Serb25 Posted April 15, 2014 ID:818540 Share Posted April 15, 2014 *NOTE Sorry if this is in the wrong thread!*My mum's laptop wass infected with something so her homepage on IE was a scam Bing 'Giveaway' and Chrome had pop-ups, I scanned with MBAM, found over 100 viruses, most of them being PUP Crossrider, babylon plus hd and Start Page. Hitman Pro found some leftovers, Ask.com toolbar, Couduit, SpeedUpMyPC and baby lon. AdwCleaner and junkware removal tool got rid of the rests, ESET online scanner found 2 trojans, 4 worms, 2 baby lon, 2 PUPs and 2 unsafe applications, TDSS killer found 1 virus. Emsisoft Emergecy Kit found 1 PUP and backdoor. Now, this got deleted and I don't get those stuff and the laptop is faster, but I still see 3 shady processes. Wuauclt.exe(Windows update is not even active!), wdfmgr.exe and wscntfy.exe. Is the laptop still infected? Link to post Share on other sites More sharing options...
Psychotic Posted April 15, 2014 ID:818547 Share Posted April 15, 2014 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware. Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties) Run FRST. Don´t change one of the checkboxes and hit Scan. Logfiles are created on your desktop. Poste the FRST.txt and (after the first scan only!) the Addition.txt. Scan with TDSS-KillerPlease read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.zip and extract to your desktopExecute TDSSKiller.exe by doubleclicking on it. Press Start Scan If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log. Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txtPlease attach this file to your next reply. Link to post Share on other sites More sharing options...
Serb25 Posted April 15, 2014 Author ID:818571 Share Posted April 15, 2014 I will but I have some work to do so I will attach them as soon as I can Link to post Share on other sites More sharing options...
Psychotic Posted April 15, 2014 ID:818572 Share Posted April 15, 2014 ok Link to post Share on other sites More sharing options...
Serb25 Posted April 15, 2014 Author ID:818596 Share Posted April 15, 2014 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2014Ran by Nedjo Baslac (administrator) on HOME-AMILO on 15-04-2014 16:33:12Running from C:\Documents and Settings\Nedjo Baslac\My DocumentsMicrosoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE(Lexmark International, Inc.) C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Lexmark International, Inc.) C:\Program Files\Lexmark X5100 Series\lxbabmon.exe(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] => [X]HKLM\...\Run: [Lexmark X5100 Series] => C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe [86100 2003-03-04] (Lexmark International, Inc.)HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-05] (AVAST Software)HKU\S-1-5-21-1801674531-507921405-1547161642-1003\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [15360 2008-03-07] (Microsoft Corporation)HKU\S-1-5-21-1801674531-507921405-1547161642-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-03-07] (Microsoft Corporation)HKU\S-1-5-21-1801674531-507921405-1547161642-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)HKU\S-1-5-21-1801674531-507921405-1547161642-1003\...\MountPoints2: {8ab2e37e-185e-11e3-8615-00140b30d04c} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exeStartup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnkShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.rs/HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM - DefaultScope value is missing.BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox:========FF ProfilePath: C:\Documents and Settings\Nedjo Baslac\Application Data\Mozilla\Firefox\Profiles\hfq8c0et.defaultFF DefaultSearchEngine: Ask SearchFF SearchEngineOrder.1: Ask SearchFF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Ask SearchFF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Extension: KMP Media Toolbar - C:\Documents and Settings\Nedjo Baslac\Application Data\Mozilla\Firefox\Profiles\hfq8c0et.default\Extensions\toolbar_KMPV7@apn.ask.com.xpi [2013-10-09]FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-05] Chrome: =======CHR Extension: (Google документи) - C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]CHR Extension: (avast! Online Security) - C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-05]CHR Extension: (Google новчаник) - C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-05] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-05] (AVAST Software)R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-02-28] (Lexmark International, Inc.)R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [107624 2014-04-14] (RaMMicHaeL)S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X] ==================== Drivers (Whitelisted) ==================== R3 AR5211; C:\WINDOWS\System32\DRIVERS\ar5211.sys [488992 2006-03-23] (Atheros Communications, Inc.)R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-04-05] (AVAST Software)R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-04-05] (AVAST Software)R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-04-05] ()R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-04-05] (AVAST Software)R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-04-05] (AVAST Software)R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-04-05] (AVAST Software)R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180760 2014-04-05] ()R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-01] (AVG Technologies)S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-03-06] (Microsoft Corporation)S3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2014-04-05] (Emsisoft GmbH)R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )R3 HdAudAddService; C:\WINDOWS\System32\drivers\CHDAud.sys [594432 2006-08-24] (Conexant Systems Inc.)R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [206976 2006-03-09] (Conexant Systems, Inc.)R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [995712 2006-03-09] (Conexant Systems, Inc.)S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-03-06] (Microsoft Corporation)R3 S3GIGP; C:\WINDOWS\System32\DRIVERS\S3gIGPm.sys [634880 2006-11-15] (S3 Graphics Co., Ltd.)S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35088 2013-04-30] (The OpenVPN Project)S1 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2008-03-06] (Microsoft Corporation)S4 IntelIde; No ImagePathS3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-15 16:33 - 2014-04-15 16:33 - 00009582 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\FRST.txt2014-04-15 16:32 - 2014-04-15 16:33 - 00000000 ____D () C:\FRST2014-04-15 16:31 - 2014-04-15 16:32 - 01042944 _____ (Farbar) C:\Documents and Settings\Nedjo Baslac\My Documents\FRST.exe2014-04-14 20:41 - 2014-04-14 20:41 - 135748352 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\setup_11.0.1.1245.x01_2014_04_14_20_12.exe2014-04-14 18:41 - 2014-04-14 18:52 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\NPE2014-04-14 18:41 - 2014-04-14 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton2014-04-14 18:40 - 2014-04-14 18:40 - 03053496 ____N (Symantec Corporation) C:\Documents and Settings\Nedjo Baslac\My Documents\NPE.exe2014-04-14 16:12 - 2014-04-14 16:12 - 00000596 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\JRT.txt2014-04-14 15:48 - 2014-04-14 15:48 - 01016261 _____ (Thisisu) C:\Documents and Settings\Nedjo Baslac\My Documents\JRT.exe2014-04-14 15:48 - 2014-04-14 15:48 - 00000000 ____D () C:\WINDOWS\ERUNT2014-04-14 14:28 - 2014-04-14 15:41 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor Web.evt2014-04-14 14:28 - 2014-04-14 15:39 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Doctor Web2014-04-14 14:16 - 2014-04-14 14:25 - 146408624 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\h6z39t6y.exe2014-04-14 14:02 - 2014-04-14 14:02 - 00000000 ____D () C:\TDSSKiller_Quarantine2014-04-14 14:00 - 2014-04-14 14:00 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Nedjo Baslac\My Documents\tdsskiller.exe2014-04-12 13:35 - 2014-04-12 13:35 - 00000000 _RSHD () C:\Win2014-04-12 08:44 - 2014-04-12 08:44 - 00001688 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\Skype.lnk2014-04-09 15:38 - 2014-04-09 15:38 - 00000000 ____D () C:\Program Files\ESET2014-04-08 14:02 - 2014-04-08 14:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2014-04-08 14:00 - 2014-04-08 14:32 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Desktop\mbar2014-04-05 19:37 - 2014-04-05 19:37 - 00000815 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\Launch Internet Explorer Browser.lnk2014-04-05 19:33 - 2014-04-11 13:38 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2014-04-05 19:33 - 2014-04-05 19:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome2014-04-05 19:31 - 2014-04-15 16:29 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-04-05 19:31 - 2014-04-15 13:36 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-04-05 19:31 - 2014-04-05 19:31 - 00884680 _____ (Google Inc.) C:\Documents and Settings\Nedjo Baslac\My Documents\ChromeSetup.exe2014-04-05 19:17 - 2014-04-05 19:17 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk2014-04-05 19:17 - 2014-04-05 19:17 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Application Data\AVAST Software2014-04-05 19:17 - 2014-04-05 19:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast2014-04-05 19:16 - 2014-04-15 16:30 - 00000376 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job2014-04-05 19:16 - 2014-04-05 19:16 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys2014-04-05 19:16 - 2014-04-05 19:16 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys2014-04-05 19:16 - 2014-04-05 19:16 - 00180760 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys2014-04-05 19:16 - 2014-04-05 19:16 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys2014-04-05 19:16 - 2014-04-05 19:16 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys2014-04-05 19:16 - 2014-04-05 19:16 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys2014-04-05 19:16 - 2014-04-05 19:16 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys2014-04-05 19:16 - 2014-04-05 19:16 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr2014-04-05 19:12 - 2014-04-05 19:14 - 88551496 _____ (AVAST Software) C:\Documents and Settings\Nedjo Baslac\My Documents\avast_free_antivirus_setup.exe2014-04-05 15:57 - 2014-04-05 15:57 - 00002388 _____ () C:\EamClean.log2014-04-05 14:43 - 2014-04-05 14:43 - 00000462 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\Emsisoft Emergency Kit.lnk2014-04-05 14:42 - 2014-04-05 14:43 - 00000000 ____D () C:\EEK2014-04-05 14:34 - 2014-04-05 14:41 - 225609112 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\EmsisoftEmergencyKit.exe2014-04-05 11:34 - 2014-04-05 11:34 - 18568328 _____ (SUPERAntiSpyware) C:\Documents and Settings\Nedjo Baslac\My Documents\SUPERAntiSpyware.exe2014-04-05 11:25 - 2014-04-05 11:25 - 00154888 _____ (SurfRight B.V.) C:\WINDOWS\system32\LnkProtect.dll2014-04-05 10:27 - 2014-04-08 14:20 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-04-05 10:27 - 2014-04-08 14:20 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-04-05 10:27 - 2014-04-05 10:27 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2014-04-05 10:27 - 2014-04-05 10:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-04-05 10:27 - 2014-04-05 10:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware2014-04-05 10:25 - 2014-04-05 10:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Nedjo Baslac\My Documents\mbam-setup-2.0.1.1004.exe2014-04-05 10:13 - 2014-04-05 10:13 - 00000706 _____ () C:\Documents and Settings\All Users\Desktop\Unchecky.lnk2014-04-05 10:13 - 2014-04-05 10:13 - 00000000 ____D () C:\Program Files\Unchecky2014-04-05 10:13 - 2014-04-05 10:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Unchecky2014-04-05 10:12 - 2014-04-05 10:13 - 00690424 _____ (RaMMicHaeL) C:\Documents and Settings\Nedjo Baslac\My Documents\unchecky_setup.exe2014-04-05 10:03 - 2014-04-05 10:18 - 00000000 ____D () C:\AdwCleaner2014-04-05 10:02 - 2014-04-05 10:02 - 01426178 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\AdwCleaner.exe2014-04-04 19:07 - 2014-04-05 19:08 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt2014-04-04 18:51 - 2014-04-04 19:03 - 230532272 _____ (COMODO) C:\Documents and Settings\Nedjo Baslac\My Documents\cispremium_installer_5764_af.exe2014-04-04 16:19 - 2014-04-04 16:19 - 00000669 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk2014-04-04 16:19 - 2014-04-04 16:19 - 00000669 _____ () C:\Documents and Settings\All Users\Desktop\Opera.lnk2014-04-04 16:19 - 2014-04-04 16:19 - 00000000 ____D () C:\Program Files\Opera2014-04-04 16:19 - 2014-04-04 16:19 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\Opera Software2014-04-04 16:19 - 2014-04-04 16:19 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Application Data\Opera Software2014-04-04 12:24 - 2014-04-04 12:24 - 00027912 _____ () C:\WINDOWS\system32\.crusader2014-04-04 12:16 - 2014-04-04 12:16 - 00001610 _____ () C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk2014-04-04 12:16 - 2014-04-04 12:16 - 00000000 ____D () C:\Program Files\HitmanPro2014-04-04 12:16 - 2014-04-04 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro2014-04-04 12:15 - 2014-04-04 12:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro2014-04-04 12:13 - 2014-04-04 12:13 - 00000000 ____D () C:\Program Files\Reason ==================== One Month Modified Files and Folders ======= 2014-04-15 16:33 - 2014-04-15 16:33 - 00009582 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\FRST.txt2014-04-15 16:33 - 2014-04-15 16:32 - 00000000 ____D () C:\FRST2014-04-15 16:32 - 2014-04-15 16:31 - 01042944 _____ (Farbar) C:\Documents and Settings\Nedjo Baslac\My Documents\FRST.exe2014-04-15 16:30 - 2014-04-05 19:16 - 00000376 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job2014-04-15 16:30 - 2013-03-23 18:24 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Application Data\Skype2014-04-15 16:30 - 2013-03-23 15:03 - 00000159 _____ () C:\WINDOWS\wiadebug.log2014-04-15 16:30 - 2013-03-23 15:03 - 00000049 _____ () C:\WINDOWS\wiaservc.log2014-04-15 16:30 - 2013-03-23 14:11 - 00399383 _____ () C:\WINDOWS\WindowsUpdate.log2014-04-15 16:29 - 2014-04-05 19:31 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-04-15 16:29 - 2013-03-23 14:18 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-04-15 14:51 - 2013-03-23 14:19 - 00000278 ___SH () C:\Documents and Settings\Nedjo Baslac\ntuser.ini2014-04-15 14:51 - 2013-03-23 14:18 - 00032454 _____ () C:\WINDOWS\SchedLgU.Txt2014-04-15 13:56 - 2013-10-01 08:56 - 00000420 _____ () C:\WINDOWS\Tasks\At1.job2014-04-15 13:36 - 2014-04-05 19:31 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-04-15 13:13 - 2013-03-23 14:59 - 00646895 _____ () C:\WINDOWS\setupapi.log2014-04-14 20:41 - 2014-04-14 20:41 - 135748352 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\setup_11.0.1.1245.x01_2014_04_14_20_12.exe2014-04-14 18:52 - 2014-04-14 18:41 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\NPE2014-04-14 18:52 - 2013-03-23 14:56 - 00000211 _____ () C:\boot.ini2014-04-14 18:43 - 2013-03-23 14:19 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac2014-04-14 18:41 - 2014-04-14 18:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton2014-04-14 18:40 - 2014-04-14 18:40 - 03053496 ____N (Symantec Corporation) C:\Documents and Settings\Nedjo Baslac\My Documents\NPE.exe2014-04-14 16:12 - 2014-04-14 16:12 - 00000596 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\JRT.txt2014-04-14 15:48 - 2014-04-14 15:48 - 01016261 _____ (Thisisu) C:\Documents and Settings\Nedjo Baslac\My Documents\JRT.exe2014-04-14 15:48 - 2014-04-14 15:48 - 00000000 ____D () C:\WINDOWS\ERUNT2014-04-14 15:41 - 2014-04-14 14:28 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor Web.evt2014-04-14 15:39 - 2014-04-14 14:28 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Doctor Web2014-04-14 14:25 - 2014-04-14 14:16 - 146408624 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\h6z39t6y.exe2014-04-14 14:02 - 2014-04-14 14:02 - 00000000 ____D () C:\TDSSKiller_Quarantine2014-04-14 14:00 - 2014-04-14 14:00 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Nedjo Baslac\My Documents\tdsskiller.exe2014-04-14 13:57 - 2004-08-04 20:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl2014-04-12 13:35 - 2014-04-12 13:35 - 00000000 _RSHD () C:\Win2014-04-12 08:44 - 2014-04-12 08:44 - 00001688 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\Skype.lnk2014-04-11 13:38 - 2014-04-05 19:33 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2014-04-09 20:59 - 2004-08-04 20:00 - 00000573 _____ () C:\WINDOWS\win.ini2014-04-09 20:59 - 2004-08-04 20:00 - 00000227 _____ () C:\WINDOWS\system.ini2014-04-09 18:54 - 2013-10-03 11:48 - 00000000 ____D () C:\Program Files\The KMPlayer2014-04-09 15:38 - 2014-04-09 15:38 - 00000000 ____D () C:\Program Files\ESET2014-04-08 14:32 - 2014-04-08 14:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2014-04-08 14:32 - 2014-04-08 14:00 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Desktop\mbar2014-04-08 14:20 - 2014-04-05 10:27 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-04-08 14:20 - 2014-04-05 10:27 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-04-05 19:37 - 2014-04-05 19:37 - 00000815 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\Launch Internet Explorer Browser.lnk2014-04-05 19:33 - 2014-04-05 19:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome2014-04-05 19:33 - 2013-05-30 12:42 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\Google2014-04-05 19:32 - 2013-05-30 12:42 - 00000000 ____D () C:\Program Files\Google2014-04-05 19:31 - 2014-04-05 19:31 - 00884680 _____ (Google Inc.) C:\Documents and Settings\Nedjo Baslac\My Documents\ChromeSetup.exe2014-04-05 19:17 - 2014-04-05 19:17 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk2014-04-05 19:17 - 2014-04-05 19:17 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Application Data\AVAST Software2014-04-05 19:17 - 2014-04-05 19:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast2014-04-05 19:16 - 2014-04-05 19:16 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys2014-04-05 19:16 - 2014-04-05 19:16 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys2014-04-05 19:16 - 2014-04-05 19:16 - 00180760 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys2014-04-05 19:16 - 2014-04-05 19:16 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys2014-04-05 19:16 - 2014-04-05 19:16 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys2014-04-05 19:16 - 2014-04-05 19:16 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys2014-04-05 19:16 - 2014-04-05 19:16 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys2014-04-05 19:16 - 2014-04-05 19:16 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr2014-04-05 19:16 - 2013-03-23 15:58 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe2014-04-05 19:14 - 2014-04-05 19:12 - 88551496 _____ (AVAST Software) C:\Documents and Settings\Nedjo Baslac\My Documents\avast_free_antivirus_setup.exe2014-04-05 19:14 - 2013-03-23 15:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software2014-04-05 19:08 - 2014-04-04 19:07 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt2014-04-05 15:57 - 2014-04-05 15:57 - 00002388 _____ () C:\EamClean.log2014-04-05 14:43 - 2014-04-05 14:43 - 00000462 _____ () C:\Documents and Settings\Nedjo Baslac\Desktop\Emsisoft Emergency Kit.lnk2014-04-05 14:43 - 2014-04-05 14:42 - 00000000 ____D () C:\EEK2014-04-05 14:41 - 2014-04-05 14:34 - 225609112 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\EmsisoftEmergencyKit.exe2014-04-05 11:34 - 2014-04-05 11:34 - 18568328 _____ (SUPERAntiSpyware) C:\Documents and Settings\Nedjo Baslac\My Documents\SUPERAntiSpyware.exe2014-04-05 11:25 - 2014-04-05 11:25 - 00154888 _____ (SurfRight B.V.) C:\WINDOWS\system32\LnkProtect.dll2014-04-05 11:12 - 2013-03-23 15:14 - 00000000 ____D () C:\WINDOWS\SHELLNEW2014-04-05 10:27 - 2014-04-05 10:27 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2014-04-05 10:27 - 2014-04-05 10:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-04-05 10:27 - 2014-04-05 10:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware2014-04-05 10:27 - 2013-10-03 10:20 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Application Data\Malwarebytes2014-04-05 10:27 - 2013-10-03 10:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes2014-04-05 10:26 - 2014-04-05 10:25 - 17305616 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Nedjo Baslac\My Documents\mbam-setup-2.0.1.1004.exe2014-04-05 10:18 - 2014-04-05 10:03 - 00000000 ____D () C:\AdwCleaner2014-04-05 10:13 - 2014-04-05 10:13 - 00000706 _____ () C:\Documents and Settings\All Users\Desktop\Unchecky.lnk2014-04-05 10:13 - 2014-04-05 10:13 - 00000000 ____D () C:\Program Files\Unchecky2014-04-05 10:13 - 2014-04-05 10:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Unchecky2014-04-05 10:13 - 2014-04-05 10:12 - 00690424 _____ (RaMMicHaeL) C:\Documents and Settings\Nedjo Baslac\My Documents\unchecky_setup.exe2014-04-05 10:02 - 2014-04-05 10:02 - 01426178 _____ () C:\Documents and Settings\Nedjo Baslac\My Documents\AdwCleaner.exe2014-04-04 19:03 - 2014-04-04 18:51 - 230532272 _____ (COMODO) C:\Documents and Settings\Nedjo Baslac\My Documents\cispremium_installer_5764_af.exe2014-04-04 18:47 - 2013-10-31 13:03 - 00000000 ___HD () C:\$AVG2014-04-04 18:47 - 2013-10-31 13:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG20142014-04-04 18:47 - 2013-10-31 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData2014-04-04 16:19 - 2014-04-04 16:19 - 00000669 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk2014-04-04 16:19 - 2014-04-04 16:19 - 00000669 _____ () C:\Documents and Settings\All Users\Desktop\Opera.lnk2014-04-04 16:19 - 2014-04-04 16:19 - 00000000 ____D () C:\Program Files\Opera2014-04-04 16:19 - 2014-04-04 16:19 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\Opera Software2014-04-04 16:19 - 2014-04-04 16:19 - 00000000 ____D () C:\Documents and Settings\Nedjo Baslac\Application Data\Opera Software2014-04-04 13:28 - 2013-03-23 15:27 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk2014-04-04 12:24 - 2014-04-04 12:24 - 00027912 _____ () C:\WINDOWS\system32\.crusader2014-04-04 12:24 - 2014-04-04 12:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro2014-04-04 12:16 - 2014-04-04 12:16 - 00001610 _____ () C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk2014-04-04 12:16 - 2014-04-04 12:16 - 00000000 ____D () C:\Program Files\HitmanPro2014-04-04 12:16 - 2014-04-04 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro2014-04-04 12:13 - 2014-04-04 12:13 - 00000000 ____D () C:\Program Files\Reason2014-04-03 09:50 - 2013-10-03 10:19 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-03-31 08:10 - 2013-03-23 15:00 - 00468100 _____ () C:\WINDOWS\system32\PerfStringBackup.INI Files to move or delete:====================C:\Windows\Tasks\At1.job Some content of TEMP:====================C:\Documents and Settings\Nedjo Baslac\Local Settings\Temp\3078fb18-73e8-4363-a37b-2f401a52d94f.exeC:\Documents and Settings\Nedjo Baslac\Local Settings\Temp\BackupSetup.exeC:\Documents and Settings\Nedjo Baslac\Local Settings\Temp\fp_pl_pfs_installer.exeC:\Documents and Settings\Nedjo Baslac\Local Settings\Temp\Quarantine.exeC:\Documents and Settings\Nedjo Baslac\Local Settings\Temp\SkypeSetup.exeC:\Documents and Settings\Nedjo Baslac\Local Settings\Temp\uninst1.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe[2008-03-07 11:46] - [2008-03-07 11:46] - 1033728 ____A (Microsoft Corporation) a546ad755fa358195c9e1386e8b10de1 C:\WINDOWS\system32\winlogon.exe[2008-03-07 11:46] - [2008-03-07 11:46] - 0507904 ____A (Microsoft Corporation) 3339d062572762f8e2ff102a7f8f621d C:\WINDOWS\system32\svchost.exe[2008-03-07 11:46] - [2008-03-07 11:46] - 0014336 ____A (Microsoft Corporation) 90cef742abe7ec1da7df8ef2016817cd C:\WINDOWS\system32\services.exe[2008-03-07 11:46] - [2008-03-07 11:46] - 0108544 ____A (Microsoft Corporation) 5c031f7e17e3ca7760ca2d7cfff973d2 C:\WINDOWS\system32\User32.dll[2008-03-07 11:46] - [2008-03-07 11:46] - 0578560 ____A (Microsoft Corporation) 65a57a5d7099b439d54332a213f62efe C:\WINDOWS\system32\userinit.exe[2008-03-07 11:46] - [2008-03-07 11:46] - 0026112 ____A (Microsoft Corporation) 72535e77c6057f8167bbf38fc9c03fe9 C:\WINDOWS\system32\rpcss.dll[2008-03-07 11:46] - [2008-03-07 11:46] - 0399360 ____A (Microsoft Corporation) bc44c99c09151d8bd36491bc1321f510 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.C:\WINDOWS\system32\Drivers\volsnap.sys[2008-03-07 04:16] - [2008-03-07 04:16] - 0052352 ____A (Microsoft Corporation) 734738d29213de1ee15fdb7bbd134fe7 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Serb25 Posted April 15, 2014 Author ID:818598 Share Posted April 15, 2014 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-04-2014Ran by Nedjo Baslac at 2014-04-15 16:34:11Running from C:\Documents and Settings\Nedjo Baslac\My DocumentsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} ==================== Installed Programs ====================== ABBYY FineReader 5.0 Sprint (HKLM\...\{4468EF97-A253-4699-9E1C-88CAE2C6832D}) (Version: 5.0.0.22227 - ABBYY Software House)ACDSee 7.0 PowerPack (HKLM\...\{B0625F16-B742-4F75-9FD8-20B47ACC7DE2}) (Version: 7.0.47 - ACD Systems Ltd.)Adobe Acrobat 7.0 Professional - English, Français, Deutsch (Version: 7.1.0 - Adobe Systems) HiddenAdobe Acrobat 7.1.0 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 7.0 Professional - EFG) (Version: 7.1.0 - Adobe Systems)avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2016 - Avast Software)Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - )ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )FaxTools (HKLM\...\{F45298E5-0083-426F-A668-1A2C5F04B8A0}) (Version: 5.08 - BVRP Software)Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.23.9 - Google Inc.) HiddenHitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)K-Lite Codec Pack 10.0.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.0 - )KMP Media Toolbar (HKLM\...\{4B4D5056-3700-A76A-76A7-A758B70C0A03}) (Version: 12.10.3.4602 - APN, LLC)Lexmark X5100 Series (HKLM\...\Lexmark X5100 Series) (Version: - )Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )Opera Stable 20.0.1387.91 (HKLM\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)Platform (Version: 1.21 - VIA Technologies, Inc.) HiddenSkype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_5045&SUBSYS_15091E40) (Version: - )Subtitle Workshop 2.51 (HKLM\...\SubtitleWorkshop) (Version: - )The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.7.0.109 - KMP Media co., Ltd)Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: - )Unchecky v0.2.11 (HKLM\...\Unchecky) (Version: 0.2.11 - RaMMicHaeL)VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.21 - VIA Technologies, Inc.)VIA/S3G Display Driver 6.14.10.0078 (HKLM\...\VIA Chrome9 HC IGP Display) (Version: - )Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWinamp (HKLM\...\Winamp) (Version: 5.56 - Nullsoft, Inc)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version: - ) <==== ATTENTION ==================== Restore Points ========================= 18-01-2014 17:47:06 System Checkpoint22-01-2014 13:32:12 System Checkpoint23-01-2014 10:41:50 Printer Driver Lexmark X5100 Series Installed04-02-2014 10:06:27 System Checkpoint13-02-2014 07:20:38 System Checkpoint06-03-2014 15:29:28 System Checkpoint18-03-2014 11:01:20 System Checkpoint28-03-2014 09:30:18 System Checkpoint04-04-2014 16:45:28 Uklonjeno AVG 201404-04-2014 16:47:30 Uklonjeno AVG 201405-04-2014 17:07:12 Removed COMODO Internet Security Premium05-04-2014 17:15:45 avast! antivirus system restore point07-04-2014 13:37:03 System Checkpoint09-04-2014 15:52:12 System Checkpoint09-04-2014 17:18:25 Installed Kaspersky Security Scan.09-04-2014 19:05:14 Removed Kaspersky Security Scan.11-04-2014 11:11:48 System Checkpoint ==================== Hosts content: ========================== 2004-08-04 20:00 - 2014-04-15 16:30 - 00001887 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost0.0.0.0 tracking.opencandy.com.s3.amazonaws.com0.0.0.0 media.opencandy.com0.0.0.0 cdn.opencandy.com0.0.0.0 tracking.opencandy.com0.0.0.0 api.opencandy.com0.0.0.0 installer.betterinstaller.com0.0.0.0 installer.filebulldog.com0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net0.0.0.0 inno.bisrv.com0.0.0.0 nsis.bisrv.com0.0.0.0 cdn.file2desktop.com0.0.0.0 cdn.goateastcach.us0.0.0.0 cdn.guttastatdk.us0.0.0.0 cdn.inskinmedia.com0.0.0.0 cdn.insta.oibundles2.com0.0.0.0 cdn.insta.playbryte.com0.0.0.0 cdn.llogetfastcach.us0.0.0.0 cdn.montiera.com0.0.0.0 cdn.msdwnld.com0.0.0.0 cdn.mypcbackup.com0.0.0.0 cdn.ppdownload.com0.0.0.0 cdn.riceateastcach.us0.0.0.0 cdn.shyapotato.us0.0.0.0 cdn.solimba.com0.0.0.0 cdn.tuto4pc.com0.0.0.0 cdn.appround.biz0.0.0.0 cdn.bigspeedpro.com0.0.0.0 cdn.bispd.com There are 4 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\NEDJOB~1\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONTask: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-15 13:12 - 2014-04-15 13:12 - 02212352 _____ () C:\Program Files\AVAST Software\Avast\defs\14041500\algo.dll2013-07-19 20:53 - 2006-01-12 21:20 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.DEU2013-07-19 20:53 - 2006-01-12 21:13 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.FRA2014-04-05 19:16 - 2014-04-05 19:16 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2008-03-07 11:46 - 2008-03-07 11:46 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll2008-03-07 11:46 - 2008-03-07 11:46 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\58617646.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\58617646.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk => C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon StartupMSCONFIG\startupreg: Acrobat Assistant 7.0 => "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"MSCONFIG\startupreg: KSS => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorunMSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exeMSCONFIG\startupreg: S3Trayp => S3trayp.exeMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"MSCONFIG\startupreg: VModes => VModes AttachToDesktopMSCONFIG\startupreg: VTTimer => VTTimer.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (04/14/2014 03:27:19 PM) (Source: Application Hang) (User: )Description: Hanging application opera.exe, version 20.0.1387.91, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/05/2014 08:57:41 PM) (Source: KMPService.exe) (User: )Description: Socket Error # 10065No route to host. Error: (04/04/2014 01:42:30 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )Description: Faulting application herdprotectscan.exe, version 1.0.3.0, stamp 5339d635, faulting module kernel32.dll, version 5.1.2600.5503, stamp 47d05f02, debug? 0, fault address 0x00012aeb. Error: (04/04/2014 01:41:20 PM) (Source: MsiInstaller) (User: HOME-AMILO)Description: The installation of d:\8376166429323dc5374776e0\vs_setup.ms_ is not permitted due to an error in software restriction policy processing. The object cannot be trusted. Error: (04/04/2014 01:28:39 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )Description: Faulting application herdprotectscan.exe, version 1.0.3.0, stamp 5339d635, faulting module kernel32.dll, version 5.1.2600.5503, stamp 47d05f02, debug? 0, fault address 0x00012aeb. Error: (04/04/2014 00:13:45 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )Description: Faulting application herdprotectscan.exe, version 1.0.3.0, stamp 5339d635, faulting module kernel32.dll, version 5.1.2600.5503, stamp 47d05f02, debug? 0, fault address 0x00012aeb. Error: (03/31/2014 08:08:48 AM) (Source: KMPService.exe) (User: )Description: Socket Error # 11001Host not found. Error: (03/18/2014 00:36:17 PM) (Source: KMPService.exe) (User: )Description: The service process could not connect to the service controller Error: (03/09/2014 10:21:41 AM) (Source: KMPService.exe) (User: )Description: Socket Error # 11001Host not found. Error: (02/25/2014 06:43:58 PM) (Source: KMPService.exe) (User: )Description: Socket Error # 11001Host not found. System errors:=============Error: (04/15/2014 01:56:04 PM) (Source: Schedule) (User: )Description: The At1.job command failed to start due to the following error: %%2147942403 Error: (04/14/2014 08:56:00 PM) (Source: Schedule) (User: )Description: The At1.job command failed to start due to the following error: %%2147942403 Error: (04/14/2014 06:58:26 PM) (Source: DCOM) (User: NT AUTHORITY)Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""in order to run the server:{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (04/14/2014 06:57:38 PM) (Source: DCOM) (User: HOME-AMILO)Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""in order to run the server:{A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (04/14/2014 06:56:20 PM) (Source: DCOM) (User: HOME-AMILO)Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""in order to run the server:{A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (04/14/2014 06:56:13 PM) (Source: DCOM) (User: HOME-AMILO)Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""in order to run the server:{BA126AE5-2166-11D1-B1D0-00805FC1270E} Error: (04/14/2014 06:55:43 PM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load: AFDaswRdraswRvrtaswSnxaswSPaswTdiaswVmmFipsintelppmIPSecMRxSmbNetBIOSNetBTRasAcdRdbssTcpip Error: (04/14/2014 06:55:43 PM) (Source: Service Control Manager) (User: )Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error: (04/14/2014 06:55:43 PM) (Source: Service Control Manager) (User: )Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error: (04/14/2014 06:55:43 PM) (Source: Service Control Manager) (User: )Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Microsoft Office Sessions:=========================Error: (04/14/2014 03:27:19 PM) (Source: Application Hang)(User: )Description: opera.exe20.0.1387.91hungapp0.0.0.000000000 Error: (04/05/2014 08:57:41 PM) (Source: KMPService.exe)(User: )Description: Socket Error # 10065No route to host. Error: (04/04/2014 01:42:30 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )Description: herdprotectscan.exe1.0.3.05339d635kernel32.dll5.1.2600.550347d05f02000012aeb Error: (04/04/2014 01:41:20 PM) (Source: MsiInstaller)(User: HOME-AMILO)Description: d:\8376166429323dc5374776e0\vs_setup.ms_(NULL)(NULL)(NULL) Error: (04/04/2014 01:28:39 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )Description: herdprotectscan.exe1.0.3.05339d635kernel32.dll5.1.2600.550347d05f02000012aeb Error: (04/04/2014 00:13:45 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )Description: herdprotectscan.exe1.0.3.05339d635kernel32.dll5.1.2600.550347d05f02000012aeb Error: (03/31/2014 08:08:48 AM) (Source: KMPService.exe)(User: )Description: Socket Error # 11001Host not found. Error: (03/18/2014 00:36:17 PM) (Source: KMPService.exe)(User: )Description: The service process could not connect to the service controller Error: (03/09/2014 10:21:41 AM) (Source: KMPService.exe)(User: )Description: Socket Error # 11001Host not found. Error: (02/25/2014 06:43:58 PM) (Source: KMPService.exe)(User: )Description: Socket Error # 11001Host not found. ==================== Memory info =========================== Percentage of memory in use: 49%Total physical RAM: 766.1 MBAvailable physical RAM: 387.79 MBTotal Pagefile: 1873.58 MBAvailable Pagefile: 1549.2 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1949.05 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:29.29 GB) (Free:1.73 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive d: (Storage) (Fixed) (Total:45.23 GB) (Free:41.57 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: D4E1D4E1) Partition: GPT Partition Type. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Serb25 Posted April 15, 2014 Author ID:818600 Share Posted April 15, 2014 16:41:39.0656 0x0f4c TDSS rootkit removing tool 3.0.0.31 Apr 11 2014 08:55:1016:41:46.0359 0x0f4c ============================================================16:41:46.0359 0x0f4c Current date / time: 2014/04/15 16:41:46.035916:41:46.0359 0x0f4c SystemInfo:16:41:46.0359 0x0f4c 16:41:46.0359 0x0f4c OS Version: 5.1.2600 ServicePack: 3.016:41:46.0359 0x0f4c Product type: Workstation16:41:46.0359 0x0f4c ComputerName: HOME-AMILO16:41:46.0359 0x0f4c UserName: Nedjo Baslac16:41:46.0359 0x0f4c Windows directory: C:\WINDOWS16:41:46.0359 0x0f4c System windows directory: C:\WINDOWS16:41:46.0359 0x0f4c Processor architecture: Intel x8616:41:46.0359 0x0f4c Number of processors: 216:41:46.0359 0x0f4c Page size: 0x100016:41:46.0359 0x0f4c Boot type: Normal boot16:41:46.0359 0x0f4c ============================================================16:41:47.0937 0x0f4c KLMD registered as C:\WINDOWS\system32\drivers\42474940.sys16:41:48.0343 0x0f4c System UUID: {AC8355B4-1DDF-D1F6-AE83-EC8F554D25BC}16:41:49.0937 0x0f4c Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005416:41:49.0953 0x0f4c ============================================================16:41:49.0953 0x0f4c \Device\Harddisk0\DR0:16:41:49.0953 0x0f4c MBR partitions:16:41:49.0953 0x0f4c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B116:41:49.0953 0x0f4c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0x5A742D116:41:49.0953 0x0f4c ============================================================16:41:50.0015 0x0f4c D: <-> \Device\Harddisk0\DR0\Partition216:41:50.0031 0x0f4c C: <-> \Device\Harddisk0\DR0\Partition116:41:50.0031 0x0f4c ============================================================16:41:50.0031 0x0f4c Initialize success16:41:50.0031 0x0f4c ============================================================16:41:58.0234 0x0510 ============================================================16:41:58.0234 0x0510 Scan started16:41:58.0234 0x0510 Mode: Manual; 16:41:58.0234 0x0510 ============================================================16:41:58.0234 0x0510 KSN ping started16:42:00.0796 0x0510 KSN ping finished: true16:42:01.0593 0x0510 ================ Scan system memory ========================16:42:01.0609 0x0510 System memory - ok16:42:01.0609 0x0510 ================ Scan services =============================16:42:01.0906 0x0510 Abiosdsk - ok16:42:01.0937 0x0510 abp480n5 - ok16:42:02.0031 0x0510 [ 7563C2166940DF4BD740FCA01FAB2F55, CCB3395966011C90410E583B6CD6953E92A2B0ABA3B2B97A9D2EF6C60C10D342 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys16:42:02.0046 0x0510 ACPI - ok16:42:02.0171 0x0510 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys16:42:02.0171 0x0510 ACPIEC - ok16:42:02.0203 0x0510 adpu160m - ok16:42:02.0281 0x0510 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys16:42:02.0296 0x0510 aec - ok16:42:02.0343 0x0510 [ 08FB6D4FDB2847CC5EF8EE42F050F32A, 02DC8F95957A6B99CC7073CA3E5AA73100E40E3EA55DFEF21A5AD8B02F0DCA47 ] AFD C:\WINDOWS\System32\drivers\afd.sys16:42:02.0359 0x0510 AFD - ok16:42:02.0375 0x0510 Aha154x - ok16:42:02.0406 0x0510 aic78u2 - ok16:42:02.0421 0x0510 aic78xx - ok16:42:02.0468 0x0510 [ BD0B616B309969E077C1345EF5B63ABA, 00C04F478E33F0FF4F000C45D5CD631A6A58BFC4E387B552F118E3C264CBF4A6 ] Alerter C:\WINDOWS\system32\alrsvc.dll16:42:02.0468 0x0510 Alerter - ok16:42:02.0500 0x0510 [ E876E7CED87AD15D0BCFCBCFC2CADB0C, 9081780E927F843408BDFD63EE3E230CC4BEB73E499954C29CB67769D91ED835 ] ALG C:\WINDOWS\System32\alg.exe16:42:02.0515 0x0510 ALG - ok16:42:02.0531 0x0510 AliIde - ok16:42:02.0562 0x0510 amsint - ok16:42:02.0609 0x0510 [ B578AEE2388E06182896721C031652D8, 1FD9F07B3DCB1A6A047F0C82FFE63BF159A9C195B6C73B9B57E6839281705BD7 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll16:42:02.0625 0x0510 AppMgmt - ok16:42:02.0687 0x0510 [ D07CCC37476034EBF5DE4608A8AF4386, 52BFBC8D0F1B5A7DD39B363EB5F0545B5B6B2D4B8EB128A5E4536B27ECA7B4FC ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys16:42:02.0734 0x0510 AR5211 - ok16:42:02.0750 0x0510 asc - ok16:42:02.0781 0x0510 asc3350p - ok16:42:02.0812 0x0510 asc3550 - ok16:42:02.0906 0x0510 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe16:42:02.0921 0x0510 aspnet_state - ok16:42:02.0968 0x0510 [ B347D2FEAE2D063943F16EC98634AB89, 2CA74745232607571ED088270B3B3FA555628455A257A6E52F133D650D861FD4 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys16:42:02.0968 0x0510 aswMonFlt - ok16:42:03.0000 0x0510 [ 71A7C3DB37ED3F6118AC7FEB50574C35, D14BFFF9E1FA77ACB4F011C68645D3961E3278ED445D574F49653BA45F0332E2 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys16:42:03.0000 0x0510 aswRdr - ok16:42:03.0031 0x0510 [ 84B4C00AE8CDFC52CF68F322D821F34C, 9971A8ECDF2B81F4AA59E7680639A8B798430E1FDF5A39C6E05E522BF2DEF3F8 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys16:42:03.0031 0x0510 aswRvrt - ok16:42:03.0125 0x0510 [ 3A50AD6AE8D8A0F78F03316F5B93FE45, 6F3952EDA23E5FD7CACE152D3DA3B1F1238E9B9976CDD5193D21424463BAA0E9 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys16:42:03.0171 0x0510 aswSnx - ok16:42:03.0234 0x0510 [ B6381B4DC603C558419641BA969930E0, F6586B6D055C62942CD0E5702FFCC6F4DB7424DC551EB0041876C3544994EB59 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys16:42:03.0250 0x0510 aswSP - ok16:42:03.0281 0x0510 [ 4A90E597A9AF787C4CEA0DE95C1F74A7, 07A80674038F2C78DA5868CB4350C1E8618E3EAAA3E894E32FDF5C876D5280F4 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys16:42:03.0296 0x0510 aswTdi - ok16:42:03.0328 0x0510 [ 680448905E27BBC6587ADB28597640D6, A55297D872162178FDCF2C64C2357DCE1D98418AB84CF5E8621DED73C7484629 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys16:42:03.0343 0x0510 aswVmm - ok16:42:03.0421 0x0510 [ DA532763C5DFB8140B1FB45CDE8E371D, AC542464D501E74169459A3C755FE2CCB4C5A82454BF7002301ED48BB247A00E ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys16:42:03.0421 0x0510 AsyncMac - ok16:42:03.0500 0x0510 [ 838DF6731742B7198F91C2D9E0468DC3, 56AAC7AEA6EE12371F0E1FF0209B64DD0860ED75BB2477ECA66D913FCBFA90D8 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys16:42:03.0500 0x0510 atapi - ok16:42:03.0515 0x0510 Atdisk - ok16:42:03.0578 0x0510 [ ADE33E7444E347EE6FE34CFCCB94D678, B1BAB6DC43FC57581F994287428D19A3C387FA2BC5538AAD1836793D2EE17BE2 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys16:42:03.0578 0x0510 Atmarpc - ok16:42:03.0625 0x0510 [ F247FECF0F95BB8DB23081D3B9D182B5, 49BE61421AC7E293112FB36C757A99A39359FDC89776A65DD6427336584F3620 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll16:42:03.0625 0x0510 AudioSrv - ok16:42:03.0671 0x0510 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys16:42:03.0671 0x0510 audstub - ok16:42:03.0765 0x0510 [ BEA8D0FA8805CC2E6BB49728166699C7, 9A574A1E79DC2D472877443A92ACDA57A1206A2DAB3AF9110C844944EDC9D797 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe16:42:03.0765 0x0510 avast! Antivirus - ok16:42:03.0843 0x0510 [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys16:42:03.0843 0x0510 avgtp - ok16:42:03.0906 0x0510 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys16:42:03.0921 0x0510 Beep - ok16:42:03.0984 0x0510 [ 80AFFA9A10E204835F10D1E2D3A6C1EC, EBCB95FF8B87E78965E15A8A276B09569662C09C442DFF4EDB6C92666091AF6D ] BITS C:\WINDOWS\system32\qmgr.dll16:42:04.0031 0x0510 BITS - ok16:42:04.0093 0x0510 [ 9E40E5F31E203CE90C66AF5E5D13688F, 56470FA3D8FC766B53E641E3AA231F415C22A5138799BCFE69F36ED918A39487 ] Browser C:\WINDOWS\System32\browser.dll16:42:04.0093 0x0510 Browser - ok16:42:04.0156 0x0510 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys16:42:04.0156 0x0510 cbidf2k - ok16:42:04.0218 0x0510 [ E8A272D0F11A2FA58431FA6588E6152D, 704D7417B0BB017812EA9534981810E2890A0E6990E2117E5601697C69F6577D ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys16:42:04.0218 0x0510 CCDECODE - ok16:42:04.0234 0x0510 cd20xrnt - ok16:42:04.0281 0x0510 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys16:42:04.0296 0x0510 Cdaudio - ok16:42:04.0343 0x0510 [ CD319F3A4BFC23E9FB392B94AFD59641, 0889EDB786C73EF95D3745AD541E339930B3D051C0F2F515AAB195BF72659F0E ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys16:42:04.0343 0x0510 Cdfs - ok16:42:04.0375 0x0510 [ 9961D4CF6C01D2B3E6BA7E9A15B55F31, 282457945CF72D340CA306138F8625D4B2D97C5878715F0AF91D4822970436A1 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys16:42:04.0375 0x0510 Cdrom - ok16:42:04.0406 0x0510 Changer - ok16:42:04.0437 0x0510 [ ECDE37D2ED4E640080E54C9AFD18EE41, 9338BDA04454AFF5AC045C3D896F20C95096E49337EC6D62E30054E7BD47B8B2 ] CiSvc C:\WINDOWS\system32\cisvc.exe16:42:04.0453 0x0510 CiSvc - ok16:42:04.0531 0x0510 [ DBC8CDAFC84E96E894C3BAAED9B30F47, A25CDF4BBF8227878D3CBB8E74904A43751EC4E98DFEBFE4CBD3953890A170F9 ] cleanhlp C:\EEK\Run\cleanhlp32.sys16:42:04.0531 0x0510 cleanhlp - ok16:42:04.0578 0x0510 [ D1BA0A09D773E6E6BE5971E9FBC2DA06, 600FEA99C560787B515B623CD35BA7E9D082C93FCC2321493E1C453C4FC8886E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe16:42:04.0578 0x0510 ClipSrv - ok16:42:04.0625 0x0510 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe16:42:04.0640 0x0510 clr_optimization_v2.0.50727_32 - ok16:42:04.0687 0x0510 [ BC6187543CFFD0CAEC690300DA8C2FA1, D2DC7F6269B6D026E012296EAF5A8916B134F39E52534733DE3678E09ACDA669 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys16:42:04.0687 0x0510 CmBatt - ok16:42:04.0703 0x0510 CmdIde - ok16:42:04.0750 0x0510 [ 55028ABED620B9822DC330107E053EE7, 122101892904D3963485D0CA794902231B47C6FF8CFC54A278F3F631CF3304E4 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys16:42:04.0750 0x0510 Compbatt - ok16:42:04.0765 0x0510 COMSysApp - ok16:42:04.0828 0x0510 Cpqarray - ok16:42:04.0890 0x0510 [ 3BE9F3160CF92FE9F9CF3B73570F1330, D5F16A70095CB00F9235108EF4C0C90A0F7D09683EAD06BC768D3F212CC46417 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll16:42:04.0890 0x0510 CryptSvc - ok16:42:04.0921 0x0510 dac2w2k - ok16:42:04.0937 0x0510 dac960nt - ok16:42:05.0000 0x0510 [ BC44C99C09151D8BD36491BC1321F510, 91BFDBC43F4AF9524588A593DAA44124EBD73B996BC47CD690DFD871223C4BB2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll16:42:05.0031 0x0510 DcomLaunch - ok16:42:05.0093 0x0510 [ ABE660C4266B32B1F7E659EF03E0E922, 5F0690E808196EF1FCB895F198CC010AE7F5DA55C1A1D46169032451CDBF1E97 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll16:42:05.0093 0x0510 Dhcp - ok16:42:05.0140 0x0510 [ 8C7776B0F84BFC3507E2D8F5CEE13DB4, FE71C7686B2E914B4A64D315BF8F89630C40D548E7C1C3AEB09BC6C3FE6D34AD ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys16:42:05.0140 0x0510 Disk - ok16:42:05.0156 0x0510 dmadmin - ok16:42:05.0250 0x0510 [ 132F36F598A03B0BD845F565E7FD9705, 4FC689B6DC7650283DE8DB45FC3213B266110E3DFD07B80954FB10AF439B626F ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys16:42:05.0296 0x0510 dmboot - ok16:42:05.0328 0x0510 [ E4052FA551F255CE15567B992876B17C, AF37EB0E2CB5053FB9ABE1A2E15454ED9193560B4D356C20C964E14959B57152 ] dmio C:\WINDOWS\system32\drivers\dmio.sys16:42:05.0343 0x0510 dmio - ok16:42:05.0375 0x0510 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys16:42:05.0375 0x0510 dmload - ok16:42:05.0421 0x0510 [ 134BDCF1F743BFBED275B73AFD502CF1, CB081DAF85253DF860695BE1B0D21CDE0C9DDC9A569F40AD7C624505CBB56D01 ] dmserver C:\WINDOWS\System32\dmserver.dll16:42:05.0421 0x0510 dmserver - ok16:42:05.0468 0x0510 [ E9C1EF7B2D0D0EE2C467DC0FE61EB5EE, DD5DF0325356865442D7E16985D4C5BF6CA0FE1B8F2F2DBC1368E2B68039308E ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys16:42:05.0468 0x0510 DMusic - ok16:42:05.0515 0x0510 [ B5A4E576E3E82730F865B3C6BF4C22F3, A854F618C026F956D23AF36802E5BB38AAC2D33CDDA76209F64A28CD46AC3E97 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll16:42:05.0515 0x0510 Dnscache - ok16:42:05.0546 0x0510 [ 48DE421C3B577B499E95C3B0B9055432, 34E7C807563FC526F712C4B5E90126FAE7C846B921054A6EF450D2AE7F7B999A ] Dot3svc C:\WINDOWS\System32\dot3svc.dll16:42:05.0562 0x0510 Dot3svc - ok16:42:05.0578 0x0510 dpti2o - ok16:42:05.0609 0x0510 [ BC73D3E69EBE5A75BED5881ECC188FAB, 36086F501B73973915DC41DD00AF9AE9A78ABF6D2A0366C0853355641969C355 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys16:42:05.0625 0x0510 drmkaud - ok16:42:05.0656 0x0510 [ 1E36912943E60BC765B92D23701C45E4, 6E8ED776F884C63FB1A24008AB2DAA05E8A4DAC26F51C7D632CC368D2135EB0C ] EapHost C:\WINDOWS\System32\eapsvc.dll16:42:05.0671 0x0510 EapHost - ok16:42:05.0703 0x0510 [ 90DD05870612CD69BB5F6D2596C4B9D6, 73D2458D470C716760AD3DA41D8C888E0376CC04C7709A013051E89D5AAF67E9 ] ERSvc C:\WINDOWS\System32\ersvc.dll16:42:05.0703 0x0510 ERSvc - ok16:42:05.0750 0x0510 [ 5C031F7E17E3CA7760CA2D7CFFF973D2, 6D3D73470F77FF15167E3D23BCD176BF4A5BE933BB9B1B8CD1685B88C1A6A0B0 ] Eventlog C:\WINDOWS\system32\services.exe16:42:05.0765 0x0510 Eventlog - ok16:42:05.0812 0x0510 [ 128E09ADCEB1DAD46815F3D4E239874C, 34F47DE74A62F1B4142B6B66CA2BF1B668F5FCFDD26F1A3FC96576C6BEBB89C4 ] EventSystem C:\WINDOWS\system32\es.dll16:42:05.0828 0x0510 EventSystem - ok16:42:05.0875 0x0510 [ 3B8D65D84DDE6ACCBDE1318B5C7A18EB, D19239F1171BA1AF9762C791A3BB2015F9BC70EB68A9F8A34EAB537732BEAC3E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys16:42:05.0890 0x0510 Fastfat - ok16:42:05.0937 0x0510 [ EF95C4371DEB4900AA00B0E108261051, FAD2CAF55738DC42B12EAF407AF1433167E45B316B689FE8CDE3FB7BB7EB1227 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll16:42:05.0953 0x0510 FastUserSwitchingCompatibility - ok16:42:05.0984 0x0510 [ 7491AD23E3F48DF2F33E368179D63B40, 663B5E995579F8FF3033D56C86767EBC0842DCFFE604B025E4C11EEDC11CEE0E ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys16:42:05.0984 0x0510 Fdc - ok16:42:06.0031 0x0510 [ E9648254056BCE81A85380C0C3647DC4, AE58F498BD1C33360FE3BB9EA22C13EA562206B68E7946B587CB5A6DF94586A1 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys16:42:06.0031 0x0510 FETNDIS - ok16:42:06.0062 0x0510 [ F06DA3260B440A0F6432A50222B880EA, 3AE885860DE9EA82FE3F13DAFF306027F4D017ED5F8B018855AEFCA565C0605D ] Fips C:\WINDOWS\system32\drivers\Fips.sys16:42:06.0062 0x0510 Fips - ok16:42:06.0093 0x0510 [ 28271C4C9CC2248C1CEA8FF903298C4B, 55CFBE4AD73C56E565B631D80B63158C779F1BDFA85B50C524FC0D2B0A677E50 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys16:42:06.0093 0x0510 Flpydisk - ok16:42:06.0140 0x0510 [ 15835809E26CB8E27BF19860B5A6CAA9, D49A2EC040D67B3F35E4EB19B05E07BF5F0829618B136453869E50BC91BE4E54 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys16:42:06.0156 0x0510 FltMgr - ok16:42:06.0187 0x0510 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys16:42:06.0187 0x0510 Fs_Rec - ok16:42:06.0203 0x0510 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys16:42:06.0218 0x0510 Ftdisk - ok16:42:06.0265 0x0510 [ 455A242ECB4296ECA80D319566D6971E, 9C780D405421E9F0EAE4858DEC2F35A50A5DEAE2FB2E423F8457544141E838A4 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys16:42:06.0265 0x0510 Gpc - ok16:42:06.0343 0x0510 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe16:42:06.0343 0x0510 gupdate - ok16:42:06.0375 0x0510 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe16:42:06.0375 0x0510 gupdatem - ok16:42:06.0453 0x0510 [ 08F0F83FDB49CDBCACF546971A660524, DE24F4299C6D4A84CB81E0FEF782F118D8742B9F2E55D35AABF15D46C9488E33 ] HdAudAddService C:\WINDOWS\system32\drivers\CHDAud.sys16:42:06.0484 0x0510 HdAudAddService - ok16:42:06.0531 0x0510 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys16:42:06.0531 0x0510 HDAudBus - ok16:42:06.0593 0x0510 [ 092620EB30864486BE588D2367E6AC28, 08B3FBDAFD03224ED8A2CD3979B809B191AF0E6C64EA27294094D21D8C623534 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll16:42:06.0609 0x0510 helpsvc - ok16:42:06.0625 0x0510 [ D52E548518ECEE4E364DC95D234BBA4A, 9FC2051771A8168032D395679BEEFDEAC8B5E50D1870F253A5D760D9E1AAD7A9 ] HidServ C:\WINDOWS\System32\hidserv.dll16:42:06.0640 0x0510 HidServ - ok16:42:06.0671 0x0510 [ 0E59F9EB06BD4CC0A7F34BB852615247, 592AC684D8C51DC5188E680DE7338F023B488936B4C3B8AEFE92F42C3E5B4E5C ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys16:42:06.0687 0x0510 hidusb - ok16:42:06.0734 0x0510 [ 5CFB08B84ABC3DFFA54849A272012F40, 4964F90A08A01D35C70498762157F70B90795152CFD224A2C1F1E56E3B27046C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll16:42:06.0734 0x0510 hkmsvc - ok16:42:06.0750 0x0510 hpn - ok16:42:06.0812 0x0510 [ D8D9DED6DCC4E3AEE633E6BA462B75C4, 148FDAAB8F0DDF5E9516C48F63A4F7E48A64EE3FD97031428FA15FA37D2B5957 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys16:42:06.0828 0x0510 HSFHWAZL - ok16:42:06.0906 0x0510 [ 2DF42CF7300B14B15953218A2B32217C, 8A1F746A2142BAF801CDAFAC7BE7A33E31263A09285E85C9454F8D8A737D4D18 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys16:42:06.0968 0x0510 HSF_DPV - ok16:42:07.0031 0x0510 [ 21833B83F668E0FBBD545F95D7A563A4, 2820FDA702F73E8B58D7086802C311076ECB0CC28FBE9C2530D5BC200F7C6F4A ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys16:42:07.0046 0x0510 HTTP - ok16:42:07.0093 0x0510 [ 94429263065B17070ADFC1ED6A2D3F70, 4AE9B42C15B651E30CC13BFBFDA0BF827F63B38F12D9AA982569A2816ECD047B ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll16:42:07.0093 0x0510 HTTPFilter - ok16:42:07.0125 0x0510 i2omgmt - ok16:42:07.0140 0x0510 i2omp - ok16:42:07.0203 0x0510 [ B1D5AC772C9602519ABF878DA44F2993, CC76E391B74C926A1CCD1008D07E1134105ED9CC1489665A3D3E9460C932D25E ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys16:42:07.0203 0x0510 i8042prt - ok16:42:07.0265 0x0510 [ 22ABEF00814937A22C4F4828EADC3EF8, C680BF95A63FBAEB5A6882A8347F80AB90E4266E56A14C5E5BF0757AA8250929 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys16:42:07.0265 0x0510 Imapi - ok16:42:07.0296 0x0510 [ 39CC28CD352CC192AEB843FB8665895F, B516B3CB1A5EA832BB0F8ADBADD244EC6B16250CD0470F0B703830E77992DA33 ] ImapiService C:\WINDOWS\system32\imapi.exe16:42:07.0312 0x0510 ImapiService - ok16:42:07.0343 0x0510 ini910u - ok16:42:07.0390 0x0510 IntelIde - ok16:42:07.0437 0x0510 [ 58959C4C8D8C0534F0E161C8E8899C96, 1CE1908C3551D766B656C9A39398CFB423F1F8743BAEC1473699B8555BACBA25 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys16:42:07.0437 0x0510 intelppm - ok16:42:07.0468 0x0510 [ B1157E4E295D3DEC5E62B2BB5189C0A8, 798A513489E6166196E9C30D37CF44D30E547EA94A2D020B62893BB8A21463A3 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys16:42:07.0468 0x0510 Ip6Fw - ok16:42:07.0515 0x0510 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys16:42:07.0515 0x0510 IpFilterDriver - ok16:42:07.0546 0x0510 [ 89638A2B685902CB4E70CD5D9EF33156, 79AB23B0B6EB51ED1E81A2F86CEE9984916AFFB08AB4281293542C32BBA49C7F ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys16:42:07.0546 0x0510 IpInIp - ok16:42:07.0593 0x0510 [ A5791AEC1588BFD76295DE679B147C55, 0804B0744451B1A0BA40E72E59EF1110D558BB5BEC7081496FD6D6C42CCB5DEB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys16:42:07.0593 0x0510 IpNat - ok16:42:07.0640 0x0510 [ 8C2FA9ECE20F0F99E9003F060E155DB9, 0814F38BAF333BE70B02EBFC3C3CBE8CF1637CAA6FD7B4895A20C26886483C9F ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys16:42:07.0640 0x0510 IPSec - ok16:42:07.0703 0x0510 [ F17106F5E19039BC7EC7F6C54BA82F21, AA4579E5094A45287BB86DE4BE528CDD15B29DAEBEC73601A27F05F1937C5A9A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys16:42:07.0703 0x0510 IRENUM - ok16:42:07.0750 0x0510 [ 4D08FBB3BD7B6CCE4F352D3D5A1C5154, 38871FC68117116173483604B30C94577A0189C7C123FCA7FB28A28A0114A1F0 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys16:42:07.0765 0x0510 isapnp - ok16:42:07.0796 0x0510 [ F46911A590C6A69CAE4CE915E3C54EA2, 1D62D27D47EB18E58D001ABFBC097F9827AEF4D8C24295E412612F990FFAB805 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys16:42:07.0812 0x0510 Kbdclass - ok16:42:07.0843 0x0510 [ 724FA1E8877B52D0C6A876D41EA558E7, 8A2703AED8F7E9B0E32D624443603A89EC45135E19E3D1CED28A92EB8EBF6860 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys16:42:07.0843 0x0510 kmixer - ok16:42:07.0890 0x0510 [ 3F97FC8DB81F6A811A5A80578A702965, F6983A1019FBECA268ECDB0DE3B851C2EEB09C3DE63DAB9206191BE18D434D50 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys16:42:07.0906 0x0510 KSecDD - ok16:42:07.0953 0x0510 [ 87C8F442F3512B045DFC202B84B03B44, 24B331B7DAD7117F24FEA1E4CE68845C1B3674895DC1CA8559B8A105ADF7C160 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll16:42:07.0968 0x0510 LanmanServer - ok16:42:08.0031 0x0510 [ BEB90A7C8A02A6115F30BC815B7C551C, 5E7ACBE11C9F80B96BE7B82F673BF877D18508D56716784FB17D77916C02D131 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll16:42:08.0046 0x0510 lanmanworkstation - ok16:42:08.0062 0x0510 lbrtfdc - ok16:42:08.0140 0x0510 [ 1E249F3E56B9C13F42C6D12D9447354F, 4263BA6C18DE32ED697C94E233D998D5F516B827AEB21CEB641996D92AA3DAE6 ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE16:42:08.0171 0x0510 LexBceS - ok16:42:08.0218 0x0510 [ E3C57C9F6DD7983BFDD047493722D2BB, 6C16DA8A54EE9263CDDB37E25396449EAB82BE6AFC1FD1545DFDC398ACBC2201 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll16:42:08.0234 0x0510 LmHosts - ok16:42:08.0265 0x0510 [ E246A32C445056996074A397DA56E815, 5CD5B22840151CAC1FC990C3E468E5382DCC3F89EFD8CE422B9B10B5BEB6F990 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys16:42:08.0281 0x0510 mdmxsdk - ok16:42:08.0312 0x0510 [ B0E62543939AD2B59B69AD2639D397DB, B9BCACCB4AE29A1493C6E1F7B3B6318AD0600275EBC375FE694C55360DA65427 ] Messenger C:\WINDOWS\System32\msgsvc.dll16:42:08.0312 0x0510 Messenger - ok16:42:08.0359 0x0510 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys16:42:08.0375 0x0510 mnmdd - ok16:42:08.0421 0x0510 [ 5B3DDA2AC7DC6B516BAF74E3B3A88DC1, AD6602FC4329F8F4D95C344DF18403E3445BC5046765BB93A1DCDF02029A2CE3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe16:42:08.0421 0x0510 mnmsrvc - ok16:42:08.0468 0x0510 [ 027315AF46FB8FE59FD654F7804D3440, F8E909D7835E10BEC4BE199AFE04AD9C50955C22AD46E7680D7592843BA95C7F ] Modem C:\WINDOWS\system32\drivers\Modem.sys16:42:08.0468 0x0510 Modem - ok16:42:08.0484 0x0510 [ BE8BA5D4C4ADEE75F6B4DC77B8C18726, 8F94F46CFD76C7A813D1953F7ED7833694D2F3DDD2AEB09D461966FF1B3DD08D ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys16:42:08.0500 0x0510 Mouclass - ok16:42:08.0515 0x0510 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys16:42:08.0531 0x0510 mouhid - ok16:42:08.0562 0x0510 [ 4E73CA698169B63690CD170D62AF5289, C2CC58BEDAA949FD631E21E7C52BE9C7905EFE56F1BFDBCC66053D7693F6BC92 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys16:42:08.0562 0x0510 MountMgr - ok16:42:08.0578 0x0510 MozillaMaintenance - ok16:42:08.0609 0x0510 mraid35x - ok16:42:08.0656 0x0510 [ AC9A33D0836545E72E878D6B2EE66ED3, FF75894D730BF7FB175BE3B7F4E40DCB4EF773202E5D85CEAF69900E2548958A ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys16:42:08.0671 0x0510 MRxDAV - ok16:42:08.0718 0x0510 [ D30EAB4473934599AD5B5CBEFBDAFD72, 3170994B3E0C82D3013330C405140C0C73CD4D572AB7B31586528B96C6D6C5D9 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys16:42:08.0734 0x0510 MRxSmb - ok16:42:08.0781 0x0510 [ AF8467D683E8D3D7950E980D447645F6, 07891DAABE1D63C31BDDD5D03CC178AAEEC97DBA1E3167675CC982E5DFB03786 ] MSDTC C:\WINDOWS\system32\msdtc.exe16:42:08.0781 0x0510 MSDTC - ok16:42:08.0812 0x0510 [ 921A36437283D1303C42996877976EA0, DFE9711836C2EB84450DCB90527946408499F88CAFC39BDC89A7A4D4DA549394 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys16:42:08.0828 0x0510 Msfs - ok16:42:08.0843 0x0510 MSIServer - ok16:42:08.0875 0x0510 [ 8D235F3B33089CE8C02E3A56C55CFA2A, C5E7BEB67BBB69A7EEC367C5C49B1E2697518F439F63B2B41F7B7510DEBCF641 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys16:42:08.0875 0x0510 MSKSSRV - ok16:42:08.0921 0x0510 [ 60B0A7B75A169EFC90A7D28B762F1D7A, 58E4A83610C5A8F5BBCDD2F3200BD470E05D6449611255C4A0DFD6642EDB2E9D ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys16:42:08.0921 0x0510 MSPCLOCK - ok16:42:08.0953 0x0510 [ 5FF45F159DD6F9292CD0645706593ADE, B3E57195C4D757674F862743DC9BBA1C9EA6654D6C87080B12CD1471033DD353 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys16:42:08.0953 0x0510 MSPQM - ok16:42:09.0000 0x0510 [ 227DA9E3A1A6FC04210D2392B9EA9026, 10B21EAE5579837E8BB7A2A160C6B5C6C1D647DBF0C800BA5FC06A69FC4D5A21 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys16:42:09.0000 0x0510 mssmbios - ok16:42:09.0031 0x0510 [ 2E29D69EBE0F84C91B6AC951E7CC4D05, EFDCAB086234652B80DCBF53EFD86EF8D4884D688571B930F626728A4EBBDC57 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys16:42:09.0031 0x0510 MSTEE - ok16:42:09.0078 0x0510 [ 5373805013250B055B0C1FFCCC384407, D363503FF13FE35B76168BF7B8740B1C5E9B349DBFAA24B3B26D01E1963D1321 ] Mup C:\WINDOWS\system32\drivers\Mup.sys16:42:09.0093 0x0510 Mup - ok16:42:09.0125 0x0510 [ BDCAC0684D77E289465B183D0B785941, 2B21FC5F68F9D178E881E44E6954817516F7759AF2BD675F911049B94E9B6362 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys16:42:09.0140 0x0510 NABTSFEC - ok16:42:09.0203 0x0510 [ 2B0C4BBC291DD4608EAD2F2CBCE10E5C, D9116B90C510DF5C376F57F438790528E4E3700436E7A95B9235E1249E5B196A ] napagent C:\WINDOWS\System32\qagentrt.dll16:42:09.0234 0x0510 napagent - ok16:42:09.0281 0x0510 [ D89ACA7F76952917CBADE3C315B50036, A348BF6426D7DACE2F9362D5D6A6E758E02E1D1DD346D652FCFBB9A422CA2C6E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys16:42:09.0296 0x0510 NDIS - ok16:42:09.0328 0x0510 [ 514A71B244D6DC19A657C91A2A336B7A, 541A22B0D1AABE4F4FE483F46006600A6109B81405206748823B3E4930EEB448 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys16:42:09.0328 0x0510 NdisIP - ok16:42:09.0359 0x0510 [ D4F4D4FF25C19179B0B38F8272C09952, E22D0D7F64B5B1552E1373482E918499129D6834785648F5C89A55B7C5F21DD6 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys16:42:09.0359 0x0510 NdisTapi - ok16:42:09.0375 0x0510 [ 6C299F28150BF94C304B5B2F9AEF0C9A, EDC40C46DC441C74D1301B4C4CA22E374106090FBAFE19B6A0D19C9E302E5E14 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys16:42:09.0390 0x0510 Ndisuio - ok16:42:09.0406 0x0510 [ 026B1FC7ED7761FF1330047580D8345E, E5CCF4231439A573C7C16503BA495DF80DB588779EDF8C9D0C5C240294D92261 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys16:42:09.0421 0x0510 NdisWan - ok16:42:09.0453 0x0510 [ 15F6DB91FE53FC781B84D3536C20C301, 9F4869EA82950C5CBBC2DA627B75311A627B65F23EEF6682E137B0786E34C566 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys16:42:09.0453 0x0510 NDProxy - ok16:42:09.0500 0x0510 [ 34691C114A1E3DF953D4F918C1068FB6, 0CFEA7A18BB6F723C9404CF9B0C592680A835AADDE9F4A78C2D14E245BA13DAB ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys16:42:09.0500 0x0510 NetBIOS - ok16:42:09.0531 0x0510 [ FCF68116195ADF2777644187303F206A, EADBA31E75439FAD316D9A010326AF5EA6D09BC3076550F4FE9BF5ABAF36EADD ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys16:42:09.0546 0x0510 NetBT - ok16:42:09.0578 0x0510 [ 6B4EDEFFEBBD705A1160F27A821532B3, 58D762EF0A0F7F18E3C0C8EE6F5E261817BDBD541CEA2BD79F6E2AD8D16429D4 ] NetDDE C:\WINDOWS\system32\netdde.exe16:42:09.0593 0x0510 NetDDE - ok16:42:09.0625 0x0510 [ 6B4EDEFFEBBD705A1160F27A821532B3, 58D762EF0A0F7F18E3C0C8EE6F5E261817BDBD541CEA2BD79F6E2AD8D16429D4 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe16:42:09.0640 0x0510 NetDDEdsdm - ok16:42:09.0687 0x0510 [ 543B4545600F5B26150FF3F639AA670A, 55E78D1BAB10FDA3E72BA06847F8DDE852281757D204ED1FAA1A8BA222AF1C6E ] Netlogon C:\WINDOWS\system32\lsass.exe16:42:09.0687 0x0510 Netlogon - ok16:42:09.0718 0x0510 [ A0C9CB2819059FA490B2CF43AA08D19C, 2279083DE04C48C38FEDB597A14B990FEC0740B73B089E77CAF0339F5860AC27 ] Netman C:\WINDOWS\System32\netman.dll16:42:09.0750 0x0510 Netman - ok16:42:09.0781 0x0510 [ 998232EF17552580CD324924B147F44F, FEA6D9318BC27201460928FD5C97A46FA261D5554CAD45D1808C655BA61EFB98 ] Nla C:\WINDOWS\System32\mswsock.dll16:42:09.0796 0x0510 Nla - ok16:42:09.0843 0x0510 [ 682D9C1B2219BCCDA7D033E2706FDB50, 207440A9744853D4B055A656C9AD9D1C47AF5887A6D80AB5870E47BAF3ECFD47 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys16:42:09.0843 0x0510 Npfs - ok16:42:09.0906 0x0510 [ 4BAA9DE705D0EA0036642D655A36D16E, 25880E88BD2CD04B4AC0995E282E3CEBDB65E72A14DEC70E363DBE2DE2B19D9E ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys16:42:09.0921 0x0510 Ntfs - ok16:42:09.0953 0x0510 [ 543B4545600F5B26150FF3F639AA670A, 55E78D1BAB10FDA3E72BA06847F8DDE852281757D204ED1FAA1A8BA222AF1C6E ] NtLmSsp C:\WINDOWS\system32\lsass.exe16:42:09.0968 0x0510 NtLmSsp - ok16:42:10.0031 0x0510 [ 92FA7CCEE20701EFB2107E9B91F1B846, 75887139D8400D63C13E4A64B9519DDE7E195F122230D4C6DB87CA9B22495B86 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll16:42:10.0062 0x0510 NtmsSvc - ok16:42:10.0109 0x0510 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys16:42:10.0109 0x0510 Null - ok16:42:10.0140 0x0510 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys16:42:10.0140 0x0510 NwlnkFlt - ok16:42:10.0187 0x0510 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys16:42:10.0187 0x0510 NwlnkFwd - ok16:42:10.0265 0x0510 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE16:42:10.0265 0x0510 ose - ok16:42:10.0328 0x0510 [ 86C656BFB7DF47DA74F681FF1B75FE81, 34E1DB2B132F44C481192D0BEBCED161676FC9964CB045E6934EF69261267274 ] Parport C:\WINDOWS\system32\drivers\Parport.sys16:42:10.0328 0x0510 Parport - ok16:42:10.0359 0x0510 [ E1C9C03D779B559A10A744709EB194B4, 4DDD42E6875425102A5140B975088695A111C86DFD1FA4DB63C940B1FC3612FA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys16:42:10.0359 0x0510 PartMgr - ok16:42:10.0406 0x0510 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys16:42:10.0406 0x0510 ParVdm - ok16:42:10.0453 0x0510 [ 48AFFB14E2BED45D37B72894E7923444, 3BF66AF49A7D19E186C1EDFDC4894D6DF40FEE39F5B95E1485B7631A62B1D19E ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys16:42:10.0453 0x0510 PCI - ok16:42:10.0468 0x0510 PCIDump - ok16:42:10.0500 0x0510 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys16:42:10.0500 0x0510 PCIIde - ok16:42:10.0546 0x0510 [ B054FACB7EB88946033A9E703569E885, 29DC7C7176830038A13154CF89E7C85BE10FFFDB2B48329C0A996F7A6E4D9760 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys16:42:10.0562 0x0510 Pcmcia - ok16:42:10.0578 0x0510 PDCOMP - ok16:42:10.0609 0x0510 PDFRAME - ok16:42:10.0625 0x0510 PDRELI - ok16:42:10.0656 0x0510 PDRFRAME - ok16:42:10.0687 0x0510 perc2 - ok16:42:10.0718 0x0510 perc2hib - ok16:42:10.0859 0x0510 [ 5C031F7E17E3CA7760CA2D7CFFF973D2, 6D3D73470F77FF15167E3D23BCD176BF4A5BE933BB9B1B8CD1685B88C1A6A0B0 ] PlugPlay C:\WINDOWS\system32\services.exe16:42:10.0875 0x0510 PlugPlay - ok16:42:10.0906 0x0510 [ 543B4545600F5B26150FF3F639AA670A, 55E78D1BAB10FDA3E72BA06847F8DDE852281757D204ED1FAA1A8BA222AF1C6E ] PolicyAgent C:\WINDOWS\system32\lsass.exe16:42:10.0906 0x0510 PolicyAgent - ok16:42:10.0953 0x0510 [ 0F14D1F70CB752E1B3BDC8F9E1764712, 149C1E5A23659DF6C3039723437030878AF84DEDEAD89D6B2BCAE8473E2EEA2B ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys16:42:10.0968 0x0510 PptpMiniport - ok16:42:10.0984 0x0510 [ 543B4545600F5B26150FF3F639AA670A, 55E78D1BAB10FDA3E72BA06847F8DDE852281757D204ED1FAA1A8BA222AF1C6E ] ProtectedStorage C:\WINDOWS\system32\lsass.exe16:42:11.0000 0x0510 ProtectedStorage - ok16:42:11.0015 0x0510 [ 57E14E15AC0F50D33335669A3B764F0A, DBF4950379BC3F530707BD257A8AB6BDED2D887607CEF55975904D765503D26E ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys16:42:11.0031 0x0510 PSched - ok16:42:11.0062 0x0510 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys16:42:11.0062 0x0510 Ptilink - ok16:42:11.0125 0x0510 [ 153D02480A0A2F45785522E814C634B6, 02B7590F2F4A8FA0B031CDA7A28BD55E7C04A080C1EA810BF3AC3212A62153A6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys16:42:11.0125 0x0510 PxHelp20 - ok16:42:11.0140 0x0510 ql1080 - ok16:42:11.0171 0x0510 Ql10wnt - ok16:42:11.0203 0x0510 ql12160 - ok16:42:11.0218 0x0510 ql1240 - ok16:42:11.0250 0x0510 ql1280 - ok16:42:11.0296 0x0510 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys16:42:11.0296 0x0510 RasAcd - ok16:42:11.0359 0x0510 [ 034AE40C0D63CD1BC909FE4CD0149148, 5A26563C320F94D149E3122AFC8A521CEB5FDFED82BD70A0116A492F11DDCEA1 ] RasAuto C:\WINDOWS\System32\rasauto.dll16:42:11.0359 0x0510 RasAuto - ok16:42:11.0406 0x0510 [ 946AFD1D88E27F9D1FB90846E059F28D, ADD3680D3DBE7B079BE61A5897B5B4CB7F8E0D7F690E95DCD3D92B525A8E44E3 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys16:42:11.0406 0x0510 Rasl2tp - ok16:42:11.0453 0x0510 [ 78FE0F702DE2C52B523E3093339E9D55, 725AF9D58E859E5A83D0FEB5CF863D6B26387963E1E8776F6C496D350B3EA6B7 ] RasMan C:\WINDOWS\System32\rasmans.dll16:42:11.0484 0x0510 RasMan - ok16:42:11.0500 0x0510 [ 2A6EA23EF68A0F509B045B105EC2BC5C, DD7B18349653CDA81358F6A660E42A57F1F957DE3454C6C424AD31431F463815 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys16:42:11.0500 0x0510 RasPppoe - ok16:42:11.0546 0x0510 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys16:42:11.0546 0x0510 Raspti - ok16:42:11.0578 0x0510 [ 9534C6AC6E389EFEC8B2794C379D97E7, 8FA443FA64C0604BC4C0672A3762AC331C2AA42B7D9D4C9ACB6F9FD501791799 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys16:42:11.0593 0x0510 Rdbss - ok16:42:11.0625 0x0510 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys16:42:11.0625 0x0510 RDPCDD - ok16:42:11.0671 0x0510 [ 1E9EA73D5F49F7B0CE9F0F4F3D63242B, FB20F74FB86C8273F95072D19FC643B7C6C62CCFFB6CD9BF47FD87B2034B68C3 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys16:42:11.0703 0x0510 rdpdr - ok16:42:11.0765 0x0510 [ 2DB7A249767412D5148F5D415B271F7D, 9216741F9A9BBC481521A6723C0C0F87445038739DE42B04F27283A9F612EB27 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys16:42:11.0765 0x0510 RDPWD - ok16:42:11.0796 0x0510 [ 55280866297D954F31679885ED58D077, 52B6B51F6E6EBABDC24D27C7FD21D02ADDED47C13BABC3AAE477C3F5CEF7B2AF ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe16:42:11.0812 0x0510 RDSessMgr - ok16:42:11.0843 0x0510 [ 805D17F1EC3626BB98B62DB45CEBE187, 2365B82EEFDE587E4C13B59EF01876CD0871746EDA3567D44715EEC2DCF250AE ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys16:42:11.0859 0x0510 redbook - ok16:42:11.0890 0x0510 [ 2C6425ED9ACD2B52D346F77D7E48BED3, AA201EBDBF89C158FE2A0CE74967DB532A4336B0CE37FF55B84372D1DDAB3641 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll16:42:11.0906 0x0510 RemoteAccess - ok16:42:11.0953 0x0510 [ 5858B07C7F91F1C7E95CF187C6AA0BCD, C17B7B7E87F03F35269F73EBDF2FF3AE85C61E9D8EF3F648571B5ADA7D5EEA16 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll16:42:11.0968 0x0510 RemoteRegistry - ok16:42:12.0000 0x0510 [ 3835E5B6404D27D1C05BC33B296C3905, 9F892C3AD2928596D5BB8517F23CE06DF3AA280C032C1F8A0C7DFC3CD0138A6B ] RpcLocator C:\WINDOWS\system32\locator.exe16:42:12.0000 0x0510 RpcLocator - ok16:42:12.0062 0x0510 [ BC44C99C09151D8BD36491BC1321F510, 91BFDBC43F4AF9524588A593DAA44124EBD73B996BC47CD690DFD871223C4BB2 ] RpcSs C:\WINDOWS\system32\rpcss.dll16:42:12.0093 0x0510 RpcSs - ok16:42:12.0140 0x0510 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe16:42:12.0156 0x0510 RSVP - ok16:42:12.0234 0x0510 [ 0C963B81C842B49CC87123F165224E5A, 1E78A025649447FE6D153770D4A35C392A47545F3101C016436616F63F95B274 ] S3GIGP C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys16:42:12.0281 0x0510 S3GIGP - ok16:42:12.0312 0x0510 [ 543B4545600F5B26150FF3F639AA670A, 55E78D1BAB10FDA3E72BA06847F8DDE852281757D204ED1FAA1A8BA222AF1C6E ] SamSs C:\WINDOWS\system32\lsass.exe16:42:12.0328 0x0510 SamSs - ok16:42:12.0390 0x0510 [ 93C707F59D097DB907998174158C8530, 41E06363CCCFF9D67F16D6C216A185A16A52C2E2B1F98515D42E323E144AA211 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe16:42:12.0390 0x0510 SCardSvr - ok16:42:12.0453 0x0510 [ 62DEBEDA7434D4F6D3DFCDE4F3AF7761, 4DBF5EB0837F04BF9BE5E6C9E572CF0E5707950EB92EC6A2DB677BF4D002CDF9 ] Schedule C:\WINDOWS\system32\schedsvc.dll16:42:12.0468 0x0510 Schedule - ok16:42:12.0500 0x0510 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys16:42:12.0500 0x0510 Secdrv - ok16:42:12.0546 0x0510 [ C6F49F6F4F1CDCAA25D1BF545EAE838F, 91A48C57179785FFD87E2A93A75F5826F7238B4211C6F43062CC7A90F29F75C7 ] seclogon C:\WINDOWS\System32\seclogon.dll16:42:12.0562 0x0510 seclogon - ok16:42:12.0578 0x0510 [ F2DA97B960DA71CFFF49C966AB74D2FC, A1587FA94D6C05D5B091B7B8B9F96F3F3DEE3EA58FC4C8FB0C828A70836099D6 ] SENS C:\WINDOWS\system32\sens.dll16:42:12.0593 0x0510 SENS - ok16:42:12.0625 0x0510 [ CF82322FA0B7A1E2F910EACC9D002B39, E750C577A296BA0C4A52F81FD5A5A1435696DFF0AF658656B082FC147697A4E3 ] Serial C:\WINDOWS\system32\drivers\Serial.sys16:42:12.0625 0x0510 Serial - ok16:42:12.0671 0x0510 [ 439CEC05C6F6E68FEB95F5B4FC01E9F3, 83F9EF7242CB0F34E4114572D3C4CD68D0E287C4C8B77C6FB39917179B56D817 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys16:42:12.0671 0x0510 Sfloppy - ok16:42:12.0718 0x0510 [ 91A696F08DAEB53F77EE725B304F3246, FA6AE4CE5437EAD3BF573C462DD0418A78BFAB0F29CB986B16D067D384522BC8 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll16:42:12.0750 0x0510 SharedAccess - ok16:42:12.0781 0x0510 [ EF95C4371DEB4900AA00B0E108261051, FAD2CAF55738DC42B12EAF407AF1433167E45B316B689FE8CDE3FB7BB7EB1227 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll16:42:12.0796 0x0510 ShellHWDetection - ok16:42:12.0812 0x0510 Simbad - ok16:42:12.0890 0x0510 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe16:42:12.0906 0x0510 SkypeUpdate - ok16:42:12.0937 0x0510 [ 09A392D93A595C6A07CEE9B7CF683F64, 8BF0B96A1EC68693655618931DFF9D831D4AA1650F6C736D2F9AA3BE4CB33BDA ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys16:42:12.0937 0x0510 SLIP - ok16:42:12.0968 0x0510 Sparrow - ok16:42:13.0015 0x0510 [ AD4C32A5E4802F9596BC87598BEC5EFA, B9537688EF04EA0C03EA2746BF344AF908EF414126DC4223F4F455A7DC51CA2F ] splitter C:\WINDOWS\system32\drivers\splitter.sys16:42:13.0015 0x0510 splitter - ok16:42:13.0062 0x0510 [ 0CB3202B6A2F4AFC735001DC43567C4D, A824891DAD92A7794E376F3B4D5959DC991E755DEDEBED9D0AC3887900D9B78A ] Spooler C:\WINDOWS\system32\spoolsv.exe16:42:13.0078 0x0510 Spooler - ok16:42:13.0125 0x0510 [ E8AEBF1E13D550BED140C1C6015E71B4, B35BD9ECEDB445E88EB32BE917709F0765AF37858A30E6B5FCBEB723DC51A678 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys16:42:13.0140 0x0510 sr - ok16:42:13.0171 0x0510 [ AB54E2DFF17D58350F88606FA85A02AF, A9C4BA71659704C980D8CFC33EDBC8F8796F47769CAD1943A811DE4F1E3AA8EB ] srservice C:\WINDOWS\system32\srsvc.dll16:42:13.0187 0x0510 srservice - ok16:42:13.0234 0x0510 [ 009B7FCA245A3D4BD912EDDE4084F701, 4772CF2CFB2CD172BB511A459E9AC7D6755D313BC4F730D85B26E82CF7FB25CF ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys16:42:13.0265 0x0510 Srv - ok16:42:13.0312 0x0510 [ 7B50C000ED67FF2F446123753D5413FF, 7F24F9966FF2F031FE3F8F66D74D478AAE1B9CAC3350A2226E0B128BF164E4C4 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll16:42:13.0328 0x0510 SSDPSRV - ok16:42:13.0390 0x0510 [ E736B227E428BE3FB9A1F8755E320B4B, DF1D876B9CB0CB845AAFEF3C7DDC7E4DF948D68B4ECBAB108AF17EECC290768C ] stisvc C:\WINDOWS\system32\wiaservc.dll16:42:13.0421 0x0510 stisvc - ok16:42:13.0453 0x0510 [ FF058F23412E411B1F30FE3F4464BDFE, 2681585A9F7656C117B586610C93C1C1B4AA5BEF790067049E1527CDCFEF464E ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys16:42:13.0453 0x0510 streamip - ok16:42:13.0500 0x0510 [ 492F74DB817FF4BCB582ADE7495E9B7B, AFABFDB25AE044891B3E1707E19D0D0D5AD1A164DB4D0BBDEB1F03222E274F8F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys16:42:13.0500 0x0510 swenum - ok16:42:13.0531 0x0510 [ 6FB4B1734F613D614CC0F6A28D7FD2E5, F246D160E656A2BCCDE6665CD7FBE8F42F61063E3B4860BFEFE72135BF1C8931 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys16:42:13.0531 0x0510 swmidi - ok16:42:13.0546 0x0510 SwPrv - ok16:42:13.0578 0x0510 symc810 - ok16:42:13.0609 0x0510 symc8xx - ok16:42:13.0640 0x0510 sym_hi - ok16:42:13.0671 0x0510 sym_u3 - ok16:42:13.0703 0x0510 [ B29CA8E11142186468C62A2DD30E2E84, F3B02CF3482EE3B29EED72D5C8DEAC5170D91EDB9746630C7308184C990555A3 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys16:42:13.0703 0x0510 sysaudio - ok16:42:13.0750 0x0510 [ C4C34141A39385F64FC423C7C8B245DF, 17D6335961E8FBA493FF36A7F889683941CCE1D92A64EB02EF10BF39D8BA338E ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe16:42:13.0765 0x0510 SysmonLog - ok16:42:13.0812 0x0510 [ 147B9CCE0B523D4DAFD91A60C2CE2B25, 7B87C4550137A30D11F4E0F7B12BCBB62BDE06BB65EFE6E4E6C2CDB9EE7B9314 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys16:42:13.0812 0x0510 tap0901 - ok16:42:13.0875 0x0510 [ 8A3AE8286C14965EA84529555A479C35, 690AEBC17631600F5C91586583F7E6EDD8533B5410CB3CD27879D8D21108D5CB ] TapiSrv C:\WINDOWS\System32\tapisrv.dll16:42:13.0906 0x0510 TapiSrv - ok16:42:13.0968 0x0510 [ 93BDCF501D8EA258BDD6F00893A3D315, 7C1D9B8506093E404CE908FEBB52E73B813544290F916A9C9E6B1C5A7B1B6235 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys16:42:14.0000 0x0510 Tcpip - ok16:42:14.0031 0x0510 [ 7A15C6872B75F0DB426C97429200292E, FA989CD5E8FAF5E9A349CE55D4716D5D37FD5E2DB857C3A9FC7B964D005D5B40 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys16:42:14.0031 0x0510 TDPIPE - ok16:42:14.0062 0x0510 [ CD471C6AD7B3B85695BE281BAF71C27E, 8962CD0EFC3AB5F8735D2B33303017F040997B991E712B71ACED1426041F4AFB ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys16:42:14.0062 0x0510 TDTCP - ok16:42:14.0109 0x0510 [ 3D648F177F9637A33070F918CA17D191, 8DC67458BC39B3B2991F140F3C10333D67DA4CB981D996582BC0F46B87810546 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys16:42:14.0109 0x0510 TermDD - ok16:42:14.0156 0x0510 [ CCB30FBA0F11056E199F360B351E5349, 7A407A04347F93F76DEA6F33CD5B47E78E37CDA9B34FD45E193FF617BBC85D83 ] TermService C:\WINDOWS\System32\termsrv.dll16:42:14.0187 0x0510 TermService - ok16:42:14.0234 0x0510 [ EF95C4371DEB4900AA00B0E108261051, FAD2CAF55738DC42B12EAF407AF1433167E45B316B689FE8CDE3FB7BB7EB1227 ] Themes C:\WINDOWS\System32\shsvcs.dll16:42:14.0250 0x0510 Themes - ok16:42:14.0296 0x0510 [ D4E29BD6FF231A2FB8201D0DF0E89F18, 562D6FD7CFEF9123AB346FA6BC339EA4CD9876D91D64E8C1C360B1FF486D7DE9 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe16:42:14.0312 0x0510 TlntSvr - ok16:42:14.0328 0x0510 TosIde - ok16:42:14.0375 0x0510 [ A9218E2CBDCC33CDC0ED0AD14E8863FA, 8B6A408CC129E6EB693B2256423162BB0AB2170FBEF2F06B1DE5D6119D93507D ] TrkWks C:\WINDOWS\system32\trkwks.dll16:42:14.0390 0x0510 TrkWks - ok16:42:14.0421 0x0510 [ 387A6F5F6A77A9FF310F0D1F952B694D, 592E52DDDE101DE46A9DD50D48A3775922E73EEA17A15823F50F48827B91A89E ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys16:42:14.0437 0x0510 uagp35 - ok16:42:14.0468 0x0510 [ 0149BA616F4F84EEA280EBBBE2727379, 90806A5381070E2C0722DA36B221CAEB3D4B9B6B9E72102B2C10C804DDD7D602 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys16:42:14.0484 0x0510 Udfs - ok16:42:14.0500 0x0510 UIUSys - ok16:42:14.0531 0x0510 ultra - ok16:42:14.0593 0x0510 [ AB0A7CA90D9E3D6A193905DC1715DED0, CA764A2B92E727E3398134CD50D5622B4EC387436A3644063DA1D114CE63BD64 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe16:42:14.0609 0x0510 UMWdf - ok16:42:14.0671 0x0510 [ 79C83AE5F8AF3517C6CF8E5743321C21, B87CC70526C0C11AB48D17F20F5D2D8F3D162926BF5EC43D788495EC983E6BD5 ] Unchecky C:\Program Files\Unchecky\bin\unchecky_svc.exe16:42:14.0671 0x0510 Unchecky - ok16:42:14.0734 0x0510 [ CE14ABC02A88B8C9D08726F21A1E3E7A, DE97CB31F3A9263E31A7E2968B8C17289049B0F481C3A1E20DFD6EEA5D431018 ] Update C:\WINDOWS\system32\DRIVERS\update.sys16:42:14.0765 0x0510 Update - ok16:42:14.0812 0x0510 [ 18097058DDFA698E6A7AEC1D965B61B0, 8CEE59CBADF63564C6CABEC14E4AAE5D9B5142810ACD3EADAF110DAA22BE5D06 ] upnphost C:\WINDOWS\System32\upnphost.dll16:42:14.0828 0x0510 upnphost - ok16:42:14.0875 0x0510 [ 2EF7EF0B1D49139B2FE2F6D2F4504810, B097C4390F42D2AD78FEF609CB88EF58ED9D224D67276F3F3E5798B649385291 ] UPS C:\WINDOWS\System32\ups.exe16:42:14.0875 0x0510 UPS - ok16:42:14.0937 0x0510 [ 5A2BD4E29ABEE55B83F45F40D8EC5E21, A1C4E48C105989B8D01A072A5F702FDF5FF32530CD50AAACEFFF014530F4B93F ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys16:42:14.0937 0x0510 usbaudio - ok16:42:14.0984 0x0510 [ A1A80DFEF1B7C1F86A2170AE0E9376F6, F6A91300BA3D9F37A4D46B6936B44FD7ECC95F3B6E42EE7E05F7059C2CE45FC4 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys16:42:14.0984 0x0510 usbccgp - ok16:42:15.0031 0x0510 [ A272F17643AAE348F7E296EBDCDBD48D, 9787F7BD3C9F7CA2927E4D4428CE1E73E791EE5A160D849FB1BEFD6A1E108CDB ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys16:42:15.0031 0x0510 usbehci - ok16:42:15.0062 0x0510 [ AB16F57DF6ADCEB94CA74AE33800CCE4, 4CB52D80D1E6A067E71D94DB15F3B509F8EC2C4371B4FACDA3970BD3926E0AC3 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys16:42:15.0062 0x0510 usbhub - ok16:42:15.0125 0x0510 [ BF4ACC6FA22EC157EF27F414860A358D, 3390FE28F6CFAA691294198403C490872591CBABE5624C9CA7DC5C3698EE6699 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys16:42:15.0125 0x0510 usbprint - ok16:42:15.0156 0x0510 [ 3A2FDD0341D3DAE241B6A182D1D85649, C7CA1D0D447644803A3D1B5F60280BE96F9452DCF5F25AA62D9682CA29D2AF8E ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys16:42:15.0171 0x0510 usbscan - ok16:42:15.0218 0x0510 [ 27E3998C0FF792BE5AD48E5CDC53CF86, E9647507774DD7BC7BB887F943DD461EFFC1971A2BA3B71A40D36165DE0191A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS16:42:15.0234 0x0510 USBSTOR - ok16:42:15.0265 0x0510 [ 79F2E86C56453942B951A979CFE1C619, 19EB2EF34E6AE8C61B2B887E1BF11239CF1AEB147E39BD15A834D4368F0B1BF8 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys16:42:15.0281 0x0510 usbuhci - ok16:42:15.0328 0x0510 [ 68E63607E53183EA125D36EDED218D4E, B4D5AD545A994C6A12BA32BDF392AC1C18A8F5E86198B19E790776F3862A94A6 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys16:42:15.0343 0x0510 usbvideo - ok16:42:15.0375 0x0510 [ E3894343F9C7A6A5B5A4051BB2A51DFF, CC1CA103A26BB91F4BAE6B00B9CEBC632E5F962CACE0C1913DB486ECB48FB4CE ] VgaSave C:\WINDOWS\System32\drivers\vga.sys16:42:15.0375 0x0510 VgaSave - ok16:42:15.0421 0x0510 [ 0B3D017E6BAF3406BB72623832ACC131, E17A67F69A7D8A60DE6FD115892BB358E218A0DF20F1E377FC6A5E7910AFE5F3 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys16:42:15.0421 0x0510 ViaIde - ok16:42:15.0453 0x0510 [ 734738D29213DE1EE15FDB7BBD134FE7, F17C88DF382E0F356B6BCDDF8F850772BD345A4FAEFACAD7617C842E4F7CAC80 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys16:42:15.0468 0x0510 VolSnap - ok16:42:15.0531 0x0510 [ AA8FCFE8AD758F1EB4E91C35CA567120, 368887EFADF962ABB540DE4331EC128CC03F232842963629BA7979F54642DDCE ] VSS C:\WINDOWS\System32\vssvc.exe16:42:15.0578 0x0510 VSS - ok16:42:15.0640 0x0510 [ 747089D0836DE2965363E0D017AFC07E, 726555FB9274173AFFEF4E5922DD0DE3B205C0B300E61055811FDBD3BCC74188 ] W32Time C:\WINDOWS\system32\w32time.dll16:42:15.0656 0x0510 W32Time - ok16:42:15.0734 0x0510 [ B1C554EE64AE2D6515B0893E047C90D6, 8CDF130380F8C16B9B7BFFCBE79B63F30611A5B7842E2652C70D6405E5AB7E9B ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys16:42:15.0734 0x0510 Wanarp - ok16:42:15.0765 0x0510 [ 75D3351D337DED3BE940C6F2FDFC13C2, 75300F3005D77B92C6AD8998005FC111CF8C8D49631B3690DF013EA8D5A21034 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys16:42:15.0765 0x0510 wceusbsh - ok16:42:15.0781 0x0510 WDICA - ok16:42:15.0828 0x0510 [ 9B8065C28267B639776BBAB90BF6C841, 80B59DFF90EAEBAD65D996F86EFA6C8852839775F21FCF0845FD67F19729A81A ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys16:42:15.0828 0x0510 wdmaud - ok16:42:15.0859 0x0510 [ 1E5809BB10C4935910470E0C7B727524, F2293E6F0B78669337CF5AEAF89CBF6F2B74BB62D1D4351B94527DD22F268671 ] WebClient C:\WINDOWS\System32\webclnt.dll16:42:15.0875 0x0510 WebClient - ok16:42:15.0953 0x0510 [ 86723EA860346FBE5490835344CAD939, 0ECC106E6DB616AB7ECD1C5E513BF2CC29B224E2860B1485E3D8AB3B45E55138 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys16:42:16.0000 0x0510 winachsf - ok16:42:16.0093 0x0510 [ FCC16FD46AFDD9996C61236C50D4DD21, 92A0D97C6D9DB86DA4AB4E125D509A0F32D9C89BCA0BC8ED4DFEB8CD5A1F836F ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll16:42:16.0109 0x0510 winmgmt - ok16:42:16.0187 0x0510 [ 140EF97B64F560FD78643CAE2CDAD838, 1DEA8005220A3EFEC6E32A7DE4386026CCC1E5328E2FDCB82B1FB335905D1962 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll16:42:16.0203 0x0510 WmdmPmSN - ok16:42:16.0265 0x0510 [ 9FA49F8A0FF5A94208017EE04C86DDED, BF6F7C13D8C1ECD4269AE9320628AEBC52D75B8C0A4A2FDF8EB598117F7F11E9 ] Wmi C:\WINDOWS\System32\advapi32.dll16:42:16.0328 0x0510 Wmi - ok16:42:16.0375 0x0510 [ 40844F8DDE70E0955F5660A669F33D0C, 07D3E8F8175E26192F495D712800E74FC7C834A1F4DD165FD2E47DF30CF75757 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe16:42:16.0390 0x0510 WmiApSrv - ok16:42:16.0437 0x0510 [ B7FE5CDA268792D2ABAAB56946AFE3BE, D6F6090A3883DEC9487D70080191CB3BC8B1190C862E131C298966CBA5C76D17 ] wscsvc C:\WINDOWS\system32\wscsvc.dll16:42:16.0453 0x0510 wscsvc - ok16:42:16.0500 0x0510 [ 400E972FBA7046EC04E8A037B5F7FE86, 3A34F74445923BFE99B5CA5FC380669D15AE82F5681A61C7A63CF6690ED7C8D1 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS16:42:16.0500 0x0510 WSTCODEC - ok16:42:16.0546 0x0510 [ B64E5C23F7939ED28F040B1AB269D8AB, AD487EC1BD06338F42FE9897038995DC7E85D829F1D607EC4DF699863BBB3B75 ] wuauserv C:\WINDOWS\system32\wuauserv.dll16:42:16.0562 0x0510 wuauserv - ok16:42:16.0625 0x0510 [ 78502B4F25C91A61E3ACFB2F33B6B7A1, AE15BECBD7014C8B8D6A25BBAF57C7B1A434B951DF870DEF025230979E097E05 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll16:42:16.0671 0x0510 WZCSVC - ok16:42:16.0718 0x0510 [ F077E30465B99436FF68E5B6ECE0728E, 18F7F366DA1E6A55BEB6EC4DFA9E83682A7C17F7AAA4F4877680ABCB4E362207 ] xmlprov C:\WINDOWS\System32\xmlprov.dll16:42:16.0734 0x0510 xmlprov - ok16:42:16.0796 0x0510 ================ Scan global ===============================16:42:16.0828 0x0510 [ 06842E76E4AED48BC3E6ABAA5633E78A, 7F471F3C66DE36DE5485BAA6C0C8574C4E2E272EAD3AD30FB503F3AEDF16882A ] C:\WINDOWS\system32\basesrv.dll16:42:16.0890 0x0510 [ 88FC0FEC554995284DF1F68226013FF2, 4560D4D6866C169AE9C90F089A720DA30CD581B747C8116FCC68DE929FDB88F8 ] C:\WINDOWS\system32\winsrv.dll16:42:16.0937 0x0510 [ 88FC0FEC554995284DF1F68226013FF2, 4560D4D6866C169AE9C90F089A720DA30CD581B747C8116FCC68DE929FDB88F8 ] C:\WINDOWS\system32\winsrv.dll16:42:16.0984 0x0510 [ 5C031F7E17E3CA7760CA2D7CFFF973D2, 6D3D73470F77FF15167E3D23BCD176BF4A5BE933BB9B1B8CD1685B88C1A6A0B0 ] C:\WINDOWS\system32\services.exe16:42:17.0000 0x0510 [ Global ] - ok16:42:17.0000 0x0510 ================ Scan MBR ==================================16:42:17.0015 0x0510 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR016:42:17.0171 0x0510 \Device\Harddisk0\DR0 - ok16:42:17.0171 0x0510 ================ Scan VBR ==================================16:42:17.0187 0x0510 [ 783B81D37DF52A2C8076C991BC448F37 ] \Device\Harddisk0\DR0\Partition116:42:17.0187 0x0510 \Device\Harddisk0\DR0\Partition1 - ok16:42:17.0203 0x0510 [ D80FD18174465518390B3B3BC12FF1EE ] \Device\Harddisk0\DR0\Partition216:42:17.0218 0x0510 \Device\Harddisk0\DR0\Partition2 - ok16:42:17.0218 0x0510 Waiting for KSN requests completion. In queue: 17816:42:18.0218 0x0510 Waiting for KSN requests completion. In queue: 17816:42:19.0218 0x0510 Waiting for KSN requests completion. In queue: 17816:42:20.0343 0x0510 AV detected via SS1: avast! Antivirus, 5.0.150996960, enabled, updated16:42:20.0359 0x0510 Win FW state via NFM: enabled16:42:22.0734 0x0510 ============================================================16:42:22.0734 0x0510 Scan finished16:42:22.0734 0x0510 ============================================================16:42:22.0781 0x0858 Detected object count: 016:42:22.0781 0x0858 Actual detected object count: 0 Link to post Share on other sites More sharing options...
Psychotic Posted April 15, 2014 ID:818606 Share Posted April 15, 2014 Search for files with FRST (Recovery Environment)Run FRST.Type the following in the edit box after "Search:"rpcss.dllClick Search button and post the log (Search.txt) it makes to your reply. Link to post Share on other sites More sharing options...
Serb25 Posted April 15, 2014 Author ID:818628 Share Posted April 15, 2014 Farbar Recovery Scan Tool (x86) Version: 14-04-2014Ran by Nedjo Baslac at 2014-04-15 17:46:48Running from C:\Documents and Settings\Nedjo Baslac\My DocumentsBoot Mode: Normal ================== Search: "rpcss.dll" =================== C:\WINDOWS\system32\rpcss.dll[2008-03-07 11:46] - [2008-03-07 11:46] - 0399360 ____A (Microsoft Corporation) bc44c99c09151d8bd36491bc1321f510 C:\WINDOWS\system32\dllcache\rpcss.dll[2008-03-07 11:46] - [2008-03-07 11:46] - 0399360 ___AC (Microsoft Corporation) bc44c99c09151d8bd36491bc1321f510 === End Of Search === Link to post Share on other sites More sharing options...
Serb25 Posted April 15, 2014 Author ID:818701 Share Posted April 15, 2014 Sorry for double post, but PandoraTV was also installed onto the systen. I uninstalled it using add and remove but I am 100% sure it is deeper in the system. No programs detect it and I want to remove it completly. Link to post Share on other sites More sharing options...
Psychotic Posted April 16, 2014 ID:819064 Share Posted April 16, 2014 The processes you mentioned are legit. Let´s take out some remainings: Add-/remove programmsClick on start-->control panel.Vista/7: Open Programs and FeaturesXP: Open add/remove programsSearch for and remove the following programs Zip Extractor PackagesKMP Media ToolbarClose the window. Fix with FRST (normal mode)WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Download the attached fixlist.txt and save it to the location where FRST is saved to.Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply. fixlist.txt Link to post Share on other sites More sharing options...
Serb25 Posted April 16, 2014 Author ID:819130 Share Posted April 16, 2014 A network error occurred while attempting to read from the file: C:/WINDOWS/InstallerAskToolbarInstaller-12.10.3_KMPV7.msi I cannot uninstall it. Help? Link to post Share on other sites More sharing options...
Serb25 Posted April 16, 2014 Author ID:819131 Share Posted April 16, 2014 When I uninstall Zip Packeges it said it is uninstalled and it just needs to be romved from add /remove and I did remove it. Link to post Share on other sites More sharing options...
Serb25 Posted April 16, 2014 Author ID:819141 Share Posted April 16, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-04-2014Ran by Nedjo Baslac at 2014-04-16 13:35:42 Run:1Running from C:\Documents and Settings\Nedjo Baslac\My DocumentsBoot Mode: Normal ============================================== Content of fixlist:*****************2004-08-04 20:00 - 2014-04-15 16:30 - 00001887 ____A C:\WINDOWS\system32\Drivers\etc\hostsTask: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\NEDJOB~1\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION C:\DOCUME~1\NEDJOB~1\APPLIC~1\DIGITA~1 Zip Extractor Packages***************** C:\WINDOWS\system32\Drivers\etc\hosts => Moved successfully.C:\WINDOWS\Tasks\At1.job => Moved successfully."C:\DOCUME~1\NEDJOB~1\APPLIC~1\DIGITA~1" => File/Directory not found. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
Serb25 Posted April 16, 2014 Author ID:819161 Share Posted April 16, 2014 Also why does FRST say Avast! is disabled when it's not? Link to post Share on other sites More sharing options...
Psychotic Posted April 16, 2014 ID:819378 Share Posted April 16, 2014 Sometimes the information provided by windows are wrong. Full System Scan with Malwarebytes AntimalwareIf not existing, please download Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. [*]Click Finish.If the program is already installed:Run Malwarebytes Antimalware On the Dashboard, click the 'Update Now >>' link After the update completes, click the 'Scan Now >>' button. Or, on the Dashboard, click the Scan Now >> button. If an update is available, click the Update Now button. A Threat Scan will begin. When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected. In most cases, a restart will be required. Wait for the prompt to restart the computer to appear, then click on Yes.After the restart once you are back at your desktop, open MBAM once more. Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click 'Copy to Clipboard' Paste the contents of the clipboard into your reply. Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
Serb25 Posted April 16, 2014 Author ID:819387 Share Posted April 16, 2014 OK. It's late where I live so I will do them at 8:00 to my clock. I don't know the Germab clocks but I saw you respond somewhere around 9:00 at my clock. Also is costom scan when I tick all the options like a full scan or the same? And what are we gonna do about KMPToolbar? Thanks for all of your support, I would donate if I could so! Link to post Share on other sites More sharing options...
Psychotic Posted April 16, 2014 ID:819392 Share Posted April 16, 2014 We´ll get rid of this toolbar soon. See you later! Link to post Share on other sites More sharing options...
Serb25 Posted April 17, 2014 Author ID:819638 Share Posted April 17, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 4/17/2014Scan Time: 06:50:08Logfile: Administrator: Yes Version: 2.00.1.1004Malware Database: v2014.04.17.01Rootkit Database: v2014.03.27.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: Nedjo Baslac Scan Type: Threat ScanResult: CompletedObjects Scanned: 219680Time Elapsed: 18 min, 46 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledShuriken: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Serb25 Posted April 17, 2014 Author ID:819658 Share Posted April 17, 2014 And no threats were found on the ESET Online Scanner Test Link to post Share on other sites More sharing options...
Serb25 Posted April 17, 2014 Author ID:819699 Share Posted April 17, 2014 Just a note that I will uninstall Avast! and install bit defender Free. Don't get me wrong, Avast! Is great, it's better than AVG Internet Security(It was legit, not cracked or pirated) which let the viruses in the system. I just want to try bitdefender sense I heard ALOT of good things about it and from what I saw it is very good at removing trojans and blocking sites. However I will not uninstall Avast! until I hear what you will say. Also are those bogus host files clean now? Link to post Share on other sites More sharing options...
Serb25 Posted April 17, 2014 Author ID:819772 Share Posted April 17, 2014 Oops instead of bitdefender I meant Microsoft Security Essentials. Apologies for the mistake got up early so my head is messed up. Link to post Share on other sites More sharing options...
Psychotic Posted April 17, 2014 ID:819792 Share Posted April 17, 2014 Then we can do the cleanup - if you are facing any issues, report that immediately.Delete junk with adwCleanerPlease download AdwCleaner to your desktop.Run adwcleaner.exe Hit Scan and wait for the scan to finish. Confirm the message but don´t uncheck anything. Hit Clean When the run is finished, it will open up a text file Please post its contents within your next reply You´ll find the log file at C:\AdwCleaner[s1].txt alsoDelete junk with JRT Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.SecurityCheckReboot your system before starting!Please download SecurityCheck: LINK1 LINK2Save it to your desktop, start it and follow the instructions in the window. After the scan finished the (checkup.txt) will open. Copy its content to your thread. Link to post Share on other sites More sharing options...
Serb25 Posted April 17, 2014 Author ID:819794 Share Posted April 17, 2014 The issue is that when scrolling with any browser it's lagging. Anyway I will post it ASAP Link to post Share on other sites More sharing options...
Serb25 Posted April 17, 2014 Author ID:819796 Share Posted April 17, 2014 # AdwCleaner v3.023 - Report created 17/04/2014 at 15:20:59# Updated 01/04/2014 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : Nedjo Baslac - HOME-AMILO# Running from : C:\Documents and Settings\Nedjo Baslac\My Documents\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v [ File : C:\Documents and Settings\Nedjo Baslac\Application Data\Mozilla\Firefox\Profiles\hfq8c0et.default\prefs.js ] -\\ Google Chrome v34.0.1847.116 [ File : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] [ File : C:\Documents and Settings\Nedjo Baslac\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [9119 octets] - [05/04/2014 10:03:27]AdwCleaner[R1].txt - [1241 octets] - [05/04/2014 10:15:39]AdwCleaner[R2].txt - [1101 octets] - [17/04/2014 15:20:59]AdwCleaner[s0].txt - [9122 octets] - [05/04/2014 10:05:14]AdwCleaner[s1].txt - [1302 octets] - [05/04/2014 10:17:38] ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1281 octets] ########## Link to post Share on other sites More sharing options...
Recommended Posts