Gordon13

Malwarebytes Not Responding

43 posts in this topic

Hi,

 

Malwarebytes will run and then stops responding.

I have tried both the full and quick scans.attach.txtdds.txt

 

Ron at Malwarebytes has indicated that I have an infection.

 

I have attached the dds logs

 

Thanks

 

Gordon

Share this post


Link to post
Share on other sites

Hello and Welcome to Malwarebyte's Malware Help Forum!

 

First, please download and run the AVG Removal Tool that is appropriate for your system from this page:

http://www.avg.com/us-en/utilities

 

Then, DOWNLOAD AND RUN SECURITY CHECK BY SCREEN317:
 
 
It will open a command window and do some processing to check the status of security programs and other programs that may be vulnerable on your computer.
 
Please post back the log that it creates when it's finished.
 
Next, please Run ComboFix by following the steps provided in this sequence:
 
Here is a tutorial that describes how to download, install and run Combofix. Please thoroughly review it before proceeding:
 
Very Important!  BEFORE downloading Combofix, temporarily disable your antivirus and  antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective. This guide can help you if you are unsure of how to do that:
 
 
Using ComboFix  ->
 
Please download Combofix to your desktop from >>HERE<<
 
Running Combofix
 
In the event you already have Combofix, please delete it as this is a new version.
  • Close any open browsers and programs.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • If Combofix asks to update, please allow it to do so.
  • If You are running Windows XP, and Combofix asks to install the Recovery Console, please allow it to do so or it WILL NOT perform it's normal malware removal capabilities.  This is for your safety !!
 
    1. To Launch Combofix
 
 Click Start --> Run, and enter (copy/paste) this command exactly as shown, including the quotes:
 
"%userprofile%\desktop\combofix.exe" /killall
 
    2. When finished, it will produce a log file located at C:\ComboFix.txt
 
    3. Post the contents of that log in your next reply.
 
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang. 
 
Please copy and paste  C:\ComboFix.txt into your next reply.
 
=============
NOTE: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
 
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Share this post


Link to post
Share on other sites

Hi

Thanks for your reply.

I have run the AVG removal tool and the screen317 program.

The log is attached as request.

 

checkup.txt

 

 

I will now look at running combofix.

 

Thanks

Share this post


Link to post
Share on other sites

Hi,

I have installed Combofix and have run it as instructed.

It installed the MS recovery console.

Combofix ran and got to step 50 then hung.

After 30 minutes I killed the process.

There was no log file produced.

I restarted the computer and ran again.

It then ran to step 50 and gave a message

System file is infected !! Attempting to restore

C:\Windows\system32\Drivers\atapi.sys

 

Checking the file it was last updated in 13/04/2008. Not sure why it thinks it was infected.

There appears to be no activity on the machine.

Task Manager shows that AutoScan is running, but System Idle Process is 99%.  It does not look like anything else is running.

I will disconnect from the interner and leave it running overnight.

I cannot see a log file.

Share this post


Link to post
Share on other sites
Thanks for the information you provided.
 
Just end process on Combofix.exe, and we'll try another similar approach.
 
You have an infection which is showing you the file attributes of the legitimate version of atapi.sys but the one (driver) that is really loaded is infected and needs to be replaced.
 
Delete Combofix from your desktop and download this  renamed version, also to your desktop. 
 
Next, boot into Safe Mode.
 
To start the computer in safe mode:
 

1. Click Start and then click Shut Down.

 

2. In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK.
 
3. As your computer restarts but before Windows launches, press the F8.  
 
4. Use the arrow keys to highlight the appropriate safe mode option, and then press ENTER.
 
Launch Combofix.exe by dragging and dropping the same CFScript.txt into the renamed Combofix icon on your desktop.
 
When Combofix finishes running it should reboot and open a log:
 
C:\Combofix.txt
 
Please post that log in your next reply.
 
========
You can read information on what we are going to do next here:
 
Please download TDSSKiller.exe
 
 
 
Double-click TDSSKiller.exe to launch the program.
 
Click Start scan.
 
When it is finished the utility outputs a list of detected objects with description.
 
The utility automatically selects an action (Cure or Delete) for malicious objects.
 
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Leave the default options as is, and click Continue.
 
Allow your system to reboot if a reboot is indicated. Please let me know if that was the case.
 
Click on Report and post the contents of the text file that opens.
 
Note: By default, the utility outputs the log into system directory (the drive your operating system is installed on, normally C:\).
 
The Log has a name with this format: TDSSKiller.Version_Date_Time_log.txt.
 
Please post that log in your next reply.
 
==============================

Share this post


Link to post
Share on other sites

Hi,

 

I clicked on your link and I got a message about downloading IEXPLORER.EXE.  I dont think this is correct eventhough the link shows combofix.

 

I do not feel happy about this at all and will not download.

 

How do we proceed from here?

Share this post


Link to post
Share on other sites

 

I clicked on your link and I got a message about downloading IEXPLORER.EXE.  I dont think this is correct eventhough the link shows combofix.

 

I do not feel happy about this at all and will not download.

This is the whole point.  Renaming an anti-malware executable is one of the ways to thwart malware.  I could have you rename Combofix.exe as you download it,, but this is a genuine version that is already renamed for that purpose.

 

Knowing this, I hope you feel confident about following my instructions as given.  Please proceed.

Share this post


Link to post
Share on other sites

Hi

 

I dont know where the .txt file is as I did not have one last time??

 

Launch Combofix.exe by dragging and dropping the same CFScript.txt into the renamed Combofix icon on your desktop.

Share this post


Link to post
Share on other sites

I rebooted in safe mode and clicked on the icon on the desktop.

combo fix ran and then rebooted the machine.

This took ages the a log file was displayed on the screen.

I saved this then invoked IE ready to post.

Now I get the message that I'm about to view pages over a secure connection. 

This is very strange as I would only expect this on a p2p VPN.

 

What should I do now?

Share this post


Link to post
Share on other sites
Now I get the message that I'm about to view pages over a secure connection

 

 

I would be more concerned if it said you were about view pages over an insecure connection.

 

It's probably related to ComboFix resetting  a number of Internet Explorer's settings to make it more secure, including making it the default browser.

 

Please post C:\combofix.txt so I can see what is happening on your computer and how Combofix dealt with your infection.

 

Also, if you have the TDSSKIller log already please include that.

Share this post


Link to post
Share on other sites

Her is the combofix log

 

I will now run the other tool.

Do you prefer the files as attachments or in the reply?

 

ComboFix 13-10-09.01 - Gordon 09/10/2013  20:01:47.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3565.3225 [GMT 1:00]
Running from: c:\documents and settings\Gordon\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Gordon\WINDOWS
c:\windows\system32\OLD38.tmp
c:\windows\system32\OLD3C.tmp
c:\windows\system32\OLD50.tmp
c:\windows\system32\OLD51.tmp
c:\windows\system32\OLD53.tmp
c:\windows\system32\OLD56.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET49.tmp
.
-- Previous Run --
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
.
--------
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npf
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-09 to 2013-10-09  )))))))))))))))))))))))))))))))
.
.
2013-10-08 20:29 . 2013-10-08 20:29 -------- d-----w- c:\documents and settings\Gordon\Application Data\0D0S1L2Z1P1B
2013-10-08 20:29 . 2013-10-08 20:29 -------- d-----w- c:\documents and settings\Gordon\Application Data\DigitalSite
2013-10-08 20:29 . 2013-10-08 20:29 -------- d-----w- c:\program files\OpenIt
2013-10-08 20:04 . 2013-09-05 05:02 7328304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0A884C5A-5F68-4A98-AA3D-A20DA2FE39CC}\mpengine.dll
2013-10-07 18:07 . 2013-09-05 05:02 7328304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-28 08:10 . 2013-10-07 19:04 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-09-28 08:10 . 2013-09-28 08:10 -------- d-----w- c:\documents and settings\Gordon\Application Data\Malwarebytes
2013-09-28 08:09 . 2013-09-28 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-09-28 08:09 . 2013-09-28 08:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-28 08:09 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-13 17:23 . 2013-09-13 17:23 -------- d-sh--w- c:\documents and settings\Christopher\IETldCache
2013-09-12 21:13 . 2013-09-12 21:13 -------- d-----w- c:\documents and settings\Gordon\Local Settings\Application Data\PassMark
2013-09-12 21:13 . 2013-09-12 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Passmark
2013-09-12 21:13 . 2013-09-12 21:13 -------- d-----w- c:\program files\PerformanceTest
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-08 20:34 . 2012-10-12 14:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 20:34 . 2011-10-06 19:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56 . 2006-09-29 13:27 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2006-09-29 13:28 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2006-09-29 13:27 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2006-09-29 13:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2006-09-29 13:27 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2006-09-29 13:28 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2006-09-29 13:27 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2006-09-29 13:27 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 13:18 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-08-30 18:26 1423520 ----a-w- c:\program files\Microsoft\BingBar\7.3.107.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BCSSync"="d:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-17 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-04-06 136416]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-11-03 73728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 995184]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk
backup=c:\windows\pss\Belkin Wireless Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gordon^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\Gordon\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 12:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 03:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 21:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 15:07 49263 ----a-w- c:\program files\Java\jre1.5.0_10\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-17 22:36 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate1c994173b632322"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Windows\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"d:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Steam\\steam.exe"=
"d:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"d:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"d:\\Program Files\\Steam\\SteamApps\\common\\napoleon total war\\Napoleon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.107.0\BBSvc.EXE [30/08/2013 19:26 193696]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [06/04/2011 16:22 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [03/11/2011 19:10 8704]
R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 13:21 92592]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [06/09/2013 14:33 46080]
S2 kbuzyias5zubw;Print Spooler Service;c:\windows\system32\kolgwvd.exe /service --> c:\windows\system32\kolgwvd.exe  [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [06/09/2013 14:32 1691480]
S3 atidgllk;atidgllk;\??\c:\program files\ASUS\SmartDoctor\atidgllk.sys --> c:\program files\ASUS\SmartDoctor\atidgllk.sys [?]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.107.0\SeaPort.EXE [30/08/2013 19:26 240288]
S3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo32.sys [12/09/2013 22:13 22120]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [28/09/2013 09:10 40776]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [26/12/2009 00:15 136704]
S4 gupdate1c994173b632322;Google Update Service (gupdate1c994173b632322);c:\program files\Google\Update\GoogleUpdate.exe [21/02/2009 12:26 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 20:34]
.
2013-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 11:26]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 11:26]
.
2013-10-09 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-07-18 15:49]
.
2013-10-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1785211882-1627415546-1105308610-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2013-09-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1785211882-1627415546-1105308610-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Se&nd to OneNote - d:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NWEReboot - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-jewbpe - c:\windows\system32\jewbpe.exe
MSConfigStartUp-kolgwvd - c:\windows\system32\kolgwvd.exe
AddRemove-MWASPI - c:\mwaspi\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-09 20:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3640)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\RTHDCPL.EXE
c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Memeo\AutoBackup\InstantBackup.exe
c:\program files\Memeo\AutoBackup\MemeoUpdater.exe
c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
.
**************************************************************************
.
Completion time: 2013-10-09  20:31:20 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-09 19:31
.
Pre-Run: 170,940,612,608 bytes free
Post-Run: 167,604,506,624 bytes free
.
- - End Of File - - 6F2DFADBB9606F1185A0E9F13174093B
8F558EB6672622401DA993E1E865C861
 

Share this post


Link to post
Share on other sites

I prefer that you copy/paste replies please.

 

TDSSKIller will confirm whether your infection is removed.  It looks like Combofix was successful in replacing the patched driver with a legitimate copy so that is good news.

Share this post


Link to post
Share on other sites

21:03:27.0062 0x08c4  TDSS rootkit removing tool 3.0.0.12 Oct  9 2013 14:59:22
21:03:27.0343 0x08c4  ============================================================
21:03:27.0343 0x08c4  Current date / time: 2013/10/09 21:03:27.0343
21:03:27.0343 0x08c4  SystemInfo:
21:03:27.0343 0x08c4 
21:03:27.0343 0x08c4  OS Version: 5.1.2600 ServicePack: 3.0
21:03:27.0343 0x08c4  Product type: Workstation
21:03:27.0343 0x08c4  ComputerName: MAXDATA-8BF282C
21:03:27.0343 0x08c4  UserName: Gordon
21:03:27.0343 0x08c4  Windows directory: C:\WINDOWS
21:03:27.0343 0x08c4  System windows directory: C:\WINDOWS
21:03:27.0343 0x08c4  Processor architecture: Intel x86
21:03:27.0343 0x08c4  Number of processors: 2
21:03:27.0343 0x08c4  Page size: 0x1000
21:03:27.0343 0x08c4  Boot type: Normal boot
21:03:27.0343 0x08c4  ============================================================
21:03:28.0328 0x08c4  System UUID: {4312BE93-120B-BA69-831B-A740BA689A8B}
21:03:28.0687 0x08c4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:03:28.0687 0x08c4  Drive \Device\Harddisk1\DR1 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:03:28.0750 0x08c4  ============================================================
21:03:28.0750 0x08c4  \Device\Harddisk0\DR0:
21:03:28.0750 0x08c4  MBR partitions:
21:03:28.0750 0x08c4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D3293DD
21:03:28.0765 0x08c4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D32945B, BlocksNum 0x1D05B7E6
21:03:28.0765 0x08c4  \Device\Harddisk1\DR1:
21:03:28.0765 0x08c4  MBR partitions:
21:03:28.0765 0x08c4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C4938
21:03:28.0765 0x08c4  ============================================================
21:03:28.0812 0x08c4  C: <-> \Device\Harddisk0\DR0\Partition1
21:03:28.0843 0x08c4  D: <-> \Device\Harddisk0\DR0\Partition2
21:03:28.0843 0x08c4  F: <-> \Device\Harddisk1\DR1\Partition1
21:03:28.0843 0x08c4  ============================================================
21:03:28.0843 0x08c4  Initialize success
21:03:28.0843 0x08c4  ============================================================
21:03:32.0984 0x07b8  ============================================================
21:03:32.0984 0x07b8  Scan started
21:03:32.0984 0x07b8  Mode: Manual;
21:03:32.0984 0x07b8  ============================================================
21:03:32.0984 0x07b8  KSN ping started
21:03:35.0625 0x07b8  KSN ping finished: true
21:03:36.0062 0x07b8  ================ Scan system memory ========================
21:03:36.0062 0x07b8  System memory - ok
21:03:36.0062 0x07b8  ================ Scan services =============================
21:03:37.0343 0x07b8  Abiosdsk - ok
21:03:37.0343 0x07b8  abp480n5 - ok
21:03:37.0390 0x07b8  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:03:37.0390 0x07b8  ACPI - ok
21:03:37.0500 0x07b8  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
21:03:37.0500 0x07b8  ACPIEC - ok
21:03:37.0578 0x07b8  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:03:37.0578 0x07b8  AdobeFlashPlayerUpdateSvc - ok
21:03:37.0609 0x07b8  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:03:37.0609 0x07b8  adpu160m - ok
21:03:37.0656 0x07b8  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
21:03:37.0656 0x07b8  aec - ok
21:03:37.0687 0x07b8  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
21:03:37.0687 0x07b8  AFD - ok
21:03:37.0703 0x07b8  Aha154x - ok
21:03:37.0718 0x07b8  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:03:37.0718 0x07b8  aic78u2 - ok
21:03:37.0734 0x07b8  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:03:37.0734 0x07b8  aic78xx - ok
21:03:37.0750 0x07b8  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
21:03:37.0781 0x07b8  Alerter - ok
21:03:37.0812 0x07b8  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
21:03:37.0812 0x07b8  ALG - ok
21:03:37.0812 0x07b8  AliIde - ok
21:03:37.0875 0x07b8  [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
21:03:37.0937 0x07b8  Ambfilt - ok
21:03:37.0937 0x07b8  amsint - ok
21:03:38.0156 0x07b8  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:03:38.0156 0x07b8  Apple Mobile Device - ok
21:03:38.0156 0x07b8  AppMgmt - ok
21:03:38.0156 0x07b8  asc - ok
21:03:38.0156 0x07b8  asc3350p - ok
21:03:38.0156 0x07b8  asc3550 - ok
21:03:38.0421 0x07b8  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:03:38.0437 0x07b8  aspnet_state - ok
21:03:38.0437 0x07b8  asusgsb - ok
21:03:38.0468 0x07b8  [ F5C2CCDB273A546E9C3A15250F1D9165, DEE995DF3F63FF987B35A64B1723B4CB998A1B9C5909B7DBD48EA65257D6CE5A ] asuskbnt        C:\WINDOWS\system32\drivers\atkkbnt.sys
21:03:38.0484 0x07b8  asuskbnt - ok
21:03:38.0515 0x07b8  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:03:38.0515 0x07b8  AsyncMac - ok
21:03:38.0546 0x07b8  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
21:03:38.0546 0x07b8  atapi - ok
21:03:38.0546 0x07b8  Atdisk - ok
21:03:38.0593 0x07b8  [ 960C1A7A04B5B029FC1584F8CE708F20, F0FEE22CB20FC0397DF4962A02A10F380DB1819851EDF80C5D1B0E4B5FF21F31 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:03:38.0609 0x07b8  Ati HotKey Poller - ok
21:03:38.0703 0x07b8  [ 9A6BFD014090C96A2F3708D98E5A3F40, 6BC2C22B884159FD81E4307E1B14B76C43AD33AB4189DBE835884F47A9C402B8 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:03:38.0750 0x07b8  ati2mtag - ok
21:03:38.0750 0x07b8  atidgllk - ok
21:03:38.0765 0x07b8  [ FD2C83A58FEAB0751E723B1676BDBF46, A551631005B5E699EC3E1323F3A7F79BECB574D160EC6C28D804A2EF11A2A487 ] ATKKeyboardService C:\WINDOWS\ATKKBService.exe
21:03:38.0781 0x07b8  ATKKeyboardService - ok
21:03:38.0796 0x07b8  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:03:38.0812 0x07b8  Atmarpc - ok
21:03:38.0843 0x07b8  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:03:38.0843 0x07b8  AudioSrv - ok
21:03:38.0890 0x07b8  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
21:03:38.0890 0x07b8  audstub - ok
21:03:38.0984 0x07b8  [ AC9585B420C7FF0A25B078EBB7642AE9, 999F09645F675436ADE79083CC038C44527C6B287D19D6FC6575B5D1EFC45631 ] BBSvc           C:\Program Files\Microsoft\BingBar\7.3.107.0\BBSvc.exe
21:03:39.0000 0x07b8  BBSvc - ok
21:03:39.0015 0x07b8  [ D829E0575EE424F77E78340D362B3664, 54255DCD0A36FCE189C29C9457F17AA6A095C60EB93C94A7DB3B77FC9891185C ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.3.107.0\SeaPort.exe
21:03:39.0015 0x07b8  BBUpdate - ok
21:03:39.0015 0x07b8  BCM43XX - ok
21:03:39.0046 0x07b8  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:03:39.0046 0x07b8  Beep - ok
21:03:39.0093 0x07b8  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:03:39.0109 0x07b8  BITS - ok
21:03:39.0109 0x07b8  BlueletAudio - ok
21:03:39.0109 0x07b8  BlueletSCOAudio - ok
21:03:39.0187 0x07b8  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:03:39.0187 0x07b8  Bonjour Service - ok
21:03:39.0234 0x07b8  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
21:03:39.0234 0x07b8  Browser - ok
21:03:39.0234 0x07b8  BT - ok
21:03:39.0265 0x07b8  Btcsrusb - ok
21:03:39.0296 0x07b8  [ B279426E3C0C344893ED78A613A73BDE, 30B29ED5DCFF0C180B806A5FBC705E1CAF6B0F525298CDA79A77FC2AF6E5AAA7 ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:03:39.0312 0x07b8  BthEnum - ok
21:03:39.0312 0x07b8  BTHidEnum - ok
21:03:39.0312 0x07b8  BTHidMgr - ok
21:03:39.0359 0x07b8  [ FCA6F069597B62D42495191ACE3FC6C1, 23A4EAA542547AC48BCB19DEC9C8E1C1D7D83F199F045DA4682C33292F011CE9 ] BTHMODEM        C:\WINDOWS\system32\DRIVERS\bthmodem.sys
21:03:39.0359 0x07b8  BTHMODEM - ok
21:03:39.0406 0x07b8  [ 80602B8746D3738F5886CE3D67EF06B6, 15ABAA8106C42A4453763EEB92B291844580168C934088DB1E22B2065DC238E9 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
21:03:39.0406 0x07b8  BthPan - ok
21:03:39.0421 0x07b8  [ 662BFD909447DD9CC15B1A1C366583B4, 2E012304336769C24A6EFB4D975BA3F21289827A5EB4C9A8216E941344348447 ] BTHPORT         C:\WINDOWS\system32\Drivers\BTHport.sys
21:03:39.0437 0x07b8  BTHPORT - ok
21:03:39.0468 0x07b8  [ F4C43C66471B87996D95DB7A3A664A37, C7324DBF75376578EC254FD64E2564FEF9A35B58DFE1095389F769F37EA68B21 ] BthServ         C:\WINDOWS\System32\bthserv.dll
21:03:39.0468 0x07b8  BthServ - ok
21:03:39.0500 0x07b8  [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB          C:\WINDOWS\system32\Drivers\BTHUSB.sys
21:03:39.0515 0x07b8  BTHUSB - ok
21:03:39.0515 0x07b8  catchme - ok
21:03:39.0531 0x07b8  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
21:03:39.0531 0x07b8  cbidf2k - ok
21:03:39.0546 0x07b8  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:03:39.0562 0x07b8  CCDECODE - ok
21:03:39.0562 0x07b8  cd20xrnt - ok
21:03:39.0578 0x07b8  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
21:03:39.0578 0x07b8  Cdaudio - ok
21:03:39.0625 0x07b8  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:03:39.0625 0x07b8  Cdfs - ok
21:03:39.0625 0x07b8  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:03:39.0640 0x07b8  Cdrom - ok
21:03:39.0640 0x07b8  Changer - ok
21:03:39.0671 0x07b8  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
21:03:39.0687 0x07b8  CiSvc - ok
21:03:39.0703 0x07b8  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
21:03:39.0703 0x07b8  ClipSrv - ok
21:03:39.0734 0x07b8  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:03:39.0734 0x07b8  clr_optimization_v2.0.50727_32 - ok
21:03:39.0734 0x07b8  CmdIde - ok
21:03:39.0750 0x07b8  COMSysApp - ok
21:03:39.0750 0x07b8  Cpqarray - ok
21:03:39.0781 0x07b8  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:03:39.0781 0x07b8  CryptSvc - ok
21:03:39.0781 0x07b8  dac2w2k - ok
21:03:39.0781 0x07b8  dac960nt - ok
21:03:39.0828 0x07b8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:03:39.0843 0x07b8  DcomLaunch - ok
21:03:39.0875 0x07b8  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:03:39.0875 0x07b8  Dhcp - ok
21:03:39.0937 0x07b8  [ 0A653D9D0594B152CA835D0B2593269F, 72288D4978EE87EA6C8B1566DBD906107357087CEF7364FB3DD1E1896D00BAEB ] DIRECTIO        C:\Program Files\PerformanceTest\DirectIo32.sys
21:03:39.0953 0x07b8  DIRECTIO - ok
21:03:39.0984 0x07b8  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:03:39.0984 0x07b8  Disk - ok
21:03:39.0984 0x07b8  dmadmin - ok
21:03:40.0046 0x07b8  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:03:40.0062 0x07b8  dmboot - ok
21:03:40.0078 0x07b8  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
21:03:40.0078 0x07b8  dmio - ok
21:03:40.0109 0x07b8  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:03:40.0109 0x07b8  dmload - ok
21:03:40.0125 0x07b8  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:03:40.0140 0x07b8  dmserver - ok
21:03:40.0171 0x07b8  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:03:40.0187 0x07b8  DMusic - ok
21:03:40.0218 0x07b8  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:03:40.0218 0x07b8  Dnscache - ok
21:03:40.0250 0x07b8  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:03:40.0250 0x07b8  Dot3svc - ok
21:03:40.0265 0x07b8  dpti2o - ok
21:03:40.0281 0x07b8  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:03:40.0281 0x07b8  drmkaud - ok
21:03:40.0312 0x07b8  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
21:03:40.0312 0x07b8  EapHost - ok
21:03:40.0343 0x07b8  [ 6F41DA43AA4806A7BDBB2F9A8B05023E, 7684AABAB51EE43BCAAC51EB8B214642D63510006C71AA96B350C354C82AD9D7 ] EIO             C:\WINDOWS\system32\drivers\EIO.sys
21:03:40.0359 0x07b8  EIO - ok
21:03:40.0390 0x07b8  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
21:03:40.0390 0x07b8  ERSvc - ok
21:03:40.0437 0x07b8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
21:03:40.0437 0x07b8  Eventlog - ok
21:03:40.0468 0x07b8  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
21:03:40.0484 0x07b8  EventSystem - ok
21:03:40.0515 0x07b8  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
21:03:40.0531 0x07b8  Fastfat - ok
21:03:40.0562 0x07b8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:03:40.0562 0x07b8  FastUserSwitchingCompatibility - ok
21:03:40.0578 0x07b8  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
21:03:40.0578 0x07b8  Fdc - ok
21:03:40.0625 0x07b8  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:03:40.0625 0x07b8  Fips - ok
21:03:40.0625 0x07b8  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:03:40.0640 0x07b8  Flpydisk - ok
21:03:40.0671 0x07b8  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
21:03:40.0671 0x07b8  FltMgr - ok
21:03:40.0734 0x07b8  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:03:40.0750 0x07b8  FontCache3.0.0.0 - ok
21:03:40.0765 0x07b8  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:03:40.0765 0x07b8  Fs_Rec - ok
21:03:40.0765 0x07b8  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:03:40.0765 0x07b8  Ftdisk - ok
21:03:40.0781 0x07b8  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:03:40.0781 0x07b8  GEARAspiWDM - ok
21:03:40.0812 0x07b8  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:03:40.0812 0x07b8  Gpc - ok
21:03:40.0890 0x07b8  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdate1c994173b632322 C:\Program Files\Google\Update\GoogleUpdate.exe
21:03:40.0890 0x07b8  gupdate1c994173b632322 - ok
21:03:40.0890 0x07b8  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:03:40.0906 0x07b8  gupdatem - ok
21:03:40.0937 0x07b8  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:03:40.0953 0x07b8  gusvc - ok
21:03:40.0968 0x07b8  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:03:40.0968 0x07b8  HDAudBus - ok
21:03:41.0046 0x07b8  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:03:41.0046 0x07b8  helpsvc - ok
21:03:41.0046 0x07b8  HidServ - ok
21:03:41.0078 0x07b8  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:03:41.0078 0x07b8  HidUsb - ok
21:03:41.0125 0x07b8  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:03:41.0140 0x07b8  hkmsvc - ok
21:03:41.0140 0x07b8  hpn - ok
21:03:41.0171 0x07b8  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:03:41.0187 0x07b8  HTTP - ok
21:03:41.0203 0x07b8  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:03:41.0218 0x07b8  HTTPFilter - ok
21:03:41.0218 0x07b8  i2omgmt - ok
21:03:41.0218 0x07b8  i2omp - ok
21:03:41.0250 0x07b8  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:03:41.0265 0x07b8  i8042prt - ok
21:03:41.0296 0x07b8  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:03:41.0296 0x07b8  IDriverT - ok
21:03:41.0359 0x07b8  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:03:41.0375 0x07b8  idsvc - ok
21:03:41.0390 0x07b8  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
21:03:41.0390 0x07b8  Imapi - ok
21:03:41.0437 0x07b8  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:03:41.0437 0x07b8  ImapiService - ok
21:03:41.0437 0x07b8  ini910u - ok
21:03:41.0640 0x07b8  [ 3AF5D5CFD4DAFA5DCA3705813FD19B4B, 6D2D4E5FEED90217183845C9B262BC268C5C7D8FBDBECD10D2722C6F9CCBA1EB ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:03:41.0765 0x07b8  IntcAzAudAddService - ok
21:03:41.0796 0x07b8  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
21:03:41.0796 0x07b8  IntelIde - ok
21:03:41.0828 0x07b8  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:03:41.0843 0x07b8  intelppm - ok
21:03:41.0859 0x07b8  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
21:03:41.0859 0x07b8  Ip6Fw - ok
21:03:41.0890 0x07b8  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:03:41.0890 0x07b8  IpFilterDriver - ok
21:03:41.0906 0x07b8  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:03:41.0906 0x07b8  IpInIp - ok
21:03:41.0921 0x07b8  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:03:41.0921 0x07b8  IpNat - ok
21:03:41.0953 0x07b8  [ E46B17060D3962A384AE484094614788, 9E8EF45C72A01FA586FF028B62F6675114CC9CBBCE172A789EDA754AE3F79121 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:03:41.0968 0x07b8  iPod Service - ok
21:03:41.0968 0x07b8  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:03:41.0984 0x07b8  IPSec - ok
21:03:42.0015 0x07b8  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:03:42.0015 0x07b8  IRENUM - ok
21:03:42.0046 0x07b8  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:03:42.0046 0x07b8  isapnp - ok
21:03:42.0062 0x07b8  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:03:42.0062 0x07b8  Kbdclass - ok
21:03:42.0078 0x07b8  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:03:42.0078 0x07b8  kbdhid - ok
21:03:42.0078 0x07b8  kbuzyias5zubw - ok
21:03:42.0093 0x07b8  [ 2CF7C3DD0102A32A680EF97F3B1C861A, D7F913D219C1BFE78B22D19CF4F52EA59E889370EA66FE9A82DCF4A033810149 ] KLIF            C:\WINDOWS\system32\DRIVERS\klif.sys
21:03:42.0093 0x07b8  KLIF - ok
21:03:42.0140 0x07b8  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:03:42.0140 0x07b8  kmixer - ok
21:03:42.0140 0x07b8  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:03:42.0156 0x07b8  KSecDD - ok
21:03:42.0265 0x07b8  [ 70CEEFE43CB746DD04A884C84A7EBAA3, 39E187EDF5354DFCFE5112AD70C95D0A37B4AE6378B82027A9A484EDD7F0CCDA ] KService        C:\Program Files\Kontiki\KService.exe
21:03:42.0359 0x07b8  KService - ok
21:03:42.0390 0x07b8  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
21:03:42.0406 0x07b8  lanmanserver - ok
21:03:42.0421 0x07b8  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:03:42.0421 0x07b8  lanmanworkstation - ok
21:03:42.0421 0x07b8  lbrtfdc - ok
21:03:42.0453 0x07b8  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
21:03:42.0453 0x07b8  LmHosts - ok
21:03:42.0500 0x07b8  [ 75F29D77B0540FCF47EE3BE000BBABDA, 3FFDDC42D51FABAA7F3BFD088F008DE39F3479B25214260D98336F00B6336BFA ] LMS             C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:03:42.0515 0x07b8  LMS - ok
21:03:42.0531 0x07b8  [ A2AE666CEE860BABE7FA6F1662B71737, 149F52A9510A645A4B3C2981CAD0CB20C6CF82982BE5E7A1180E18C6AB647901 ] MASPINT         C:\WINDOWS\system32\drivers\MASPINT.sys
21:03:42.0546 0x07b8  MASPINT - ok
21:03:42.0578 0x07b8  [ 0DB7527DB188C7D967A37BB51BBF3963, 3812E26626EC49BE61B0B8DA5FE6E838C0FEF8A08363C239F64E6CCA0BA949D5 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
21:03:42.0593 0x07b8  MBAMSwissArmy - ok
21:03:42.0640 0x07b8  [ 240D715CFE4FB8F4CDA76F6863E62334, B410C88F0D4749AB843E03BB8BA215A8E3F291404C1B68824A5963A2381188FB ] MEI             C:\WINDOWS\system32\DRIVERS\HECI.sys
21:03:42.0640 0x07b8  MEI - ok
21:03:42.0703 0x07b8  [ 21A2F24477A262E774B38947FE600CBD, B8AEC06AD863BD5399E3ADEA132F017996362EC91A1A1F264C13785A5488E639 ] MemeoBackgroundService C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
21:03:42.0703 0x07b8  MemeoBackgroundService - ok
21:03:42.0718 0x07b8  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
21:03:42.0718 0x07b8  Messenger - ok
21:03:42.0859 0x07b8  Microsoft SharePoint Workspace Audit Service - ok
21:03:42.0890 0x07b8  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
21:03:42.0890 0x07b8  mnmdd - ok
21:03:42.0921 0x07b8  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
21:03:42.0937 0x07b8  mnmsrvc - ok
21:03:42.0953 0x07b8  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
21:03:42.0968 0x07b8  Modem - ok
21:03:43.0015 0x07b8  [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
21:03:43.0062 0x07b8  Monfilt - ok
21:03:43.0078 0x07b8  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:03:43.0078 0x07b8  Mouclass - ok
21:03:43.0093 0x07b8  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:03:43.0109 0x07b8  mouhid - ok
21:03:43.0125 0x07b8  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:03:43.0125 0x07b8  MountMgr - ok
21:03:43.0156 0x07b8  [ 24406D75B40F0F6B3C1AC7031D734565, B58AA80E9C3738CFD826D7C8129D5467166A4397CCFEEEF7F14542DEBB659A51 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:03:43.0156 0x07b8  MpFilter - ok
21:03:43.0156 0x07b8  mraid35x - ok
21:03:43.0171 0x07b8  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:03:43.0171 0x07b8  MRxDAV - ok
21:03:43.0218 0x07b8  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:03:43.0218 0x07b8  MRxSmb - ok
21:03:43.0250 0x07b8  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
21:03:43.0265 0x07b8  MSDTC - ok
21:03:43.0265 0x07b8  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:03:43.0265 0x07b8  Msfs - ok
21:03:43.0265 0x07b8  MSIServer - ok
21:03:43.0281 0x07b8  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:03:43.0296 0x07b8  MSKSSRV - ok
21:03:43.0328 0x07b8  [ 3EA6A1A744D79328AE7E2C6FAE4C4420, CB4F8F744B454FCC16D4C0D28126BC31B1B5C9F9FB5DAE3152D9B3B7F4165523 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:03:43.0328 0x07b8  MsMpSvc - ok
21:03:43.0328 0x07b8  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:03:43.0328 0x07b8  MSPCLOCK - ok
21:03:43.0343 0x07b8  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:03:43.0343 0x07b8  MSPQM - ok
21:03:43.0359 0x07b8  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:03:43.0375 0x07b8  mssmbios - ok
21:03:43.0390 0x07b8  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
21:03:43.0390 0x07b8  MSTEE - ok
21:03:43.0406 0x07b8  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
21:03:43.0406 0x07b8  Mup - ok
21:03:43.0437 0x07b8  [ 88705DC61B9275B82E48904D53031F5B, E9EF6D1D6AA04A4BE88650B22792C243736168A7143B459C9F1D59B8A4BE3979 ] n558            C:\WINDOWS\system32\Drivers\n558.sys
21:03:43.0453 0x07b8  n558 - ok
21:03:43.0468 0x07b8  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:03:43.0468 0x07b8  NABTSFEC - ok
21:03:43.0500 0x07b8  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:03:43.0500 0x07b8  napagent - ok
21:03:43.0531 0x07b8  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:03:43.0531 0x07b8  NDIS - ok
21:03:43.0531 0x07b8  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:03:43.0531 0x07b8  NdisIP - ok
21:03:43.0578 0x07b8  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:03:43.0578 0x07b8  NdisTapi - ok
21:03:43.0593 0x07b8  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:03:43.0593 0x07b8  Ndisuio - ok
21:03:43.0609 0x07b8  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:03:43.0609 0x07b8  NdisWan - ok
21:03:43.0640 0x07b8  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:03:43.0656 0x07b8  NDProxy - ok
21:03:43.0656 0x07b8  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:03:43.0656 0x07b8  NetBIOS - ok
21:03:43.0671 0x07b8  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:03:43.0671 0x07b8  NetBT - ok
21:03:43.0703 0x07b8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:03:43.0703 0x07b8  NetDDE - ok
21:03:43.0718 0x07b8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:03:43.0718 0x07b8  NetDDEdsdm - ok
21:03:43.0734 0x07b8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:03:43.0750 0x07b8  Netlogon - ok
21:03:43.0765 0x07b8  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
21:03:43.0765 0x07b8  Netman - ok
21:03:43.0796 0x07b8  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:03:43.0796 0x07b8  NetTcpPortSharing - ok
21:03:43.0828 0x07b8  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
21:03:43.0828 0x07b8  Nla - ok
21:03:43.0859 0x07b8  [ 4A8A2AA0706B659175169DECF198E9D7, AF43D63652AA0545FD790476E3EFA448D0328575D2443D6F9983FFA9E169657F ] nmwcd           C:\WINDOWS\system32\drivers\ccdcmb.sys
21:03:43.0859 0x07b8  nmwcd - ok
21:03:43.0890 0x07b8  [ FD3E61831095AC62E6840D986B5A2016, 6BA836A8CFD62C9EF0EADB057CA58509EC97C353288A30DA3C0CEC4542EA8293 ] nmwcdc          C:\WINDOWS\system32\drivers\ccdcmbo.sys
21:03:43.0890 0x07b8  nmwcdc - ok
21:03:43.0921 0x07b8  [ 02E96113511171BA7559386D10D3DAEA, 7D2450963825F653A2474DA6485327DCA580850E77798D904AA804327F2F8C70 ] nmwcdnsu        C:\WINDOWS\system32\drivers\nmwcdnsu.sys
21:03:43.0937 0x07b8  nmwcdnsu - ok
21:03:43.0968 0x07b8  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:03:43.0968 0x07b8  Npfs - ok
21:03:44.0000 0x07b8  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:03:44.0000 0x07b8  Ntfs - ok
21:03:44.0015 0x07b8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
21:03:44.0015 0x07b8  NtLmSsp - ok
21:03:44.0062 0x07b8  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
21:03:44.0062 0x07b8  NtmsSvc - ok
21:03:44.0093 0x07b8  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:03:44.0093 0x07b8  Null - ok
21:03:44.0109 0x07b8  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:03:44.0125 0x07b8  NwlnkFlt - ok
21:03:44.0125 0x07b8  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:03:44.0140 0x07b8  NwlnkFwd - ok
21:03:44.0187 0x07b8  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:03:44.0203 0x07b8  ose - ok
21:03:44.0359 0x07b8  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:03:44.0484 0x07b8  osppsvc - ok
21:03:44.0515 0x07b8  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
21:03:44.0531 0x07b8  Parport - ok
21:03:44.0531 0x07b8  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:03:44.0531 0x07b8  PartMgr - ok
21:03:44.0562 0x07b8  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:03:44.0578 0x07b8  ParVdm - ok
21:03:44.0609 0x07b8  [ FD2041E9BA03DB7764B2248F02475079, DECEED110524BF83B4097188BF24BF0DDE1CE838DF7748B0DC807ABE351EB20A ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:03:44.0609 0x07b8  pccsmcfd - ok
21:03:44.0640 0x07b8  [ 8086D9979234B603AD5BC2F5D890B234, 4FCB98D3B6F95B6979B255287480943C1F87A12ECB30D446294C1E84B6DFE620 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:03:44.0640 0x07b8  PCI - ok
21:03:44.0640 0x07b8  PCIDump - ok
21:03:44.0671 0x07b8  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
21:03:44.0671 0x07b8  PCIIde - ok
21:03:44.0687 0x07b8  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:03:44.0687 0x07b8  Pcmcia - ok
21:03:44.0703 0x07b8  PDCOMP - ok
21:03:44.0703 0x07b8  PDFRAME - ok
21:03:44.0703 0x07b8  PDRELI - ok
21:03:44.0703 0x07b8  PDRFRAME - ok
21:03:44.0703 0x07b8  perc2 - ok
21:03:44.0703 0x07b8  perc2hib - ok
21:03:44.0734 0x07b8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
21:03:44.0734 0x07b8  PlugPlay - ok
21:03:44.0750 0x07b8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:03:44.0750 0x07b8  PolicyAgent - ok
21:03:44.0750 0x07b8  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:03:44.0765 0x07b8  PptpMiniport - ok
21:03:44.0812 0x07b8  [ 18D9789A4664BF417EEA944D2776091A, AA9CE175127BA145768E058A5E27E24097F1A1646A123D352F4481009DE43C29 ] prodrv06        C:\WINDOWS\System32\drivers\prodrv06.sys
21:03:44.0812 0x07b8  prodrv06 - ok
21:03:44.0828 0x07b8  [ 8CC9671A7ED2902E747EE0892E1C8575, F222F5EEB2C4DF5C6636C5CDBABF9CC14D198C67D596A4CAFCE1117579D03F24 ] prohlp02        C:\WINDOWS\system32\drivers\prohlp02.sys
21:03:44.0828 0x07b8  prohlp02 - ok
21:03:44.0843 0x07b8  [ 960BCE3ED38761B446AABAC06C76BADF, 3A98C85F08C312977C3D6E4C90FC211D71A1D855A47B28097CC9B34DC99E3A76 ] prosync1        C:\WINDOWS\system32\drivers\prosync1.sys
21:03:44.0843 0x07b8  prosync1 - ok
21:03:44.0843 0x07b8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:03:44.0843 0x07b8  ProtectedStorage - ok
21:03:44.0859 0x07b8  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:03:44.0859 0x07b8  PSched - ok
21:03:44.0875 0x07b8  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:03:44.0875 0x07b8  Ptilink - ok
21:03:44.0875 0x07b8  ql1080 - ok
21:03:44.0875 0x07b8  Ql10wnt - ok
21:03:44.0890 0x07b8  ql12160 - ok
21:03:44.0890 0x07b8  ql1240 - ok
21:03:44.0890 0x07b8  ql1280 - ok
21:03:44.0906 0x07b8  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:03:44.0906 0x07b8  RasAcd - ok
21:03:44.0937 0x07b8  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:03:44.0937 0x07b8  RasAuto - ok
21:03:44.0953 0x07b8  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:03:44.0953 0x07b8  Rasl2tp - ok
21:03:44.0984 0x07b8  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:03:44.0984 0x07b8  RasMan - ok
21:03:44.0984 0x07b8  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:03:44.0984 0x07b8  RasPppoe - ok
21:03:45.0000 0x07b8  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:03:45.0015 0x07b8  Raspti - ok
21:03:45.0031 0x07b8  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:03:45.0031 0x07b8  Rdbss - ok
21:03:45.0062 0x07b8  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:03:45.0062 0x07b8  RDPCDD - ok
21:03:45.0078 0x07b8  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:03:45.0093 0x07b8  RDPWD - ok
21:03:45.0140 0x07b8  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:03:45.0140 0x07b8  RDSessMgr - ok
21:03:45.0156 0x07b8  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:03:45.0156 0x07b8  redbook - ok
21:03:45.0187 0x07b8  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:03:45.0203 0x07b8  RemoteAccess - ok
21:03:45.0218 0x07b8  [ 851C30DF2807FCFA21E4C681A7D6440E, C2269B8ED4E831664B83F8F3BE33E5A340206A9E07F89CDF6707EAD8F280FBE9 ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:03:45.0218 0x07b8  RFCOMM - ok
21:03:45.0250 0x07b8  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
21:03:45.0265 0x07b8  ROOTMODEM - ok
21:03:45.0296 0x07b8  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:03:45.0296 0x07b8  RpcLocator - ok
21:03:45.0328 0x07b8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
21:03:45.0328 0x07b8  RpcSs - ok
21:03:45.0359 0x07b8  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
21:03:45.0359 0x07b8  RSVP - ok
21:03:45.0390 0x07b8  [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:03:45.0390 0x07b8  rtl8139 - ok
21:03:45.0437 0x07b8  [ D3578C3806ED545E5C36B2A20F5C0B5A, 167FBEB5FE761C0F906F96C9FF00A10D733BD36C61C9288BDBDCABAB86F7AF08 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:03:45.0468 0x07b8  RTLE8023xp - ok
21:03:45.0484 0x07b8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:03:45.0484 0x07b8  SamSs - ok
21:03:45.0515 0x07b8  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:03:45.0515 0x07b8  SCardSvr - ok
21:03:45.0562 0x07b8  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:03:45.0562 0x07b8  Schedule - ok
21:03:45.0671 0x07b8  [ A1A26E8EC51E199D873D85F3E2B6FC65, 0F1DDAE5191EF6191295CA6690ED0CE6F401D44CC3C192D135C48C20173450CD ] SeagateDashboardService C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
21:03:45.0671 0x07b8  SeagateDashboardService - ok
21:03:45.0687 0x07b8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:03:45.0687 0x07b8  Secdrv - ok
21:03:45.0703 0x07b8  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:03:45.0703 0x07b8  seclogon - ok
21:03:45.0734 0x07b8  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
21:03:45.0734 0x07b8  SENS - ok
21:03:45.0765 0x07b8  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
21:03:45.0781 0x07b8  serenum - ok
21:03:45.0781 0x07b8  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
21:03:45.0781 0x07b8  Serial - ok
21:03:45.0875 0x07b8  [ C2644DC3CAC06AFF97A9359632C9C175, F309745FFF84681315D87D4DA7DA8EF9BC6C54E154DA615B318B70E09A245B83 ] ServiceLayer    C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
21:03:45.0906 0x07b8  ServiceLayer - ok
21:03:45.0921 0x07b8  [ 462AEE0EA0481EA8BD45CAC876A4CCC4, C26AF130C2FB4234B6AA5EE979DEFDFAC38EA038D6046495196F8DF62DEE4120 ] sfhlp01         C:\WINDOWS\system32\drivers\sfhlp01.sys
21:03:45.0921 0x07b8  sfhlp01 - ok
21:03:45.0937 0x07b8  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:03:45.0937 0x07b8  Sfloppy - ok
21:03:45.0984 0x07b8  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:03:46.0000 0x07b8  SharedAccess - ok
21:03:46.0000 0x07b8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:03:46.0015 0x07b8  ShellHWDetection - ok
21:03:46.0015 0x07b8  Simbad - ok
21:03:46.0031 0x07b8  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:03:46.0046 0x07b8  SLIP - ok
21:03:46.0046 0x07b8  Sparrow - ok
21:03:46.0062 0x07b8  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:03:46.0078 0x07b8  splitter - ok
21:03:46.0109 0x07b8  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:03:46.0109 0x07b8  Spooler - ok
21:03:46.0125 0x07b8  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:03:46.0125 0x07b8  sr - ok
21:03:46.0156 0x07b8  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:03:46.0156 0x07b8  srservice - ok
21:03:46.0218 0x07b8  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:03:46.0234 0x07b8  Srv - ok
21:03:46.0265 0x07b8  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:03:46.0265 0x07b8  SSDPSRV - ok
21:03:46.0296 0x07b8  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:03:46.0296 0x07b8  stisvc - ok
21:03:46.0328 0x07b8  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:03:46.0328 0x07b8  streamip - ok
21:03:46.0343 0x07b8  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:03:46.0343 0x07b8  swenum - ok
21:03:46.0359 0x07b8  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:03:46.0375 0x07b8  swmidi - ok
21:03:46.0375 0x07b8  SwPrv - ok
21:03:46.0375 0x07b8  symc810 - ok
21:03:46.0406 0x07b8  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:03:46.0406 0x07b8  symc8xx - ok
21:03:46.0406 0x07b8  sym_hi - ok
21:03:46.0406 0x07b8  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:03:46.0421 0x07b8  sym_u3 - ok
21:03:46.0421 0x07b8  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:03:46.0421 0x07b8  sysaudio - ok
21:03:46.0437 0x07b8  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:03:46.0453 0x07b8  SysmonLog - ok
21:03:46.0468 0x07b8  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:03:46.0468 0x07b8  TapiSrv - ok
21:03:46.0515 0x07b8  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:03:46.0531 0x07b8  Tcpip - ok
21:03:46.0546 0x07b8  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:03:46.0562 0x07b8  TDPIPE - ok
21:03:46.0562 0x07b8  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:03:46.0578 0x07b8  TDTCP - ok
21:03:46.0578 0x07b8  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:03:46.0578 0x07b8  TermDD - ok
21:03:46.0609 0x07b8  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
21:03:46.0609 0x07b8  TermService - ok
21:03:46.0625 0x07b8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:03:46.0625 0x07b8  Themes - ok
21:03:46.0687 0x07b8  [ EFEF22B9577E5051057FDE1AE381B50C, 30E3E7074ED8D24C17434017A0C3E8A35AB31437C6FADE8B66717D9B7D161190 ] TomTomHOMEService D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
21:03:46.0687 0x07b8  TomTomHOMEService - ok
21:03:46.0687 0x07b8  TosIde - ok
21:03:46.0687 0x07b8  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:03:46.0703 0x07b8  TrkWks - ok
21:03:46.0718 0x07b8  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:03:46.0718 0x07b8  Udfs - ok
21:03:46.0734 0x07b8  ultra - ok
21:03:46.0765 0x07b8  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:03:46.0781 0x07b8  Update - ok
21:03:46.0796 0x07b8  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:03:46.0796 0x07b8  upnphost - ok
21:03:46.0828 0x07b8  [ 587E643A4E2FFD9A00F114B057CEB773, CEB821A89FAE95D8CFAF468EEDA349B666C3FC13E1D142D5141484D621681197 ] upperdev        C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
21:03:46.0843 0x07b8  upperdev - ok
21:03:46.0859 0x07b8  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
21:03:46.0859 0x07b8  UPS - ok
21:03:46.0875 0x07b8  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
21:03:46.0890 0x07b8  USBAAPL - ok
21:03:46.0906 0x07b8  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:03:46.0921 0x07b8  usbccgp - ok
21:03:46.0953 0x07b8  [ 15E993BA2F6946B2BFBBFCD30398621E, 10AD5B133C9C68B8E11DF702C50BDE5162693C5A9F132DFE1823D03D70D4EB89 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:03:46.0953 0x07b8  usbehci - ok
21:03:47.0000 0x07b8  [ C72F40947F92CEA56A8FB532EDF025F1, EBB9E235C973574B835B1FD22D813E9215029B3FC5030591D6F7971C9A23AEF7 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:03:47.0000 0x07b8  usbhub - ok
21:03:47.0000 0x07b8  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:03:47.0015 0x07b8  usbohci - ok
21:03:47.0031 0x07b8  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:03:47.0031 0x07b8  usbprint - ok
21:03:47.0046 0x07b8  [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:03:47.0062 0x07b8  usbscan - ok
21:03:47.0078 0x07b8  [ 1C888B000C2F9492F4B15B5B6B84873E, 40698DFA5CD7BCFAFC14A2227FBF58CAD44D95C4E48B4B81160A6BCC33A8C3E3 ] usbser          C:\WINDOWS\system32\drivers\usbser.sys
21:03:47.0093 0x07b8  usbser - ok
21:03:47.0109 0x07b8  [ FCA6A196D47CB972A0E4ADC0DB9CD17C, 31EF8E3839C3EB9404B72ABE777060B831AFAFAD51E10ADEB72E41DCC4FE8D47 ] UsbserFilt      C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
21:03:47.0125 0x07b8  UsbserFilt - ok
21:03:47.0125 0x07b8  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:03:47.0140 0x07b8  USBSTOR - ok
21:03:47.0140 0x07b8  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:03:47.0156 0x07b8  usbuhci - ok
21:03:47.0156 0x07b8  VComm - ok
21:03:47.0156 0x07b8  VcommMgr - ok
21:03:47.0171 0x07b8  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:03:47.0171 0x07b8  VgaSave - ok
21:03:47.0171 0x07b8  VHidMinidrv - ok
21:03:47.0171 0x07b8  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
21:03:47.0171 0x07b8  ViaIde - ok
21:03:47.0187 0x07b8  Video3D - ok
21:03:47.0187 0x07b8  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:03:47.0187 0x07b8  VolSnap - ok
21:03:47.0234 0x07b8  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
21:03:47.0234 0x07b8  VSS - ok
21:03:47.0265 0x07b8  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
21:03:47.0281 0x07b8  W32Time - ok
21:03:47.0281 0x07b8  w810bus - ok
21:03:47.0281 0x07b8  w810mdfl - ok
21:03:47.0281 0x07b8  w810mdm - ok
21:03:47.0281 0x07b8  w810mgmt - ok
21:03:47.0296 0x07b8  w810obex - ok
21:03:47.0296 0x07b8  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:03:47.0296 0x07b8  Wanarp - ok
21:03:47.0343 0x07b8  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
21:03:47.0343 0x07b8  Wdf01000 - ok
21:03:47.0359 0x07b8  WDICA - ok
21:03:47.0375 0x07b8  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:03:47.0375 0x07b8  wdmaud - ok
21:03:47.0406 0x07b8  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:03:47.0421 0x07b8  WebClient - ok
21:03:47.0609 0x07b8  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:03:47.0609 0x07b8  winmgmt - ok
21:03:47.0640 0x07b8  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
21:03:47.0640 0x07b8  WmdmPmSN - ok
21:03:47.0671 0x07b8  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:03:47.0671 0x07b8  WmiApSrv - ok
21:03:47.0734 0x07b8  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
21:03:47.0765 0x07b8  WMPNetworkSvc - ok
21:03:47.0781 0x07b8  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:03:47.0796 0x07b8  WpdUsb - ok
21:03:47.0812 0x07b8  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:03:47.0828 0x07b8  WS2IFSL - ok
21:03:47.0843 0x07b8  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
21:03:47.0859 0x07b8  wscsvc - ok
21:03:47.0890 0x07b8  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:03:47.0890 0x07b8  WSTCODEC - ok
21:03:47.0921 0x07b8  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:03:47.0921 0x07b8  wuauserv - ok
21:03:47.0984 0x07b8  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:03:47.0984 0x07b8  WudfPf - ok
21:03:48.0000 0x07b8  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:03:48.0015 0x07b8  WudfRd - ok
21:03:48.0031 0x07b8  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
21:03:48.0031 0x07b8  WudfSvc - ok
21:03:48.0078 0x07b8  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:03:48.0093 0x07b8  WZCSVC - ok
21:03:48.0109 0x07b8  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:03:48.0125 0x07b8  xmlprov - ok
21:03:48.0125 0x07b8  ================ Scan global ===============================
21:03:48.0140 0x07b8  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
21:03:48.0171 0x07b8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
21:03:48.0187 0x07b8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
21:03:48.0203 0x07b8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
21:03:48.0203 0x07b8  [ Global ] - ok
21:03:48.0203 0x07b8  ================ Scan MBR ==================================
21:03:48.0218 0x07b8  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:03:48.0812 0x07b8  \Device\Harddisk0\DR0 - ok
21:03:48.0812 0x07b8  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
21:03:48.0812 0x07b8  \Device\Harddisk1\DR1 - ok
21:03:48.0812 0x07b8  ================ Scan VBR ==================================
21:03:48.0812 0x07b8  [ DF1F4B67ADF02259CD4F609F5422D8BC ] \Device\Harddisk0\DR0\Partition1
21:03:48.0812 0x07b8  \Device\Harddisk0\DR0\Partition1 - ok
21:03:48.0828 0x07b8  [ E8B12ACA010B6F32A2F99FC8D0AB264F ] \Device\Harddisk0\DR0\Partition2
21:03:48.0843 0x07b8  \Device\Harddisk0\DR0\Partition2 - ok
21:03:48.0843 0x07b8  [ B63A5211BCD21AEB3B91568BDC61488D ] \Device\Harddisk1\DR1\Partition1
21:03:48.0843 0x07b8  \Device\Harddisk1\DR1\Partition1 - ok
21:03:48.0843 0x07b8  Waiting for KSN requests completion. In queue: 185
21:03:49.0843 0x07b8  Waiting for KSN requests completion. In queue: 185
21:03:50.0843 0x07b8  Waiting for KSN requests completion. In queue: 185
21:03:51.0843 0x07b8  AV detected via SS1: Microsoft Security Essentials, 4.3.0216.0, disabled, updated
21:03:51.0843 0x07b8  FW detected via SS1: ZoneAlarm Firewall, 9.1.007.002, disabled
21:03:51.0843 0x07b8  Win FW state via NFM: enabled
21:03:54.0296 0x07b8  ============================================================
21:03:54.0296 0x07b8  Scan finished
21:03:54.0296 0x07b8  ============================================================
21:03:54.0296 0x0984  Detected object count: 0
21:03:54.0296 0x0984  Actual detected object count: 0
21:06:24.0218 0x0928  Deinitialize success
 

Share this post


Link to post
Share on other sites

Good news!! Your TDSSKiller log is clean. 

 

It will take me a while to review your Combofix log for anything else that needs to be removed.

 

While I'm doing that I'd like you to see if MBAM will complete a quick scan now.  Try that and be sure to update it first.

 

Post the MBAM log.

 

The run this Adware Removal Program:

 

Download : ADWCleaner to your desktop.
 
NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs and click on the AdwCleaner icon.
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered.
 
When the scan has finished, look through the scan results and uncheck any entries that you do not wish to remove.
 
When you are satisfied with the selection, simply click on theClean button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing. 
 
Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.

Share this post


Link to post
Share on other sites

Have just tried to run Malwarebytes on my drive F which is a newly formatted drive and it gives up after 3 seconds

 

Enumerating Registry objects prior to scanning.

Task Manager shows the same mesage - not responding.

There was a logfile produced but I cannot post it as I'm on a different computer.

The file indicates that there were no errors detected.

 

I Have just invoked a quick scan and will see what  happens.

It has identified 2 Objects and is processing files.  It will take sometime to complete.

Share this post


Link to post
Share on other sites

It Has now completed and here is the log.

I have run drive f again and it still hands.  I invoke this by browsing My Computer, highlight drive F,right click Scan wiyj Malwarebytes.

 

I will run the quick scann again.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.06.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gordon :: MAXDATA-8BF282C [administrator]

09/10/2013 21:19:07
mbam-log-2013-10-09 (21-19-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 335293
Time elapsed: 26 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0Z1N1J -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\Gordon\Application Data\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Documents and Settings\Gordon\Application Data\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gordon\Application Data\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gordon\Application Data\DigitalSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

Let's concentrate on removing the malware from your C:\ drive for now and you can try scanning your F:\ drive in the background.   :)

 

What MBAM found is called a PUP short for Potentially Unwanted Program.  it just started scanning for these type of nuisance programs that often come bundled with free software.

FYI:

https://helpdesk.malwarebytes.org/entries/23482988-What-are-the-PUP-detections-are-they-threats-and-should-they-be-deleted-

 

I did notice in your Combofix log these recently created (10-8) entries:

 



2013-10-08 20:29 . 2013-10-08 20:29 -------- d-----w- c:\documents and settings\Gordon\Application Data\0D0S1L2Z1P1B
2013-10-08 20:29 . 2013-10-08 20:29 -------- d-----w- c:\documents and settings\Gordon\Application Data\DigitalSite
2013-10-08 20:29 . 2013-10-08 20:29 -------- d-----w- c:\program files\OpenIt

 

 

Did you just install the program OpenIt because  c:\documents and settings\Gordon\Application Data\DigitalSite was written to at the same time that OpenIt folder was?

 

Please rescan with MBAM to see if the PUPs were removed.

 

Now we have to run Combofix again with a script:

 
1. Open Notepad, and on the Notepad menu, choose "Format" and make sure that Word Wrap is UNchecked (disabled). 
 
2. Copy/Paste the text in the code box below and save it to your desktop as CFScript.txt by using the File -> "Save as" function on the Notepad Menu.
 
Killall:: Driver::kbuzyias5zubw File::c:\windows\system32\kolgwvd.exec:\documents and settings\Gordon\Start Menu\Programs\Startup\PowerReg Scheduler.exec:\windows\pss\PowerReg Scheduler.exeStartup DirLook::c:\documents and settings\Gordon\Application Data\0D0S1L2Z1P1B Registry::[-HKLM\~\startupfolder\C:^Documents and Settings^Gordon^Start Menu^Programs^Startup^PowerReg Scheduler.exe][HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000000 ClearJavaCache::
 
3. Disable all anti-malware and antivirus active protection by referring to these directions HERE
 
4. Close All Open Windows and Browsers,
 
CFScriptB-4.gif
 
Referring to the picture above, drag CFScript.txt into ComboFix.exe 
 
This will cause ComboFix to run again. 
 
If the run does not finish or You have problems, please launch Combofix in safe mode following the same directions as above.
 
If ComboFix prompts you to update to a newer version, make sure you allow it to update. 
 
Please copy/paste the log (C:\Combofix.txt) that opens when it finishes (Do NOT attach it).
 

Share this post


Link to post
Share on other sites

Hi thanks for the update.

When I was trying to download combofix i did start to down load something else from their site as the link in the forum did not work.  The site said download but it was for another program - someform of zip. I cannot remember whether this installed and i deleted it or not.  maybe i should write every step down!

 

It is too late for me now.  I will pick this up again tomorrow.

Thanks again for your help.

I'm running a MWB scan now and will post the results in the morning.

With drive F as it has already been formatted we can do that again if necessary.  That will be quicker and save time.

You will see that I also have a drive D.

 

good night

Share this post


Link to post
Share on other sites
Try this COMBOFIX DOWNLOAD:
 
or for the renamed version which should download very quickly with no interference >>HERE<<.
 
You do have to be careful avoid ads soliciting you to download programs on the computer security help sites. That is often how the sites support themselves but it can get confusing when trying to download anti-malware tools.
 
It is too late for me now.  I will pick this up again tomorrow.

 

That's fine.  We will continue tomorrow and have a Good night!

Share this post


Link to post
Share on other sites

Good morning

 

The Malwarebytes scan completed.

The log is below.

I will run another full scan today and pickup the trail tonight.

 

Thanks

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.09.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gordon :: MAXDATA-8BF282C [administrator]

09/10/2013 21:56:26
mbam-log-2013-10-09 (21-56-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 335900
Time elapsed: 49 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

That looks good so far.  Normally, a quick scan is adequate.

 

I'll look for your next reply. 

Share this post


Link to post
Share on other sites

Good evening.

1. the full Malwarebytes scan hung after 1hr 12mins.  There was no log file created.

 

2. Ran combo fix with your script.  Did not work in normal mode.

 

3. Ran in Safe Mode and it completed.  Log below.

 

4. Looking back I have not run ADWCleaner.  I tried to down load but all the 'Download' buttons were for different products.

 

Thanks

 

 

ComboFix 13-10-09.01 - Gordon 10/10/2013  19:49:01.4.2 - x86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3565.3253 [GMT 1:00]
Running from: c:\documents and settings\Gordon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gordon\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\documents and settings\Gordon\Start Menu\Programs\Startup\PowerReg Scheduler.exe"
"c:\windows\pss\PowerReg Scheduler.exeStartup"
"c:\windows\system32\kolgwvd.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KBUZYIAS5ZUBW
-------\Service_kbuzyias5zubw
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-10 to 2013-10-10  )))))))))))))))))))))))))))))))
.
.
2013-10-10 06:30 . 2013-10-10 06:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-09 21:09 . 2013-09-05 05:02 7328304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8414ADBA-E232-45D7-A9E5-5987BC62768C}\mpengine.dll
2013-10-08 20:29 . 2013-10-08 20:29 -------- d-----w- c:\documents and settings\Gordon\Application Data\0D0S1L2Z1P1B
2013-10-08 20:29 . 2013-10-09 20:46 -------- d-----w- c:\documents and settings\Gordon\Application Data\DigitalSite
2013-10-08 20:29 . 2013-10-08 20:29 -------- d-----w- c:\program files\OpenIt
2013-10-08 20:04 . 2013-09-05 05:02 7328304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-28 08:10 . 2013-09-28 08:10 -------- d-----w- c:\documents and settings\Gordon\Application Data\Malwarebytes
2013-09-28 08:09 . 2013-09-28 08:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-09-28 08:09 . 2013-09-28 08:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-28 08:09 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-13 17:23 . 2013-09-13 17:23 -------- d-sh--w- c:\documents and settings\Christopher\IETldCache
2013-09-12 21:13 . 2013-09-12 21:13 -------- d-----w- c:\documents and settings\Gordon\Local Settings\Application Data\PassMark
2013-09-12 21:13 . 2013-09-12 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Passmark
2013-09-12 21:13 . 2013-09-12 21:13 -------- d-----w- c:\program files\PerformanceTest
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-08 20:34 . 2012-10-12 14:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 20:34 . 2011-10-06 19:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56 . 2006-09-29 13:27 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2006-09-29 13:28 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2006-09-29 13:27 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2006-09-29 13:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2006-09-29 13:27 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2006-09-29 13:28 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2006-09-29 13:27 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2006-09-29 13:27 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 13:18 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Gordon\Application Data\0D0S1L2Z1P1B ----
.
2013-10-08 20:29 . 2013-01-30 13:45 1114624 ----a-w- c:\documents and settings\Gordon\Application Data\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-08-30 18:26 1423520 ----a-w- c:\program files\Microsoft\BingBar\7.3.107.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"BCSSync"="d:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-17 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-04-06 136416]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-11-03 73728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 995184]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Utility.lnk
backup=c:\windows\pss\Belkin Wireless Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 12:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 03:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 21:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 15:07 49263 ----a-w- c:\program files\Java\jre1.5.0_10\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-17 22:36 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate1c994173b632322"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Windows\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"d:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Steam\\steam.exe"=
"d:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"d:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"d:\\Program Files\\Steam\\SteamApps\\common\\napoleon total war\\Napoleon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.107.0\BBSvc.EXE [30/08/2013 19:26 193696]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [06/04/2011 16:22 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [03/11/2011 19:10 8704]
R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [22/04/2011 13:21 92592]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [06/09/2013 14:33 46080]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [06/09/2013 14:32 1691480]
S3 atidgllk;atidgllk;\??\c:\program files\ASUS\SmartDoctor\atidgllk.sys --> c:\program files\ASUS\SmartDoctor\atidgllk.sys [?]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.107.0\SeaPort.EXE [30/08/2013 19:26 240288]
S3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo32.sys [12/09/2013 22:13 22120]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/10/2013 07:30 40776]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [26/12/2009 00:15 136704]
S4 gupdate1c994173b632322;Google Update Service (gupdate1c994173b632322);c:\program files\Google\Update\GoogleUpdate.exe [21/02/2009 12:26 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 20:34]
.
2013-07-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 11:26]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 11:26]
.
2013-10-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-07-18 15:49]
.
2013-10-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1785211882-1627415546-1105308610-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
2013-09-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1785211882-1627415546-1105308610-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 17:21]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Se&nd to OneNote - d:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.10.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-10 20:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2812)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\RTHDCPL.EXE
c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Memeo\AutoBackup\InstantBackup.exe
c:\program files\Memeo\AutoBackup\MemeoUpdater.exe
c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
.
**************************************************************************
.
Completion time: 2013-10-10  20:13:29 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-10 19:13
ComboFix2.txt  2013-10-09 19:31
.
Pre-Run: 171,456,147,456 bytes free
Post-Run: 167,713,415,168 bytes free
.
- - End Of File - - 53C0C66FDF0364F1277E1345C4319221
8F558EB6672622401DA993E1E865C861
 

Share this post


Link to post
Share on other sites

Ran a quick Malwarebytes and it completed with the following log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.10.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gordon :: MAXDATA-8BF282C [administrator]

10/10/2013 20:25:26
mbam-log-2013-10-10 (20-25-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 335918
Time elapsed: 21 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.iBryte) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Gordon\Desktop\Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

You should be able to download AdwCleaner so I'm wondering if you are seeing what I am seeing or if you are being redirected.

 

When you click the download link I provided, you should be taken to the AdwCleaner download page on the Bleeping Computer website.

 

Once there you need only click the top button indicated by the red arrow in the image below, to download Adwcleaner.exe (there is no installer or setup file).

 

Adwcleaner%20BC%20DL%20Button.JPG

 

Double-clicking AdwCleaner.exe will launch the program.

 

Let me know if you are seeing what I am seeing please.

 

-----------------------------------------------------------------------

I want you to Make files and folders visible:

 

Click Start > Open "My Computer"
Select the Tools menu and click "Folder Options."
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

 

Then I want you to open Windows Explorer (Hit the Windows Key + E simultaneously)

 

Navigate to this directories and delete them both:

 c:\documents and settings\Gordon\Application Data\0D0S1L2Z1P1B

 

Exit Windows Explorer

---------------------------------------------

 

Download Farbar Recovery Scan Tool 32-Bit (FRST.exe) and save it to your desktop.
  •  
  • Double-click FRST.EXE run it. When the tool opens click Yes to disclaimer.
  •  
  • Press Scan button.
  •  
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  •  
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

-----------------------------------------------------------

 

Please update MBAM and run another Quick Scan.

 

Post the MBAM log in your next reply

 

-------------------------------------------------------------

 

If you are having trouble downloading the troubleshooting tools I'm directing you to use, then please download them to a USB stick (or CD) on a clean computer and transfer them over to the desktop of the computer we're working on.

 

PS. I have been having trouble reaching Bleeping Computer today (& yesterday) so you should know that if you're experiencing the same issue, it's not due to your computer's infection.

Share this post


Link to post
Share on other sites

Please read my reply above first.

 

Due to the inability to reach Bleeping Computer, I'm giving you an alternate download for AdwCleaner (it is the Xplode, the author's website):

http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner

 

Just click the green arrow on the right to download.

 

An alternate download for the FRST tool can be found  >>HERE<<

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.