

aswVmm

Fips

intelppm

IPSec

MRxSmb

NetBIOS

NetBT

RasAcd

Rdbss

Tcpip

 

Error: (04/14/2014 06:55:43 PM) (Source: Service Control Manager) (User: )

Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: 

%%31

 

Error: (04/14/2014 06:55:43 PM) (Source: Service Control Manager) (User: )

Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: 

%%31

 

Error: (04/14/2014 06:55:43 PM) (Source: Service Control Manager) (User: )

Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 

%%31

 

 

Microsoft Office Sessions:

=========================

Error: (04/14/2014 03:27:19 PM) (Source: Application Hang)(User: )

Description: opera.exe20.0.1387.91hungapp0.0.0.000000000

 

Error: (04/05/2014 08:57:41 PM) (Source: KMPService.exe)(User: )

Description: Socket Error # 10065

No route to host.

 

Error: (04/04/2014 01:42:30 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )

Description: herdprotectscan.exe1.0.3.05339d635kernel32.dll5.1.2600.550347d05f02000012aeb

 

Error: (04/04/2014 01:41:20 PM) (Source: MsiInstaller)(User: HOME-AMILO)

Description: d:\8376166429323dc5374776e0\vs_setup.ms_(NULL)(NULL)(NULL)

 

Error: (04/04/2014 01:28:39 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )

Description: herdprotectscan.exe1.0.3.05339d635kernel32.dll5.1.2600.550347d05f02000012aeb

 

Error: (04/04/2014 00:13:45 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )

Description: herdprotectscan.exe1.0.3.05339d635kernel32.dll5.1.2600.550347d05f02000012aeb

 

Error: (03/31/2014 08:08:48 AM) (Source: KMPService.exe)(User: )

Description: Socket Error # 11001

Host not found.

 

Error: (03/18/2014 00:36:17 PM) (Source: KMPService.exe)(User: )

Description: The service process could not connect to the service controller

 

Error: (03/09/2014 10:21:41 AM) (Source: KMPService.exe)(User: )

Description: Socket Error # 11001

Host not found.

 

Error: (02/25/2014 06:43:58 PM) (Source: KMPService.exe)(User: )

Description: Socket Error # 11001

Host not found.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 49%

Total physical RAM: 766.1 MB

Available physical RAM: 387.79 MB

Total Pagefile: 1873.58 MB

Available Pagefile: 1549.2 MB

Total Virtual: 2047.88 MB

Available Virtual: 1949.05 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:29.29 GB) (Free:1.73 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: (Storage) (Fixed) (Total:45.23 GB) (Free:41.57 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: D4E1D4E1)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

16:41:39.0656 0x0f4c  TDSS rootkit removing tool 3.0.0.31 Apr 11 2014 08:55:10

16:41:46.0359 0x0f4c  ============================================================

16:41:46.0359 0x0f4c  Current date / time: 2014/04/15 16:41:46.0359

16:41:46.0359 0x0f4c  SystemInfo:

16:41:46.0359 0x0f4c  

16:41:46.0359 0x0f4c  OS Version: 5.1.2600 ServicePack: 3.0

16:41:46.0359 0x0f4c  Product type: Workstation

16:41:46.0359 0x0f4c  ComputerName: HOME-AMILO

16:41:46.0359 0x0f4c  UserName: Nedjo Baslac

16:41:46.0359 0x0f4c  Windows directory: C:\WINDOWS

16:41:46.0359 0x0f4c  System windows directory: C:\WINDOWS

16:41:46.0359 0x0f4c  Processor architecture: Intel x86

16:41:46.0359 0x0f4c  Number of processors: 2

16:41:46.0359 0x0f4c  Page size: 0x1000

16:41:46.0359 0x0f4c  Boot type: Normal boot

16:41:46.0359 0x0f4c  ============================================================

16:41:47.0937 0x0f4c  KLMD registered as C:\WINDOWS\system32\drivers\42474940.sys

16:41:48.0343 0x0f4c  System UUID: {AC8355B4-1DDF-D1F6-AE83-EC8F554D25BC}

16:41:49.0937 0x0f4c  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

16:41:49.0953 0x0f4c  ============================================================

16:41:49.0953 0x0f4c  \Device\Harddisk0\DR0:

16:41:49.0953 0x0f4c  MBR partitions:

16:41:49.0953 0x0f4c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1

16:41:49.0953 0x0f4c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0x5A742D1

16:41:49.0953 0x0f4c  ============================================================

16:41:50.0015 0x0f4c  D: <-> \Device\Harddisk0\DR0\Partition2

16:41:50.0031 0x0f4c  C: <-> \Device\Harddisk0\DR0\Partition1

16:41:50.0031 0x0f4c  ============================================================

16:41:50.0031 0x0f4c  Initialize success

16:41:50.0031 0x0f4c  ============================================================

16:41:58.0234 0x0510  ============================================================

16:41:58.0234 0x0510  Scan started

16:41:58.0234 0x0510  Mode: Manual; 

16:41:58.0234 0x0510  ============================================================

16:41:58.0234 0x0510  KSN ping started

16:42:00.0796 0x0510  KSN ping finished: true

16:42:01.0593 0x0510  ================ Scan system memory ========================

16:42:01.0609 0x0510  System memory - ok

16:42:01.0609 0x0510  ================ Scan services =============================

16:42:01.0906 0x0510  Abiosdsk - ok

16:42:01.0937 0x0510  abp480n5 - ok

16:42:02.0031 0x0510  [ 7563C2166940DF4BD740FCA01FAB2F55, CCB3395966011C90410E583B6CD6953E92A2B0ABA3B2B97A9D2EF6C60C10D342 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:42:02.0046 0x0510  ACPI - ok

16:42:02.0171 0x0510  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys

16:42:02.0171 0x0510  ACPIEC - ok

16:42:02.0203 0x0510  adpu160m - ok

16:42:02.0281 0x0510  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys

16:42:02.0296 0x0510  aec - ok

16:42:02.0343 0x0510  [ 08FB6D4FDB2847CC5EF8EE42F050F32A, 02DC8F95957A6B99CC7073CA3E5AA73100E40E3EA55DFEF21A5AD8B02F0DCA47 ] AFD             C:\WINDOWS\System32\drivers\afd.sys

16:42:02.0359 0x0510  AFD - ok

16:42:02.0375 0x0510  Aha154x - ok

16:42:02.0406 0x0510  aic78u2 - ok

16:42:02.0421 0x0510  aic78xx - ok

16:42:02.0468 0x0510  [ BD0B616B309969E077C1345EF5B63ABA, 00C04F478E33F0FF4F000C45D5CD631A6A58BFC4E387B552F118E3C264CBF4A6 ] Alerter         C:\WINDOWS\system32\alrsvc.dll

16:42:02.0468 0x0510  Alerter - ok

16:42:02.0500 0x0510  [ E876E7CED87AD15D0BCFCBCFC2CADB0C, 9081780E927F843408BDFD63EE3E230CC4BEB73E499954C29CB67769D91ED835 ] ALG             C:\WINDOWS\System32\alg.exe

16:42:02.0515 0x0510  ALG - ok

16:42:02.0531 0x0510  AliIde - ok

16:42:02.0562 0x0510  amsint - ok

16:42:02.0609 0x0510  [ B578AEE2388E06182896721C031652D8, 1FD9F07B3DCB1A6A047F0C82FFE63BF159A9C195B6C73B9B57E6839281705BD7 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll

16:42:02.0625 0x0510  AppMgmt - ok

16:42:02.0687 0x0510  [ D07CCC37476034EBF5DE4608A8AF4386, 52BFBC8D0F1B5A7DD39B363EB5F0545B5B6B2D4B8EB128A5E4536B27ECA7B4FC ] AR5211          C:\WINDOWS\system32\DRIVERS\ar5211.sys

16:42:02.0734 0x0510  AR5211 - ok

16:42:02.0750 0x0510  asc - ok

16:42:02.0781 0x0510  asc3350p - ok

16:42:02.0812 0x0510  asc3550 - ok

16:42:02.0906 0x0510  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

16:42:02.0921 0x0510  aspnet_state - ok

16:42:02.0968 0x0510  [ B347D2FEAE2D063943F16EC98634AB89, 2CA74745232607571ED088270B3B3FA555628455A257A6E52F133D650D861FD4 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys

16:42:02.0968 0x0510  aswMonFlt - ok

16:42:03.0000 0x0510  [ 71A7C3DB37ED3F6118AC7FEB50574C35, D14BFFF9E1FA77ACB4F011C68645D3961E3278ED445D574F49653BA45F0332E2 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys

16:42:03.0000 0x0510  aswRdr - ok

16:42:03.0031 0x0510  [ 84B4C00AE8CDFC52CF68F322D821F34C, 9971A8ECDF2B81F4AA59E7680639A8B798430E1FDF5A39C6E05E522BF2DEF3F8 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys

16:42:03.0031 0x0510  aswRvrt - ok

16:42:03.0125 0x0510  [ 3A50AD6AE8D8A0F78F03316F5B93FE45, 6F3952EDA23E5FD7CACE152D3DA3B1F1238E9B9976CDD5193D21424463BAA0E9 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys

16:42:03.0171 0x0510  aswSnx - ok

16:42:03.0234 0x0510  [ B6381B4DC603C558419641BA969930E0, F6586B6D055C62942CD0E5702FFCC6F4DB7424DC551EB0041876C3544994EB59 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys

16:42:03.0250 0x0510  aswSP - ok

16:42:03.0281 0x0510  [ 4A90E597A9AF787C4CEA0DE95C1F74A7, 07A80674038F2C78DA5868CB4350C1E8618E3EAAA3E894E32FDF5C876D5280F4 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys

16:42:03.0296 0x0510  aswTdi - ok

16:42:03.0328 0x0510  [ 680448905E27BBC6587ADB28597640D6, A55297D872162178FDCF2C64C2357DCE1D98418AB84CF5E8621DED73C7484629 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys

16:42:03.0343 0x0510  aswVmm - ok

16:42:03.0421 0x0510  [ DA532763C5DFB8140B1FB45CDE8E371D, AC542464D501E74169459A3C755FE2CCB4C5A82454BF7002301ED48BB247A00E ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:42:03.0421 0x0510  AsyncMac - ok

16:42:03.0500 0x0510  [ 838DF6731742B7198F91C2D9E0468DC3, 56AAC7AEA6EE12371F0E1FF0209B64DD0860ED75BB2477ECA66D913FCBFA90D8 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys

16:42:03.0500 0x0510  atapi - ok

16:42:03.0515 0x0510  Atdisk - ok

16:42:03.0578 0x0510  [ ADE33E7444E347EE6FE34CFCCB94D678, B1BAB6DC43FC57581F994287428D19A3C387FA2BC5538AAD1836793D2EE17BE2 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:42:03.0578 0x0510  Atmarpc - ok

16:42:03.0625 0x0510  [ F247FECF0F95BB8DB23081D3B9D182B5, 49BE61421AC7E293112FB36C757A99A39359FDC89776A65DD6427336584F3620 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll

16:42:03.0625 0x0510  AudioSrv - ok

16:42:03.0671 0x0510  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys

16:42:03.0671 0x0510  audstub - ok

16:42:03.0765 0x0510  [ BEA8D0FA8805CC2E6BB49728166699C7, 9A574A1E79DC2D472877443A92ACDA57A1206A2DAB3AF9110C844944EDC9D797 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

16:42:03.0765 0x0510  avast! Antivirus - ok

16:42:03.0843 0x0510  [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys

16:42:03.0843 0x0510  avgtp - ok

16:42:03.0906 0x0510  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys

16:42:03.0921 0x0510  Beep - ok

16:42:03.0984 0x0510  [ 80AFFA9A10E204835F10D1E2D3A6C1EC, EBCB95FF8B87E78965E15A8A276B09569662C09C442DFF4EDB6C92666091AF6D ] BITS            C:\WINDOWS\system32\qmgr.dll

16:42:04.0031 0x0510  BITS - ok

16:42:04.0093 0x0510  [ 9E40E5F31E203CE90C66AF5E5D13688F, 56470FA3D8FC766B53E641E3AA231F415C22A5138799BCFE69F36ED918A39487 ] Browser         C:\WINDOWS\System32\browser.dll

16:42:04.0093 0x0510  Browser - ok

16:42:04.0156 0x0510  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys

16:42:04.0156 0x0510  cbidf2k - ok

16:42:04.0218 0x0510  [ E8A272D0F11A2FA58431FA6588E6152D, 704D7417B0BB017812EA9534981810E2890A0E6990E2117E5601697C69F6577D ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

16:42:04.0218 0x0510  CCDECODE - ok

16:42:04.0234 0x0510  cd20xrnt - ok

16:42:04.0281 0x0510  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys

16:42:04.0296 0x0510  Cdaudio - ok

16:42:04.0343 0x0510  [ CD319F3A4BFC23E9FB392B94AFD59641, 0889EDB786C73EF95D3745AD541E339930B3D051C0F2F515AAB195BF72659F0E ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys

16:42:04.0343 0x0510  Cdfs - ok

16:42:04.0375 0x0510  [ 9961D4CF6C01D2B3E6BA7E9A15B55F31, 282457945CF72D340CA306138F8625D4B2D97C5878715F0AF91D4822970436A1 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:42:04.0375 0x0510  Cdrom - ok

16:42:04.0406 0x0510  Changer - ok

16:42:04.0437 0x0510  [ ECDE37D2ED4E640080E54C9AFD18EE41, 9338BDA04454AFF5AC045C3D896F20C95096E49337EC6D62E30054E7BD47B8B2 ] CiSvc           C:\WINDOWS\system32\cisvc.exe

16:42:04.0453 0x0510  CiSvc - ok

16:42:04.0531 0x0510  [ DBC8CDAFC84E96E894C3BAAED9B30F47, A25CDF4BBF8227878D3CBB8E74904A43751EC4E98DFEBFE4CBD3953890A170F9 ] cleanhlp        C:\EEK\Run\cleanhlp32.sys

16:42:04.0531 0x0510  cleanhlp - ok

16:42:04.0578 0x0510  [ D1BA0A09D773E6E6BE5971E9FBC2DA06, 600FEA99C560787B515B623CD35BA7E9D082C93FCC2321493E1C453C4FC8886E ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe

16:42:04.0578 0x0510  ClipSrv - ok

16:42:04.0625 0x0510  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:42:04.0640 0x0510  clr_optimization_v2.0.50727_32 - ok

16:42:04.0687 0x0510  [ BC6187543CFFD0CAEC690300DA8C2FA1, D2DC7F6269B6D026E012296EAF5A8916B134F39E52534733DE3678E09ACDA669 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys

16:42:04.0687 0x0510  CmBatt - ok

16:42:04.0703 0x0510  CmdIde - ok

16:42:04.0750 0x0510  [ 55028ABED620B9822DC330107E053EE7, 122101892904D3963485D0CA794902231B47C6FF8CFC54A278F3F631CF3304E4 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys

16:42:04.0750 0x0510  Compbatt - ok

16:42:04.0765 0x0510  COMSysApp - ok

16:42:04.0828 0x0510  Cpqarray - ok

16:42:04.0890 0x0510  [ 3BE9F3160CF92FE9F9CF3B73570F1330, D5F16A70095CB00F9235108EF4C0C90A0F7D09683EAD06BC768D3F212CC46417 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll

16:42:04.0890 0x0510  CryptSvc - ok

16:42:04.0921 0x0510  dac2w2k - ok

16:42:04.0937 0x0510  dac960nt - ok

16:42:05.0000 0x0510  [ BC44C99C09151D8BD36491BC1321F510, 91BFDBC43F4AF9524588A593DAA44124EBD73B996BC47CD690DFD871223C4BB2 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll

16:42:05.0031 0x0510  DcomLaunch - ok

16:42:05.0093 0x0510  [ ABE660C4266B32B1F7E659EF03E0E922, 5F0690E808196EF1FCB895F198CC010AE7F5DA55C1A1D46169032451CDBF1E97 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll

16:42:05.0093 0x0510  Dhcp - ok

16:42:05.0140 0x0510  [ 8C7776B0F84BFC3507E2D8F5CEE13DB4, FE71C7686B2E914B4A64D315BF8F89630C40D548E7C1C3AEB09BC6C3FE6D34AD ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys

16:42:05.0140 0x0510  Disk - ok

16:42:05.0156 0x0510  dmadmin - ok

16:42:05.0250 0x0510  [ 132F36F598A03B0BD845F565E7FD9705, 4FC689B6DC7650283DE8DB45FC3213B266110E3DFD07B80954FB10AF439B626F ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys

16:42:05.0296 0x0510  dmboot - ok

16:42:05.0328 0x0510  [ E4052FA551F255CE15567B992876B17C, AF37EB0E2CB5053FB9ABE1A2E15454ED9193560B4D356C20C964E14959B57152 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys

16:42:05.0343 0x0510  dmio - ok

16:42:05.0375 0x0510  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys

16:42:05.0375 0x0510  dmload - ok

16:42:05.0421 0x0510  [ 134BDCF1F743BFBED275B73AFD502CF1, CB081DAF85253DF860695BE1B0D21CDE0C9DDC9A569F40AD7C624505CBB56D01 ] dmserver        C:\WINDOWS\System32\dmserver.dll

16:42:05.0421 0x0510  dmserver - ok

16:42:05.0468 0x0510  [ E9C1EF7B2D0D0EE2C467DC0FE61EB5EE, DD5DF0325356865442D7E16985D4C5BF6CA0FE1B8F2F2DBC1368E2B68039308E ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys

16:42:05.0468 0x0510  DMusic - ok

16:42:05.0515 0x0510  [ B5A4E576E3E82730F865B3C6BF4C22F3, A854F618C026F956D23AF36802E5BB38AAC2D33CDDA76209F64A28CD46AC3E97 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll

16:42:05.0515 0x0510  Dnscache - ok

16:42:05.0546 0x0510  [ 48DE421C3B577B499E95C3B0B9055432, 34E7C807563FC526F712C4B5E90126FAE7C846B921054A6EF450D2AE7F7B999A ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll

16:42:05.0562 0x0510  Dot3svc - ok

16:42:05.0578 0x0510  dpti2o - ok

16:42:05.0609 0x0510  [ BC73D3E69EBE5A75BED5881ECC188FAB, 36086F501B73973915DC41DD00AF9AE9A78ABF6D2A0366C0853355641969C355 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys

16:42:05.0625 0x0510  drmkaud - ok

16:42:05.0656 0x0510  [ 1E36912943E60BC765B92D23701C45E4, 6E8ED776F884C63FB1A24008AB2DAA05E8A4DAC26F51C7D632CC368D2135EB0C ] EapHost         C:\WINDOWS\System32\eapsvc.dll

16:42:05.0671 0x0510  EapHost - ok

16:42:05.0703 0x0510  [ 90DD05870612CD69BB5F6D2596C4B9D6, 73D2458D470C716760AD3DA41D8C888E0376CC04C7709A013051E89D5AAF67E9 ] ERSvc           C:\WINDOWS\System32\ersvc.dll

16:42:05.0703 0x0510  ERSvc - ok

16:42:05.0750 0x0510  [ 5C031F7E17E3CA7760CA2D7CFFF973D2, 6D3D73470F77FF15167E3D23BCD176BF4A5BE933BB9B1B8CD1685B88C1A6A0B0 ] Eventlog        C:\WINDOWS\system32\services.exe

16:42:05.0765 0x0510  Eventlog - ok

16:42:05.0812 0x0510  [ 128E09ADCEB1DAD46815F3D4E239874C, 34F47DE74A62F1B4142B6B66CA2BF1B668F5FCFDD26F1A3FC96576C6BEBB89C4 ] EventSystem     C:\WINDOWS\system32\es.dll

16:42:05.0828 0x0510  EventSystem - ok

16:42:05.0875 0x0510  [ 3B8D65D84DDE6ACCBDE1318B5C7A18EB, D19239F1171BA1AF9762C791A3BB2015F9BC70EB68A9F8A34EAB537732BEAC3E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys

16:42:05.0890 0x0510  Fastfat - ok

16:42:05.0937 0x0510  [ EF95C4371DEB4900AA00B0E108261051, FAD2CAF55738DC42B12EAF407AF1433167E45B316B689FE8CDE3FB7BB7EB1227 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

16:42:05.0953 0x0510  FastUserSwitchingCompatibility - ok

16:42:05.0984 0x0510  [ 7491AD23E3F48DF2F33E368179D63B40, 663B5E995579F8FF3033D56C86767EBC0842DCFFE604B025E4C11EEDC11CEE0E ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys

16:42:05.0984 0x0510  Fdc - ok

16:42:06.0031 0x0510  [ E9648254056BCE81A85380C0C3647DC4, AE58F498BD1C33360FE3BB9EA22C13EA562206B68E7946B587CB5A6DF94586A1 ] FETNDIS         C:\WINDOWS\system32\DRIVERS\fetnd5.sys

16:42:06.0031 0x0510  FETNDIS - ok

16:42:06.0062 0x0510  [ F06DA3260B440A0F6432A50222B880EA, 3AE885860DE9EA82FE3F13DAFF306027F4D017ED5F8B018855AEFCA565C0605D ] Fips            C:\WINDOWS\system32\drivers\Fips.sys

16:42:06.0062 0x0510  Fips - ok

16:42:06.0093 0x0510  [ 28271C4C9CC2248C1CEA8FF903298C4B, 55CFBE4AD73C56E565B631D80B63158C779F1BDFA85B50C524FC0D2B0A677E50 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys

16:42:06.0093 0x0510  Flpydisk - ok

16:42:06.0140 0x0510  [ 15835809E26CB8E27BF19860B5A6CAA9, D49A2EC040D67B3F35E4EB19B05E07BF5F0829618B136453869E50BC91BE4E54 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys

16:42:06.0156 0x0510  FltMgr - ok

16:42:06.0187 0x0510  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:42:06.0187 0x0510  Fs_Rec - ok

16:42:06.0203 0x0510  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:42:06.0218 0x0510  Ftdisk - ok

16:42:06.0265 0x0510  [ 455A242ECB4296ECA80D319566D6971E, 9C780D405421E9F0EAE4858DEC2F35A50A5DEAE2FB2E423F8457544141E838A4 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:42:06.0265 0x0510  Gpc - ok

16:42:06.0343 0x0510  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe

16:42:06.0343 0x0510  gupdate - ok

16:42:06.0375 0x0510  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe

16:42:06.0375 0x0510  gupdatem - ok

16:42:06.0453 0x0510  [ 08F0F83FDB49CDBCACF546971A660524, DE24F4299C6D4A84CB81E0FEF782F118D8742B9F2E55D35AABF15D46C9488E33 ] HdAudAddService C:\WINDOWS\system32\drivers\CHDAud.sys

16:42:06.0484 0x0510  HdAudAddService - ok

16:42:06.0531 0x0510  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

16:42:06.0531 0x0510  HDAudBus - ok

16:42:06.0593 0x0510  [ 092620EB30864486BE588D2367E6AC28, 08B3FBDAFD03224ED8A2CD3979B809B191AF0E6C64EA27294094D21D8C623534 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

16:42:06.0609 0x0510  helpsvc - ok

16:42:06.0625 0x0510  [ D52E548518ECEE4E364DC95D234BBA4A, 9FC2051771A8168032D395679BEEFDEAC8B5E50D1870F253A5D760D9E1AAD7A9 ] HidServ         C:\WINDOWS\System32\hidserv.dll

16:42:06.0640 0x0510  HidServ - ok

16:42:06.0671 0x0510  [ 0E59F9EB06BD4CC0A7F34BB852615247, 592AC684D8C51DC5188E680DE7338F023B488936B4C3B8AEFE92F42C3E5B4E5C ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:42:06.0687 0x0510  hidusb - ok

16:42:06.0734 0x0510  [ 5CFB08B84ABC3DFFA54849A272012F40, 4964F90A08A01D35C70498762157F70B90795152CFD224A2C1F1E56E3B27046C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll

16:42:06.0734 0x0510  hkmsvc - ok

16:42:06.0750 0x0510  hpn - ok

16:42:06.0812 0x0510  [ D8D9DED6DCC4E3AEE633E6BA462B75C4, 148FDAAB8F0DDF5E9516C48F63A4F7E48A64EE3FD97031428FA15FA37D2B5957 ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

16:42:06.0828 0x0510  HSFHWAZL - ok

16:42:06.0906 0x0510  [ 2DF42CF7300B14B15953218A2B32217C, 8A1F746A2142BAF801CDAFAC7BE7A33E31263A09285E85C9454F8D8A737D4D18 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

16:42:06.0968 0x0510  HSF_DPV - ok

16:42:07.0031 0x0510  [ 21833B83F668E0FBBD545F95D7A563A4, 2820FDA702F73E8B58D7086802C311076ECB0CC28FBE9C2530D5BC200F7C6F4A ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys

16:42:07.0046 0x0510  HTTP - ok

16:42:07.0093 0x0510  [ 94429263065B17070ADFC1ED6A2D3F70, 4AE9B42C15B651E30CC13BFBFDA0BF827F63B38F12D9AA982569A2816ECD047B ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll

16:42:07.0093 0x0510  HTTPFilter - ok

16:42:07.0125 0x0510  i2omgmt - ok

16:42:07.0140 0x0510  i2omp - ok

16:42:07.0203 0x0510  [ B1D5AC772C9602519ABF878DA44F2993, CC76E391B74C926A1CCD1008D07E1134105ED9CC1489665A3D3E9460C932D25E ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:42:07.0203 0x0510  i8042prt - ok

16:42:07.0265 0x0510  [ 22ABEF00814937A22C4F4828EADC3EF8, C680BF95A63FBAEB5A6882A8347F80AB90E4266E56A14C5E5BF0757AA8250929 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys

16:42:07.0265 0x0510  Imapi - ok

16:42:07.0296 0x0510  [ 39CC28CD352CC192AEB843FB8665895F, B516B3CB1A5EA832BB0F8ADBADD244EC6B16250CD0470F0B703830E77992DA33 ] ImapiService    C:\WINDOWS\system32\imapi.exe

16:42:07.0312 0x0510  ImapiService - ok

16:42:07.0343 0x0510  ini910u - ok

16:42:07.0390 0x0510  IntelIde - ok

16:42:07.0437 0x0510  [ 58959C4C8D8C0534F0E161C8E8899C96, 1CE1908C3551D766B656C9A39398CFB423F1F8743BAEC1473699B8555BACBA25 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:42:07.0437 0x0510  intelppm - ok

16:42:07.0468 0x0510  [ B1157E4E295D3DEC5E62B2BB5189C0A8, 798A513489E6166196E9C30D37CF44D30E547EA94A2D020B62893BB8A21463A3 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

16:42:07.0468 0x0510  Ip6Fw - ok

16:42:07.0515 0x0510  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:42:07.0515 0x0510  IpFilterDriver - ok

16:42:07.0546 0x0510  [ 89638A2B685902CB4E70CD5D9EF33156, 79AB23B0B6EB51ED1E81A2F86CEE9984916AFFB08AB4281293542C32BBA49C7F ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:42:07.0546 0x0510  IpInIp - ok

16:42:07.0593 0x0510  [ A5791AEC1588BFD76295DE679B147C55, 0804B0744451B1A0BA40E72E59EF1110D558BB5BEC7081496FD6D6C42CCB5DEB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:42:07.0593 0x0510  IpNat - ok

16:42:07.0640 0x0510  [ 8C2FA9ECE20F0F99E9003F060E155DB9, 0814F38BAF333BE70B02EBFC3C3CBE8CF1637CAA6FD7B4895A20C26886483C9F ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:42:07.0640 0x0510  IPSec - ok

16:42:07.0703 0x0510  [ F17106F5E19039BC7EC7F6C54BA82F21, AA4579E5094A45287BB86DE4BE528CDD15B29DAEBEC73601A27F05F1937C5A9A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys

16:42:07.0703 0x0510  IRENUM - ok

16:42:07.0750 0x0510  [ 4D08FBB3BD7B6CCE4F352D3D5A1C5154, 38871FC68117116173483604B30C94577A0189C7C123FCA7FB28A28A0114A1F0 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:42:07.0765 0x0510  isapnp - ok

16:42:07.0796 0x0510  [ F46911A590C6A69CAE4CE915E3C54EA2, 1D62D27D47EB18E58D001ABFBC097F9827AEF4D8C24295E412612F990FFAB805 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:42:07.0812 0x0510  Kbdclass - ok

16:42:07.0843 0x0510  [ 724FA1E8877B52D0C6A876D41EA558E7, 8A2703AED8F7E9B0E32D624443603A89EC45135E19E3D1CED28A92EB8EBF6860 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys

16:42:07.0843 0x0510  kmixer - ok

16:42:07.0890 0x0510  [ 3F97FC8DB81F6A811A5A80578A702965, F6983A1019FBECA268ECDB0DE3B851C2EEB09C3DE63DAB9206191BE18D434D50 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys

16:42:07.0906 0x0510  KSecDD - ok

16:42:07.0953 0x0510  [ 87C8F442F3512B045DFC202B84B03B44, 24B331B7DAD7117F24FEA1E4CE68845C1B3674895DC1CA8559B8A105ADF7C160 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll

16:42:07.0968 0x0510  LanmanServer - ok

16:42:08.0031 0x0510  [ BEB90A7C8A02A6115F30BC815B7C551C, 5E7ACBE11C9F80B96BE7B82F673BF877D18508D56716784FB17D77916C02D131 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

16:42:08.0046 0x0510  lanmanworkstation - ok

16:42:08.0062 0x0510  lbrtfdc - ok

16:42:08.0140 0x0510  [ 1E249F3E56B9C13F42C6D12D9447354F, 4263BA6C18DE32ED697C94E233D998D5F516B827AEB21CEB641996D92AA3DAE6 ] LexBceS         C:\WINDOWS\system32\LEXBCES.EXE

16:42:08.0171 0x0510  LexBceS - ok

16:42:08.0218 0x0510  [ E3C57C9F6DD7983BFDD047493722D2BB, 6C16DA8A54EE9263CDDB37E25396449EAB82BE6AFC1FD1545DFDC398ACBC2201 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll

16:42:08.0234 0x0510  LmHosts - ok

16:42:08.0265 0x0510  [ E246A32C445056996074A397DA56E815, 5CD5B22840151CAC1FC990C3E468E5382DCC3F89EFD8CE422B9B10B5BEB6F990 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

16:42:08.0281 0x0510  mdmxsdk - ok

16:42:08.0312 0x0510  [ B0E62543939AD2B59B69AD2639D397DB, B9BCACCB4AE29A1493C6E1F7B3B6318AD0600275EBC375FE694C55360DA65427 ] Messenger       C:\WINDOWS\System32\msgsvc.dll

16:42:08.0312 0x0510  Messenger - ok

16:42:08.0359 0x0510  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys

16:42:08.0375 0x0510  mnmdd - ok

16:42:08.0421 0x0510  [ 5B3DDA2AC7DC6B516BAF74E3B3A88DC1, AD6602FC4329F8F4D95C344DF18403E3445BC5046765BB93A1DCDF02029A2CE3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe

16:42:08.0421 0x0510  mnmsrvc - ok

16:42:08.0468 0x0510  [ 027315AF46FB8FE59FD654F7804D3440, F8E909D7835E10BEC4BE199AFE04AD9C50955C22AD46E7680D7592843BA95C7F ] Modem           C:\WINDOWS\system32\drivers\Modem.sys

16:42:08.0468 0x0510  Modem - ok

16:42:08.0484 0x0510  [ BE8BA5D4C4ADEE75F6B4DC77B8C18726, 8F94F46CFD76C7A813D1953F7ED7833694D2F3DDD2AEB09D461966FF1B3DD08D ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:42:08.0500 0x0510  Mouclass - ok

16:42:08.0515 0x0510  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:42:08.0531 0x0510  mouhid - ok

16:42:08.0562 0x0510  [ 4E73CA698169B63690CD170D62AF5289, C2CC58BEDAA949FD631E21E7C52BE9C7905EFE56F1BFDBCC66053D7693F6BC92 ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys

16:42:08.0562 0x0510  MountMgr - ok

16:42:08.0578 0x0510  MozillaMaintenance - ok

16:42:08.0609 0x0510  mraid35x - ok

16:42:08.0656 0x0510  [ AC9A33D0836545E72E878D6B2EE66ED3, FF75894D730BF7FB175BE3B7F4E40DCB4EF773202E5D85CEAF69900E2548958A ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:42:08.0671 0x0510  MRxDAV - ok

16:42:08.0718 0x0510  [ D30EAB4473934599AD5B5CBEFBDAFD72, 3170994B3E0C82D3013330C405140C0C73CD4D572AB7B31586528B96C6D6C5D9 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:42:08.0734 0x0510  MRxSmb - ok

16:42:08.0781 0x0510  [ AF8467D683E8D3D7950E980D447645F6, 07891DAABE1D63C31BDDD5D03CC178AAEEC97DBA1E3167675CC982E5DFB03786 ] MSDTC           C:\WINDOWS\system32\msdtc.exe

16:42:08.0781 0x0510  MSDTC - ok

16:42:08.0812 0x0510  [ 921A36437283D1303C42996877976EA0, DFE9711836C2EB84450DCB90527946408499F88CAFC39BDC89A7A4D4DA549394 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys

16:42:08.0828 0x0510  Msfs - ok

16:42:08.0843 0x0510  MSIServer - ok

16:42:08.0875 0x0510  [ 8D235F3B33089CE8C02E3A56C55CFA2A, C5E7BEB67BBB69A7EEC367C5C49B1E2697518F439F63B2B41F7B7510DEBCF641 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:42:08.0875 0x0510  MSKSSRV - ok

16:42:08.0921 0x0510  [ 60B0A7B75A169EFC90A7D28B762F1D7A, 58E4A83610C5A8F5BBCDD2F3200BD470E05D6449611255C4A0DFD6642EDB2E9D ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:42:08.0921 0x0510  MSPCLOCK - ok

16:42:08.0953 0x0510  [ 5FF45F159DD6F9292CD0645706593ADE, B3E57195C4D757674F862743DC9BBA1C9EA6654D6C87080B12CD1471033DD353 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys

16:42:08.0953 0x0510  MSPQM - ok

16:42:09.0000 0x0510  [ 227DA9E3A1A6FC04210D2392B9EA9026, 10B21EAE5579837E8BB7A2A160C6B5C6C1D647DBF0C800BA5FC06A69FC4D5A21 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:42:09.0000 0x0510  mssmbios - ok

16:42:09.0031 0x0510  [ 2E29D69EBE0F84C91B6AC951E7CC4D05, EFDCAB086234652B80DCBF53EFD86EF8D4884D688571B930F626728A4EBBDC57 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys

16:42:09.0031 0x0510  MSTEE - ok

16:42:09.0078 0x0510  [ 5373805013250B055B0C1FFCCC384407, D363503FF13FE35B76168BF7B8740B1C5E9B349DBFAA24B3B26D01E1963D1321 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys

16:42:09.0093 0x0510  Mup - ok

16:42:09.0125 0x0510  [ BDCAC0684D77E289465B183D0B785941, 2B21FC5F68F9D178E881E44E6954817516F7759AF2BD675F911049B94E9B6362 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

16:42:09.0140 0x0510  NABTSFEC - ok

16:42:09.0203 0x0510  [ 2B0C4BBC291DD4608EAD2F2CBCE10E5C, D9116B90C510DF5C376F57F438790528E4E3700436E7A95B9235E1249E5B196A ] napagent        C:\WINDOWS\System32\qagentrt.dll

16:42:09.0234 0x0510  napagent - ok

16:42:09.0281 0x0510  [ D89ACA7F76952917CBADE3C315B50036, A348BF6426D7DACE2F9362D5D6A6E758E02E1D1DD346D652FCFBB9A422CA2C6E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys

16:42:09.0296 0x0510  NDIS - ok

16:42:09.0328 0x0510  [ 514A71B244D6DC19A657C91A2A336B7A, 541A22B0D1AABE4F4FE483F46006600A6109B81405206748823B3E4930EEB448 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys

16:42:09.0328 0x0510  NdisIP - ok

16:42:09.0359 0x0510  [ D4F4D4FF25C19179B0B38F8272C09952, E22D0D7F64B5B1552E1373482E918499129D6834785648F5C89A55B7C5F21DD6 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:42:09.0359 0x0510  NdisTapi - ok

16:42:09.0375 0x0510  [ 6C299F28150BF94C304B5B2F9AEF0C9A, EDC40C46DC441C74D1301B4C4CA22E374106090FBAFE19B6A0D19C9E302E5E14 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:42:09.0390 0x0510  Ndisuio - ok

16:42:09.0406 0x0510  [ 026B1FC7ED7761FF1330047580D8345E, E5CCF4231439A573C7C16503BA495DF80DB588779EDF8C9D0C5C240294D92261 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:42:09.0421 0x0510  NdisWan - ok

16:42:09.0453 0x0510  [ 15F6DB91FE53FC781B84D3536C20C301, 9F4869EA82950C5CBBC2DA627B75311A627B65F23EEF6682E137B0786E34C566 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys

16:42:09.0453 0x0510  NDProxy - ok

16:42:09.0500 0x0510  [ 34691C114A1E3DF953D4F918C1068FB6, 0CFEA7A18BB6F723C9404CF9B0C592680A835AADDE9F4A78C2D14E245BA13DAB ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys

16:42:09.0500 0x0510  NetBIOS - ok

16:42:09.0531 0x0510  [ FCF68116195ADF2777644187303F206A, EADBA31E75439FAD316D9A010326AF5EA6D09BC3076550F4FE9BF5ABAF36EADD ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys

16:42:09.0546 0x0510  NetBT - ok

16:42:09.0578 0x0510  [ 6B4EDEFFEBBD705A1160F27A821532B3, 58D762EF0A0F7F18E3C0C8EE6F5E261817BDBD541CEA2BD79F6E2AD8D16429D4 ] NetDDE          C:\WINDOWS\system32\netdde.exe

16:42:09.0593 0x0510  NetDDE - ok

16:42:09.0625 0x0510  [ 6B4EDEFFEBBD705A1160F27A821532B3, 58D762EF0A0F7F18E3C0C8EE6F5E261817BDBD541CEA2BD79F6E2AD8D16429D4 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe

16:42:09.0640 0x0510  NetDDEdsdm - ok

16:42:09.0687 0x0510  [ 543B4545600F5B26150FF3F639AA670A, 55E78D1BAB10FDA3E72BA06847F8DDE852281757D204ED1FAA1A8BA222AF1C6E ] Netlogon        C:\WINDOWS\system32\lsass.exe

16:42:09.0687 0x0510  Netlogon - ok

16:42:09.0718 0x0510  [ A0C9CB2819059FA490B2CF43AA08D19C, 2279083DE04C48C38FEDB597A14B990FEC0740B73B089E77CAF0339F5860AC27 ] Netman          C:\WINDOWS\System32\netman.dll

16:42:09.0750 0x0510  Netman - ok

16:42:09.0781 0x0510  [ 998232EF17552580CD324924B147F44F, FEA6D9318BC27201460928FD5C97A46FA261D5554CAD45D1808C655BA61EFB98 ] Nla             C:\WINDOWS\System32\mswsock.dll

16:42:09.0796 0x0510  Nla - ok

16:42:09.0843 0x0510  [ 682D9C1B2219BCCDA7D033E2706FDB50, 207440A9744853D4B055A656C9AD9D1C47AF5887A6D80AB5870E47BAF3ECFD47 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys

16:42:09.0843 0x0510  Npfs - ok

16:42:09.0906 0x0510  [ 4BAA9DE705D0EA0036642D655A36D16E, 25880E88BD2CD04B4AC0995E282E3CEBDB65E72A14DEC70E363DBE2DE2B19D9E ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys

16:42:09.0921 0x0510  Ntfs - ok

16:42:09.0953 0x0510  [ 543B4545600F5B26150FF3F639AA670A, 55E78D1BAB10FDA3E72BA06847F8DDE852281757D204ED1FAA1A8BA222AF1C6E ] NtLmSsp         C:\WINDOWS\system32\lsass.exe

16:42:09.0968 0x0510  NtLmSsp - ok

16:42:10.0031 0x0510  [ 92FA7CCEE20701EFB2107E9B91F1B846, 75887139D8400D63C13E4A64B9519DDE7E195F122230D4C6DB87CA9B22495B86 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll

16:42:10.0062 0x0510  NtmsSvc - ok

16:42:10.0109 0x0510  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys

16:42:10.0109 0x0510  Null - ok

16:42:10.0140 0x0510  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:42:10.0140 0x0510  NwlnkFlt - ok

16:42:10.0187 0x0510  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:42:10.0187 0x0510  NwlnkFwd - ok

16:42:10.0265 0x0510  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:42:10.0265 0x0510  ose - ok

16:42:10.0328 0x0510  [ 86C656BFB7DF47DA74F681FF1B75FE81, 34E1DB2B132F44C481192D0BEBCED161676FC9964CB045E6934EF69261267274 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys

16:42:10.0328 0x0510  Parport - ok

16:42:10.0359 0x0510  [ E1C9C03D779B559A10A744709EB194B4, 4DDD42E6875425102A5140B975088695A111C86DFD1FA4DB63C940B1FC3612FA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys

16:42:10.0359 0x0510  PartMgr - ok

16:42:10.0406 0x0510  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys

16:42:10.0406 0x0510  ParVdm - ok

16:42:10.0453 0x0510  [ 48AFFB14E2BED45D37B72894E7923444, 3BF66AF49A7D19E186C1EDFDC4894D6DF40FEE39F5B95E1485B7631A62B1D19E ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys

16:42:10.0453 0x0510  PCI - ok

16:42:10.0468 0x0510  PCIDump - ok

16:42:10.0500 0x0510  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys

16:42:10.0500 0x0510  PCIIde - ok

16:42:10.0546 0x0510  [ B054FACB7EB88946033A9E703569E885, 29DC7C7176830038A13154CF89E7C85BE10FFFDB2B48329C0A996F7A6E4D9760 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys

16:42:10.0562 0x0510  Pcmcia - ok

16:42:10.0578 0x0510  PDCOMP - ok

16:42:10.0609 0x0510  PDFRAME - ok

16:42:10.0625 0x0510  PDRELI - ok

16:42:10.0656 0x0510  PDRFRAME - ok

16:42:10.0687 0x0510  perc2 - ok

16:42:10.0718 0x0510  perc2hib - ok

16:42:10.0859 0x0510  [ 5C031F7E17E3CA7760CA2D7CFFF973D2, 6D3D73470F77FF15167E3D23BCD176BF4A5BE933BB9B1B8CD1685B88C1A6A0B0 ] PlugPlay        C:\WINDOWS\system32\services.exe

16:42:10.0875 0x0510  PlugPlay - ok

16:42:10.0906 0x0510  [ 543B4545600F5B26150FF3F639AA670A, 55E78D1BAB10FDA3E72BA06847F8DDE852281757D204ED1FAA1A8BA222AF1C6E ] PolicyAgent     C:\WINDOWS\system32\lsass.exe

16:42:10.0906 0x0510  PolicyAgent - ok

16:42:10.0953 0x0510  [ 0F14D1F70CB752E1B3BDC8F9E1764712, 149C1E5A23659DF6C3039723437030878AF84DEDEAD89D6B2BCAE8473E2EEA2B ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:42:10.0968 0x0510  PptpMiniport - ok

16:42:10.0984 0x0510  [ 543B4545600F5B26150FF3F639AA670A, 55E78D1BAB10FDA3E72BA06847F8DDE852281757D204ED1FAA1A8BA222AF1C6E ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

16:42:11.0000 0x0510  ProtectedStorage - ok

16:42:11.0015 0x0510  [ 57E14E15AC0F50D33335669A3B764F0A, DBF4950379BC3F530707BD257A8AB6BDED2D887607CEF55975904D765503D26E ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys

16:42:11.0031 0x0510  PSched - ok

16:42:11.0062 0x0510  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:42:11.0062 0x0510  Ptilink - ok

16:42:11.0125 0x0510  [ 153D02480A0A2F45785522E814C634B6, 02B7590F2F4A8FA0B031CDA7A28BD55E7C04A080C1EA810BF3AC3212A62153A6 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys

16:42:11.0125 0x0510  PxHelp20 - ok

16:42:11.0140 0x0510  ql1080 - ok

16:42:11.0171 0x0510  Ql10wnt - ok

16:42:11.0203 0x0510  ql12160 - ok

16:42:11.0218 0x0510  ql1240 - ok

16:42:11.0250 0x0510  ql1280 - ok

16:42:11.0296 0x0510  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:42:11.0296 0x0510  RasAcd - ok

16:42:11.0359 0x0510  [ 034AE40C0D63CD1BC909FE4CD0149148, 5A26563C320F94D149E3122AFC8A521CEB5FDFED82BD70A0116A492F11DDCEA1 ] RasAuto         C:\WINDOWS\System32\rasauto.dll

16:42:11.0359 0x0510  RasAuto - ok

16:42:11.0406 0x0510  [ 946AFD1D88E27F9D1FB90846E059F28D, ADD3680D3DBE7B079BE61A5897B5B4CB7F8E0D7F690E95DCD3D92B525A8E44E3 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:42:11.0406 0x0510  Rasl2tp - ok

16:42:11.0453 0x0510  [ 78FE0F702DE2C52B523E3093339E9D55, 725AF9D58E859E5A83D0FEB5CF863D6B26387963E1E8776F6C496D350B3EA6B7 ] RasMan          C:\WINDOWS\System32\rasmans.dll

16:42:11.0484 0x0510  RasMan - ok

16:42:11.0500 0x0510  [ 2A6EA23EF68A0F509B045B105EC2BC5C, DD7B18349653CDA81358F6A660E42A57F1F957DE3454C6C424AD31431F463815 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:42:11.0500 0x0510  RasPppoe - ok

16:42:11.0546 0x0510  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys

16:42:11.0546 0x0510  Raspti - ok

16:42:11.0578 0x0510  [ 9534C6AC6E389EFEC8B2794C379D97E7, 8FA443FA64C0604BC4C0672A3762AC331C2AA42B7D9D4C9ACB6F9FD501791799 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:42:11.0593 0x0510  Rdbss - ok

16:42:11.0625 0x0510  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:42:11.0625 0x0510  RDPCDD - ok

16:42:11.0671 0x0510  [ 1E9EA73D5F49F7B0CE9F0F4F3D63242B, FB20F74FB86C8273F95072D19FC643B7C6C62CCFFB6CD9BF47FD87B2034B68C3 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys

16:42:11.0703 0x0510  rdpdr - ok

16:42:11.0765 0x0510  [ 2DB7A249767412D5148F5D415B271F7D, 9216741F9A9BBC481521A6723C0C0F87445038739DE42B04F27283A9F612EB27 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys

16:42:11.0765 0x0510  RDPWD - ok

16:42:11.0796 0x0510  [ 55280866297D954F31679885ED58D077, 52B6B51F6E6EBABDC24D27C7FD21D02ADDED47C13BABC3AAE477C3F5CEF7B2AF ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe

16:42:11.0812 0x0510  RDSessMgr - ok

16:42:11.0843 0x0510  [ 805D17F1EC3626BB98B62DB45CEBE187, 2365B82EEFDE587E4C13B59EF01876CD0871746EDA3567D44715EEC2DCF250AE ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys

16:42:11.0859 0x0510  redbook - ok

16:42:11.0890 0x0510  [ 2C6425ED9ACD2B52D346F77D7E48BED3, AA201EBDBF89C158FE2A0CE74967DB532A4336B0CE37FF55B84372D1DDAB3641 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll

16:42:11.0906 0x0510  RemoteAccess - ok

16:42:11.0953 0x0510  [ 5858B07C7F91F1C7E95CF187C6AA0BCD, C17B7B7E87F03F35269F73EBDF2FF3AE85C61E9D8EF3F648571B5ADA7D5EEA16 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll

16:42:11.0968 0x0510  RemoteRegistry - ok

16:42:12.0000 0x0510  [ 3835E5B6404D27D1C05BC33B296C3905, 9F892C3AD2928596D5BB8517F23CE06DF3AA280C032C1F8A0C7DFC3CD0138A6B ] RpcLocator      C:\WINDOWS\system32\locator.exe

16:42:12.0000 0x0510  RpcLocator - ok

16:42:12.0062 0x0510  [ BC44C99C09151D8BD36491BC1321F510, 91BFDBC43F4AF9524588A593DAA44124EBD73B996BC47CD690DFD871223C4BB2 ] RpcSs           C:\WINDOWS\system32\rpcss.dll

16:42:12.0093 0x0510  RpcSs - ok

16:42:12.0140 0x0510  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe

16:42:12.0156 0x0510  RSVP - ok

16:42:12.0234 0x0510  [ 0C963B81C842B49CC87123F165224E5A, 1E78A025649447FE6D153770D4A35C392A47545F3101C016436616F63F95B274 ] S3GIGP          C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys

16:42:12.0281 0x0510  S3GIGP - ok

16:42:12.0312 0x0510  [ 543B4545600F5B26150FF3F639AA670A, 55E78D1BAB10FDA3E72BA06847F8DDE852281757D204ED1FAA1A8BA222AF1C6E ] SamSs           C:\WINDOWS\system32\lsass.exe

16:42:12.0328 0x0510  SamSs - ok

16:42:12.0390 0x0510  [ 93C707F59D097DB907998174158C8530, 41E06363CCCFF9D67F16D6C216A185A16A52C2E2B1F98515D42E323E144AA211 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe

16:42:12.0390 0x0510  SCardSvr - ok

16:42:12.0453 0x0510  [ 62DEBEDA7434D4F6D3DFCDE4F3AF7761, 4DBF5EB0837F04BF9BE5E6C9E572CF0E5707950EB92EC6A2DB677BF4D002CDF9 ] Schedule        C:\WINDOWS\system32\schedsvc.dll

16:42:12.0468 0x0510  Schedule - ok

16:42:12.0500 0x0510  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:42:12.0500 0x0510  Secdrv - ok

16:42:12.0546 0x0510  [ C6F49F6F4F1CDCAA25D1BF545EAE838F, 91A48C57179785FFD87E2A93A75F5826F7238B4211C6F43062CC7A90F29F75C7 ] seclogon        C:\WINDOWS\System32\seclogon.dll

16:42:12.0562 0x0510  seclogon - ok

16:42:12.0578 0x0510  [ F2DA97B960DA71CFFF49C966AB74D2FC, A1587FA94D6C05D5B091B7B8B9F96F3F3DEE3EA58FC4C8FB0C828A70836099D6 ] SENS            C:\WINDOWS\system32\sens.dll

16:42:12.0593 0x0510  SENS - ok

16:42:12.0625 0x0510  [ CF82322FA0B7A1E2F910EACC9D002B39, E750C577A296BA0C4A52F81FD5A5A1435696DFF0AF658656B082FC147697A4E3 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys

16:42:12.0625 0x0510  Serial - ok

16:42:12.0671 0x0510  [ 439CEC05C6F6E68FEB95F5B4FC01E9F3, 83F9EF7242CB0F34E4114572D3C4CD68D0E287C4C8B77C6FB39917179B56D817 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys

16:42:12.0671 0x0510  Sfloppy - ok

16:42:12.0718 0x0510  [ 91A696F08DAEB53F77EE725B304F3246, FA6AE4CE5437EAD3BF573C462DD0418A78BFAB0F29CB986B16D067D384522BC8 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll

16:42:12.0750 0x0510  SharedAccess - ok

16:42:12.0781 0x0510  [ EF95C4371DEB4900AA00B0E108261051, FAD2CAF55738DC42B12EAF407AF1433167E45B316B689FE8CDE3FB7BB7EB1227 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

16:42:12.0796 0x0510  ShellHWDetection - ok

16:42:12.0812 0x0510  Simbad - ok

16:42:12.0890 0x0510  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe

16:42:12.0906 0x0510  SkypeUpdate - ok

16:42:12.0937 0x0510  [ 09A392D93A595C6A07CEE9B7CF683F64, 8BF0B96A1EC68693655618931DFF9D831D4AA1650F6C736D2F9AA3BE4CB33BDA ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys

16:42:12.0937 0x0510  SLIP - ok

16:42:12.0968 0x0510  Sparrow - ok

16:42:13.0015 0x0510  [ AD4C32A5E4802F9596BC87598BEC5EFA, B9537688EF04EA0C03EA2746BF344AF908EF414126DC4223F4F455A7DC51CA2F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys

16:42:13.0015 0x0510  splitter - ok

16:42:13.0062 0x0510  [ 0CB3202B6A2F4AFC735001DC43567C4D, A824891DAD92A7794E376F3B4D5959DC991E755DEDEBED9D0AC3887900D9B78A ] Spooler         C:\WINDOWS\system32\spoolsv.exe

16:42:13.0078 0x0510  Spooler - ok

16:42:13.0125 0x0510  [ E8AEBF1E13D550BED140C1C6015E71B4, B35BD9ECEDB445E88EB32BE917709F0765AF37858A30E6B5FCBEB723DC51A678 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys

16:42:13.0140 0x0510  sr - ok

16:42:13.0171 0x0510  [ AB54E2DFF17D58350F88606FA85A02AF, A9C4BA71659704C980D8CFC33EDBC8F8796F47769CAD1943A811DE4F1E3AA8EB ] srservice       C:\WINDOWS\system32\srsvc.dll

16:42:13.0187 0x0510  srservice - ok

16:42:13.0234 0x0510  [ 009B7FCA245A3D4BD912EDDE4084F701, 4772CF2CFB2CD172BB511A459E9AC7D6755D313BC4F730D85B26E82CF7FB25CF ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys

16:42:13.0265 0x0510  Srv - ok

16:42:13.0312 0x0510  [ 7B50C000ED67FF2F446123753D5413FF, 7F24F9966FF2F031FE3F8F66D74D478AAE1B9CAC3350A2226E0B128BF164E4C4 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll

16:42:13.0328 0x0510  SSDPSRV - ok

16:42:13.0390 0x0510  [ E736B227E428BE3FB9A1F8755E320B4B, DF1D876B9CB0CB845AAFEF3C7DDC7E4DF948D68B4ECBAB108AF17EECC290768C ] stisvc          C:\WINDOWS\system32\wiaservc.dll

16:42:13.0421 0x0510  stisvc - ok

16:42:13.0453 0x0510  [ FF058F23412E411B1F30FE3F4464BDFE, 2681585A9F7656C117B586610C93C1C1B4AA5BEF790067049E1527CDCFEF464E ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys

16:42:13.0453 0x0510  streamip - ok

16:42:13.0500 0x0510  [ 492F74DB817FF4BCB582ADE7495E9B7B, AFABFDB25AE044891B3E1707E19D0D0D5AD1A164DB4D0BBDEB1F03222E274F8F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys

16:42:13.0500 0x0510  swenum - ok

16:42:13.0531 0x0510  [ 6FB4B1734F613D614CC0F6A28D7FD2E5, F246D160E656A2BCCDE6665CD7FBE8F42F61063E3B4860BFEFE72135BF1C8931 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys

16:42:13.0531 0x0510  swmidi - ok

16:42:13.0546 0x0510  SwPrv - ok

16:42:13.0578 0x0510  symc810 - ok

16:42:13.0609 0x0510  symc8xx - ok

16:42:13.0640 0x0510  sym_hi - ok

16:42:13.0671 0x0510  sym_u3 - ok

16:42:13.0703 0x0510  [ B29CA8E11142186468C62A2DD30E2E84, F3B02CF3482EE3B29EED72D5C8DEAC5170D91EDB9746630C7308184C990555A3 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys

16:42:13.0703 0x0510  sysaudio - ok

16:42:13.0750 0x0510  [ C4C34141A39385F64FC423C7C8B245DF, 17D6335961E8FBA493FF36A7F889683941CCE1D92A64EB02EF10BF39D8BA338E ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe

16:42:13.0765 0x0510  SysmonLog - ok

16:42:13.0812 0x0510  [ 147B9CCE0B523D4DAFD91A60C2CE2B25, 7B87C4550137A30D11F4E0F7B12BCBB62BDE06BB65EFE6E4E6C2CDB9EE7B9314 ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys

16:42:13.0812 0x0510  tap0901 - ok

16:42:13.0875 0x0510  [ 8A3AE8286C14965EA84529555A479C35, 690AEBC17631600F5C91586583F7E6EDD8533B5410CB3CD27879D8D21108D5CB ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll

16:42:13.0906 0x0510  TapiSrv - ok

16:42:13.0968 0x0510  [ 93BDCF501D8EA258BDD6F00893A3D315, 7C1D9B8506093E404CE908FEBB52E73B813544290F916A9C9E6B1C5A7B1B6235 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:42:14.0000 0x0510  Tcpip - ok

16:42:14.0031 0x0510  [ 7A15C6872B75F0DB426C97429200292E, FA989CD5E8FAF5E9A349CE55D4716D5D37FD5E2DB857C3A9FC7B964D005D5B40 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys

16:42:14.0031 0x0510  TDPIPE - ok

16:42:14.0062 0x0510  [ CD471C6AD7B3B85695BE281BAF71C27E, 8962CD0EFC3AB5F8735D2B33303017F040997B991E712B71ACED1426041F4AFB ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys

16:42:14.0062 0x0510  TDTCP - ok

16:42:14.0109 0x0510  [ 3D648F177F9637A33070F918CA17D191, 8DC67458BC39B3B2991F140F3C10333D67DA4CB981D996582BC0F46B87810546 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys

16:42:14.0109 0x0510  TermDD - ok

16:42:14.0156 0x0510  [ CCB30FBA0F11056E199F360B351E5349, 7A407A04347F93F76DEA6F33CD5B47E78E37CDA9B34FD45E193FF617BBC85D83 ] TermService     C:\WINDOWS\System32\termsrv.dll

16:42:14.0187 0x0510  TermService - ok

16:42:14.0234 0x0510  [ EF95C4371DEB4900AA00B0E108261051, FAD2CAF55738DC42B12EAF407AF1433167E45B316B689FE8CDE3FB7BB7EB1227 ] Themes          C:\WINDOWS\System32\shsvcs.dll

16:42:14.0250 0x0510  Themes - ok

16:42:14.0296 0x0510  [ D4E29BD6FF231A2FB8201D0DF0E89F18, 562D6FD7CFEF9123AB346FA6BC339EA4CD9876D91D64E8C1C360B1FF486D7DE9 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe

16:42:14.0312 0x0510  TlntSvr - ok

16:42:14.0328 0x0510  TosIde - ok

16:42:14.0375 0x0510  [ A9218E2CBDCC33CDC0ED0AD14E8863FA, 8B6A408CC129E6EB693B2256423162BB0AB2170FBEF2F06B1DE5D6119D93507D ] TrkWks          C:\WINDOWS\system32\trkwks.dll

16:42:14.0390 0x0510  TrkWks - ok

16:42:14.0421 0x0510  [ 387A6F5F6A77A9FF310F0D1F952B694D, 592E52DDDE101DE46A9DD50D48A3775922E73EEA17A15823F50F48827B91A89E ] uagp35          C:\WINDOWS\system32\DRIVERS\uagp35.sys

16:42:14.0437 0x0510  uagp35 - ok

16:42:14.0468 0x0510  [ 0149BA616F4F84EEA280EBBBE2727379, 90806A5381070E2C0722DA36B221CAEB3D4B9B6B9E72102B2C10C804DDD7D602 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys

16:42:14.0484 0x0510  Udfs - ok

16:42:14.0500 0x0510  UIUSys - ok

16:42:14.0531 0x0510  ultra - ok

16:42:14.0593 0x0510  [ AB0A7CA90D9E3D6A193905DC1715DED0, CA764A2B92E727E3398134CD50D5622B4EC387436A3644063DA1D114CE63BD64 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe

16:42:14.0609 0x0510  UMWdf - ok

16:42:14.0671 0x0510  [ 79C83AE5F8AF3517C6CF8E5743321C21, B87CC70526C0C11AB48D17F20F5D2D8F3D162926BF5EC43D788495EC983E6BD5 ] Unchecky        C:\Program Files\Unchecky\bin\unchecky_svc.exe

16:42:14.0671 0x0510  Unchecky - ok

16:42:14.0734 0x0510  [ CE14ABC02A88B8C9D08726F21A1E3E7A, DE97CB31F3A9263E31A7E2968B8C17289049B0F481C3A1E20DFD6EEA5D431018 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys

16:42:14.0765 0x0510  Update - ok

16:42:14.0812 0x0510  [ 18097058DDFA698E6A7AEC1D965B61B0, 8CEE59CBADF63564C6CABEC14E4AAE5D9B5142810ACD3EADAF110DAA22BE5D06 ] upnphost        C:\WINDOWS\System32\upnphost.dll

16:42:14.0828 0x0510  upnphost - ok

16:42:14.0875 0x0510  [ 2EF7EF0B1D49139B2FE2F6D2F4504810, B097C4390F42D2AD78FEF609CB88EF58ED9D224D67276F3F3E5798B649385291 ] UPS             C:\WINDOWS\System32\ups.exe

16:42:14.0875 0x0510  UPS - ok

16:42:14.0937 0x0510  [ 5A2BD4E29ABEE55B83F45F40D8EC5E21, A1C4E48C105989B8D01A072A5F702FDF5FF32530CD50AAACEFFF014530F4B93F ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys

16:42:14.0937 0x0510  usbaudio - ok

16:42:14.0984 0x0510  [ A1A80DFEF1B7C1F86A2170AE0E9376F6, F6A91300BA3D9F37A4D46B6936B44FD7ECC95F3B6E42EE7E05F7059C2CE45FC4 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:42:14.0984 0x0510  usbccgp - ok

16:42:15.0031 0x0510  [ A272F17643AAE348F7E296EBDCDBD48D, 9787F7BD3C9F7CA2927E4D4428CE1E73E791EE5A160D849FB1BEFD6A1E108CDB ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:42:15.0031 0x0510  usbehci - ok

16:42:15.0062 0x0510  [ AB16F57DF6ADCEB94CA74AE33800CCE4, 4CB52D80D1E6A067E71D94DB15F3B509F8EC2C4371B4FACDA3970BD3926E0AC3 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:42:15.0062 0x0510  usbhub - ok

16:42:15.0125 0x0510  [ BF4ACC6FA22EC157EF27F414860A358D, 3390FE28F6CFAA691294198403C490872591CBABE5624C9CA7DC5C3698EE6699 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys

16:42:15.0125 0x0510  usbprint - ok

16:42:15.0156 0x0510  [ 3A2FDD0341D3DAE241B6A182D1D85649, C7CA1D0D447644803A3D1B5F60280BE96F9452DCF5F25AA62D9682CA29D2AF8E ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys

16:42:15.0171 0x0510  usbscan - ok

16:42:15.0218 0x0510  [ 27E3998C0FF792BE5AD48E5CDC53CF86, E9647507774DD7BC7BB887F943DD461EFFC1971A2BA3B71A40D36165DE0191A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:42:15.0234 0x0510  USBSTOR - ok

16:42:15.0265 0x0510  [ 79F2E86C56453942B951A979CFE1C619, 19EB2EF34E6AE8C61B2B887E1BF11239CF1AEB147E39BD15A834D4368F0B1BF8 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:42:15.0281 0x0510  usbuhci - ok

16:42:15.0328 0x0510  [ 68E63607E53183EA125D36EDED218D4E, B4D5AD545A994C6A12BA32BDF392AC1C18A8F5E86198B19E790776F3862A94A6 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys

16:42:15.0343 0x0510  usbvideo - ok

16:42:15.0375 0x0510  [ E3894343F9C7A6A5B5A4051BB2A51DFF, CC1CA103A26BB91F4BAE6B00B9CEBC632E5F962CACE0C1913DB486ECB48FB4CE ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys

16:42:15.0375 0x0510  VgaSave - ok

16:42:15.0421 0x0510  [ 0B3D017E6BAF3406BB72623832ACC131, E17A67F69A7D8A60DE6FD115892BB358E218A0DF20F1E377FC6A5E7910AFE5F3 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys

16:42:15.0421 0x0510  ViaIde - ok

16:42:15.0453 0x0510  [ 734738D29213DE1EE15FDB7BBD134FE7, F17C88DF382E0F356B6BCDDF8F850772BD345A4FAEFACAD7617C842E4F7CAC80 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys

16:42:15.0468 0x0510  VolSnap - ok

16:42:15.0531 0x0510  [ AA8FCFE8AD758F1EB4E91C35CA567120, 368887EFADF962ABB540DE4331EC128CC03F232842963629BA7979F54642DDCE ] VSS             C:\WINDOWS\System32\vssvc.exe

16:42:15.0578 0x0510  VSS - ok

16:42:15.0640 0x0510  [ 747089D0836DE2965363E0D017AFC07E, 726555FB9274173AFFEF4E5922DD0DE3B205C0B300E61055811FDBD3BCC74188 ] W32Time         C:\WINDOWS\system32\w32time.dll

16:42:15.0656 0x0510  W32Time - ok

16:42:15.0734 0x0510  [ B1C554EE64AE2D6515B0893E047C90D6, 8CDF130380F8C16B9B7BFFCBE79B63F30611A5B7842E2652C70D6405E5AB7E9B ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:42:15.0734 0x0510  Wanarp - ok

16:42:15.0765 0x0510  [ 75D3351D337DED3BE940C6F2FDFC13C2, 75300F3005D77B92C6AD8998005FC111CF8C8D49631B3690DF013EA8D5A21034 ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

16:42:15.0765 0x0510  wceusbsh - ok

16:42:15.0781 0x0510  WDICA - ok

16:42:15.0828 0x0510  [ 9B8065C28267B639776BBAB90BF6C841, 80B59DFF90EAEBAD65D996F86EFA6C8852839775F21FCF0845FD67F19729A81A ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys

16:42:15.0828 0x0510  wdmaud - ok

16:42:15.0859 0x0510  [ 1E5809BB10C4935910470E0C7B727524, F2293E6F0B78669337CF5AEAF89CBF6F2B74BB62D1D4351B94527DD22F268671 ] WebClient       C:\WINDOWS\System32\webclnt.dll

16:42:15.0875 0x0510  WebClient - ok

16:42:15.0953 0x0510  [ 86723EA860346FBE5490835344CAD939, 0ECC106E6DB616AB7ECD1C5E513BF2CC29B224E2860B1485E3D8AB3B45E55138 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

16:42:16.0000 0x0510  winachsf - ok

16:42:16.0093 0x0510  [ FCC16FD46AFDD9996C61236C50D4DD21, 92A0D97C6D9DB86DA4AB4E125D509A0F32D9C89BCA0BC8ED4DFEB8CD5A1F836F ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll

16:42:16.0109 0x0510  winmgmt - ok

16:42:16.0187 0x0510  [ 140EF97B64F560FD78643CAE2CDAD838, 1DEA8005220A3EFEC6E32A7DE4386026CCC1E5328E2FDCB82B1FB335905D1962 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll

16:42:16.0203 0x0510  WmdmPmSN - ok

16:42:16.0265 0x0510  [ 9FA49F8A0FF5A94208017EE04C86DDED, BF6F7C13D8C1ECD4269AE9320628AEBC52D75B8C0A4A2FDF8EB598117F7F11E9 ] Wmi             C:\WINDOWS\System32\advapi32.dll

16:42:16.0328 0x0510  Wmi - ok

16:42:16.0375 0x0510  [ 40844F8DDE70E0955F5660A669F33D0C, 07D3E8F8175E26192F495D712800E74FC7C834A1F4DD165FD2E47DF30CF75757 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe

16:42:16.0390 0x0510  WmiApSrv - ok

16:42:16.0437 0x0510  [ B7FE5CDA268792D2ABAAB56946AFE3BE, D6F6090A3883DEC9487D70080191CB3BC8B1190C862E131C298966CBA5C76D17 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll

16:42:16.0453 0x0510  wscsvc - ok

16:42:16.0500 0x0510  [ 400E972FBA7046EC04E8A037B5F7FE86, 3A34F74445923BFE99B5CA5FC380669D15AE82F5681A61C7A63CF6690ED7C8D1 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

16:42:16.0500 0x0510  WSTCODEC - ok

16:42:16.0546 0x0510  [ B64E5C23F7939ED28F040B1AB269D8AB, AD487EC1BD06338F42FE9897038995DC7E85D829F1D607EC4DF699863BBB3B75 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll

16:42:16.0562 0x0510  wuauserv - ok

16:42:16.0625 0x0510  [ 78502B4F25C91A61E3ACFB2F33B6B7A1, AE15BECBD7014C8B8D6A25BBAF57C7B1A434B951DF870DEF025230979E097E05 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll

16:42:16.0671 0x0510  WZCSVC - ok

16:42:16.0718 0x0510  [ F077E30465B99436FF68E5B6ECE0728E, 18F7F366DA1E6A55BEB6EC4DFA9E83682A7C17F7AAA4F4877680ABCB4E362207 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll

16:42:16.0734 0x0510  xmlprov - ok

16:42:16.0796 0x0510  ================ Scan global ===============================

16:42:16.0828 0x0510  [ 06842E76E4AED48BC3E6ABAA5633E78A, 7F471F3C66DE36DE5485BAA6C0C8574C4E2E272EAD3AD30FB503F3AEDF16882A ] C:\WINDOWS\system32\basesrv.dll

16:42:16.0890 0x0510  [ 88FC0FEC554995284DF1F68226013FF2, 4560D4D6866C169AE9C90F089A720DA30CD581B747C8116FCC68DE929FDB88F8 ] C:\WINDOWS\system32\winsrv.dll

16:42:16.0937 0x0510  [ 88FC0FEC554995284DF1F68226013FF2, 4560D4D6866C169AE9C90F089A720DA30CD581B747C8116FCC68DE929FDB88F8 ] C:\WINDOWS\system32\winsrv.dll

16:42:16.0984 0x0510  [ 5C031F7E17E3CA7760CA2D7CFFF973D2, 6D3D73470F77FF15167E3D23BCD176BF4A5BE933BB9B1B8CD1685B88C1A6A0B0 ] C:\WINDOWS\system32\services.exe

16:42:17.0000 0x0510  [ Global ] - ok

16:42:17.0000 0x0510  ================ Scan MBR ==================================

16:42:17.0015 0x0510  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

16:42:17.0171 0x0510  \Device\Harddisk0\DR0 - ok

16:42:17.0171 0x0510  ================ Scan VBR ==================================

16:42:17.0187 0x0510  [ 783B81D37DF52A2C8076C991BC448F37 ] \Device\Harddisk0\DR0\Partition1

16:42:17.0187 0x0510  \Device\Harddisk0\DR0\Partition1 - ok

16:42:17.0203 0x0510  [ D80FD18174465518390B3B3BC12FF1EE ] \Device\Harddisk0\DR0\Partition2

16:42:17.0218 0x0510  \Device\Harddisk0\DR0\Partition2 - ok

16:42:17.0218 0x0510  Waiting for KSN requests completion. In queue: 178

16:42:18.0218 0x0510  Waiting for KSN requests completion. In queue: 178

16:42:19.0218 0x0510  Waiting for KSN requests completion. In queue: 178

16:42:20.0343 0x0510  AV detected via SS1: avast! Antivirus, 5.0.150996960, enabled, updated

16:42:20.0359 0x0510  Win FW state via NFM: enabled

16:42:22.0734 0x0510  ============================================================

16:42:22.0734 0x0510  Scan finished

16:42:22.0734 0x0510  ============================================================

16:42:22.0781 0x0858  Detected object count: 0

16:42:22.0781 0x0858  Actual detected object count: 0
Link to post
Share on other sites

Farbar Recovery Scan Tool (x86) Version: 14-04-2014

Ran by Nedjo Baslac at 2014-04-15 17:46:48

Running from C:\Documents and Settings\Nedjo Baslac\My Documents

Boot Mode: Normal

 

================== Search: "rpcss.dll" ===================

 

C:\WINDOWS\system32\rpcss.dll

[2008-03-07 11:46] - [2008-03-07 11:46] - 0399360 ____A (Microsoft Corporation) bc44c99c09151d8bd36491bc1321f510 

 

C:\WINDOWS\system32\dllcache\rpcss.dll

[2008-03-07 11:46] - [2008-03-07 11:46] - 0399360 ___AC (Microsoft Corporation) bc44c99c09151d8bd36491bc1321f510 

 

=== End Of Search ===

Link to post
Share on other sites

The processes you mentioned are legit.

 

Let´s take out some remainings:

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

Zip Extractor Packages
KMP Media Toolbar


Close the window.

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-04-2014

Ran by Nedjo Baslac at 2014-04-16 13:35:42 Run:1

Running from C:\Documents and Settings\Nedjo Baslac\My Documents

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

2004-08-04 20:00 - 2014-04-15 16:30 - 00001887 ____A C:\WINDOWS\system32\Drivers\etc\hosts

Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\NEDJOB~1\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

 

C:\DOCUME~1\NEDJOB~1\APPLIC~1\DIGITA~1

 

Zip Extractor Packages

*****************

 

C:\WINDOWS\system32\Drivers\etc\hosts => Moved successfully.

C:\WINDOWS\Tasks\At1.job => Moved successfully.

"C:\DOCUME~1\NEDJOB~1\APPLIC~1\DIGITA~1" => File/Directory not found.

 

==== End of Fixlog ====

Link to post
Share on other sites

Sometimes the information provided by windows are wrong.

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

[*]Click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

OK. It's late where I live so I will do them at 8:00 to my clock. I don't know the Germab clocks but I saw you respond somewhere around 9:00 at my clock. Also is costom scan when I tick all the options like a full scan or the same? And what are we gonna do about KMPToolbar? Thanks for all of your support, I would donate if I could so!

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 4/17/2014

Scan Time: 06:50:08

Logfile: 

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.04.17.01

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: Nedjo Baslac

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 219680

Time Elapsed: 18 min, 46 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Just a note that I will uninstall Avast! and install bit defender Free. Don't get me wrong, Avast! Is great, it's better than AVG Internet Security(It was legit, not cracked or pirated) which let the viruses in the system. I just want to try bitdefender sense I heard ALOT of good things about it and from what I saw it is very good at removing trojans and blocking sites. However I will not uninstall Avast! until I hear what you will say. Also are those bogus host files clean now?

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

# AdwCleaner v3.023 - Report created 17/04/2014 at 15:20:59

# Updated 01/04/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Nedjo Baslac - HOME-AMILO

# Running from : C:\Documents and Settings\Nedjo Baslac\My Documents\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Mozilla Firefox v

 

[ File : C:\Documents and Settings\Nedjo Baslac\Application Data\Mozilla\Firefox\Profiles\hfq8c0et.default\prefs.js ]

 

 

-\\ Google Chrome v34.0.1847.116

 

[ File : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [9119 octets] - [05/04/2014 10:03:27]

AdwCleaner[R1].txt - [1241 octets] - [05/04/2014 10:15:39]

AdwCleaner[R2].txt - [1101 octets] - [17/04/2014 15:20:59]

AdwCleaner[s0].txt - [9122 octets] - [05/04/2014 10:05:14]

AdwCleaner[s1].txt - [1302 octets] - [05/04/2014 10:17:38]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1281 octets] ##########
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.