Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows desktop won't fully load; suspect malware

Started by Lamont_Cranston , May 29 2017 03:45 PM

  • Please log in to reply

#1
Lamont_Cranston
Posted 29 May 2017 - 03:45 PM

Lamont_Cranston

    Member

  • Member
  • PipPip
  • 36 posts

After firing up my PC and clicking my user icon I see no taskbar or icons on the desktop, just a cursor.  I can summon Task Manager using Ctrl+Alt+Del and explorer.exe is no longer a listed process.  If I reboot into Safe Mode explorer.exe works. 

 

After updating each, I've run full scans with the following:

 

Bitdefender AV

MBAM

MS Safety Scanner

TDSS Killer

Panda Cloud Cleaner (online)

 

None of the above detected anything except the Panda online scan, which found a hijacker and deleted it.  I've continued to update MBAM in Safe Mode and run scans; it hasn't detected anything.

 

Prior to the Panda scan I used System Restore in Safe Mode and returned to a day before the problem started.  When the issue returned later, I tried System Restore again and couldn't get back to an earlier restore point.

 

Here are my FRST logs:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2017
Ran by dave (administrator) on BADDABING (24-05-2017 20:52:52)
Running from C:\Documents and Settings\dave\My Documents\Downloads
Loaded Profiles: dave (Available Profiles: steveo & dean & dave)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-17] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2650576 2017-05-12] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19] (Intel Corporation)
Winlogon\Notify\NavLogon:
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-57989841-179605362-1644491937-1005\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [1224896 2016-11-13] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\Policies\Explorer: [NoSetActiveDesktop] 0
Startup: C:\Documents and Settings\steveo\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-10-09]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864 2010-05-18] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{2CE76E6F-8826-4E90-8653-9EFFF1ED8DA0}: [DhcpNameServer] 192.168.0.1 205.171.3.25

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-57989841-179605362-1644491937-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://qwest.live.com
HKU\S-1-5-21-57989841-179605362-1644491937-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qwest.live.com
HKU\S-1-5-21-57989841-179605362-1644491937-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-30] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-30] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\dave\Application Data\Mozilla\Firefox\Profiles\omdtrzrs.default [2017-05-24]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-11-04] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-29] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-07-21] ()
FF Plugin: @emusic.com/dlm-plugin -> C:\Program Files\eMusic Download Manager\plugin\npemusic.dll [2010-01-20] (eMusic.com)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-30] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2010-07-21]

Chrome:
=======
StartMenuInternet: Google Chrome - C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 EMET_Service; C:\Program Files\EMET 5.0\EMET_Service.exe [31880 2014-07-30] (Microsoft Corporation)
S2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [67592 2016-03-02] (Bitdefender)
S2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2017-05-12] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [652360 2012-01-13] (Malwarebytes Corporation)
S2 sprtlisten; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe [1213728 2008-01-08] (SupportSoft, Inc.)
S2 sprtsvc_quickcare; C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe [206120 2010-01-16] (SupportSoft, Inc.)
S3 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [382320 2010-01-16] (SupportSoft, Inc.)
S2 tgsrvc_quickcare; C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe [185640 2010-01-16] (SupportSoft, Inc.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U3 .redbook; ? [0 2017-05-24] () <==== ATTENTION (zero byte File/Folder)
S0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
S3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
S3 BCM42XX; C:\WINDOWS\System32\DRIVERS\bcm42xx5.sys [54271 2001-08-17] (Broadcom Corporation)
S3 BCM44X2; C:\WINDOWS\System32\DRIVERS\BCM4E5.SYS [26568 2001-08-17] (Broadcom Corporation)
S3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S1 bdftdif; C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys [148600 2013-04-17] (Bitdefender SRL)
S1 bdselfpr; C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys [135472 2013-07-16] (BitDefender LLC)
S3 cmuda3; C:\WINDOWS\System32\drivers\cmudax3.sys [1512960 2010-02-26] (C-Media Inc)
S1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [59872 2017-05-12] ()
S1 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [164952 2013-04-22] (BitDefender LLC)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [20464 2011-12-10] (Malwarebytes Corporation) [File not signed]
S0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
U0 aswVmm; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 cerc6; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-24 20:51 - 2017-05-24 20:52 - 00000000 ____D C:\FRST
2017-05-24 20:38 - 2017-05-24 20:38 - 00000633 _____ C:\Documents and Settings\dave\Desktop\Shortcut to FRST.lnk
2017-05-24 19:30 - 2017-05-24 19:32 - 00118940 _____ C:\TDSSKiller.3.1.0.15_24.05.2017_19.30.57_log.txt
2017-05-24 19:27 - 2017-05-24 19:27 - 00000364 _____ C:\TDSSKiller.3.1.0.9_24.05.2017_19.27.51_log.txt
2017-05-24 18:00 - 2017-05-24 18:00 - 00000000 ____D C:\Documents and Settings\dave\Local Settings\Application Data\ESET
2017-05-24 18:00 - 2017-05-24 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
2017-05-24 18:00 - 2017-05-24 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
2017-05-24 17:59 - 2017-05-24 17:59 - 00000000 ____D C:\Program Files\MS Safety Scanner
2017-05-24 17:59 - 2017-05-24 17:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
2017-05-24 17:59 - 2017-05-24 17:59 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus Free Edition
2017-05-24 15:21 - 2015-09-14 13:03 - 00038520 _____ C:\WINDOWS\system32\Drivers\DasPtct.SYS
2017-05-24 15:19 - 2017-05-24 15:19 - 00000935 _____ C:\Documents and Settings\All Users\Desktop\Panda Cloud Cleaner.lnk
2017-05-24 15:19 - 2017-05-24 15:19 - 00000000 ____D C:\Program Files\Panda Security
2017-05-24 13:00 - 2017-05-24 18:00 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2017-05-24 13:00 - 2017-05-24 13:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2017-05-24 08:35 - 2017-05-24 08:35 - 00000000 ____D C:\Program Files\CPUID
2017-05-24 08:11 - 2017-05-24 08:11 - 01892136 _____ (Malwarebytes ) C:\Program Files\mbae-setup-1.09.1.1410.exe
2017-05-23 21:24 - 2017-05-23 21:24 - 00242504 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2017-05-23 21:15 - 2017-05-23 21:34 - 00038233 _____ C:\Documents and Settings\All Users\Application Data\1495592126.3180.bin
2017-05-23 21:15 - 2017-05-23 21:34 - 00018945 _____ C:\Documents and Settings\All Users\Application Data\1495592126.3508.bin
2017-05-23 21:15 - 2017-05-23 21:16 - 00103736 _____ C:\Documents and Settings\All Users\Application Data\1495592126.3408.bin
2017-05-23 21:15 - 2017-05-23 21:16 - 00012114 _____ C:\Documents and Settings\All Users\Application Data\1495592126.3244.bin
2017-05-23 21:15 - 2017-05-23 21:16 - 00003557 _____ C:\Documents and Settings\All Users\Application Data\1495592126.3240.bin
2017-05-23 21:15 - 2017-05-23 21:15 - 00037164 _____ C:\Documents and Settings\All Users\Application Data\1495592123.bdinstall.bin
2017-05-23 19:39 - 2017-05-23 19:39 - 00039356 _____ C:\Documents and Settings\All Users\Application Data\1495586334.bdinstall.bin
2017-05-23 19:38 - 2017-05-23 19:38 - 00037190 _____ C:\Documents and Settings\All Users\Application Data\1495586332.bdinstall.bin
2017-05-23 12:24 - 2017-05-23 12:24 - 00000000 ____D C:\Documents and Settings\steveo\Start Menu\Programs\Google Chrome
2017-05-23 09:09 - 2017-05-23 09:09 - 00010712 _____ C:\Documents and Settings\All Users\Application Data\1495548528.1236.bin
2017-05-23 09:08 - 2017-05-23 09:21 - 00039169 _____ C:\Documents and Settings\All Users\Application Data\1495548528.1904.bin
2017-05-23 09:08 - 2017-05-23 09:09 - 00023516 _____ C:\Documents and Settings\All Users\Application Data\1495548528.268.bin
2017-05-23 09:08 - 2017-05-23 09:09 - 00003256 _____ C:\Documents and Settings\All Users\Application Data\1495548528.244.bin
2017-05-23 09:08 - 2017-05-23 09:09 - 00002102 _____ C:\Documents and Settings\All Users\Application Data\1495548528.240.bin
2017-05-23 09:08 - 2017-05-23 09:08 - 00035994 _____ C:\Documents and Settings\All Users\Application Data\1495548521.bdinstall.bin
2017-05-22 12:03 - 2017-05-22 12:07 - 00117518 _____ C:\TDSSKiller.3.1.0.15_22.05.2017_12.03.54_log.txt
2017-05-22 11:58 - 2017-05-22 11:58 - 00000366 _____ C:\TDSSKiller.3.0.0.44_22.05.2017_11.58.19_log.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-24 20:53 - 2012-03-30 08:10 - 00000000 ____D C:\Documents and Settings\dave\Local Settings\temp
2017-05-24 20:50 - 2016-11-08 20:30 - 01285696 _____ C:\WINDOWS\ntbtlog.txt
2017-05-24 19:29 - 2016-12-25 14:21 - 00000000 ____D C:\Documents and Settings\dean\My Documents\GEICO Damage Inspection Cancellation Confirmation_files
2017-05-24 19:29 - 2016-12-18 10:12 - 00000000 ____D C:\Documents and Settings\dean\My Documents\Gold Nugget Army Surplus  Invoice 11876_files
2017-05-24 19:29 - 2010-08-22 00:14 - 00000000 ___RD C:\Documents and Settings\dean\My Documents\My Music
2017-05-24 18:10 - 2008-04-13 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-05-24 18:09 - 2016-08-11 12:33 - 00000400 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1470936737.job
2017-05-24 18:09 - 2010-08-22 00:14 - 00000178 ___SH C:\Documents and Settings\dean\ntuser.ini
2017-05-24 18:09 - 2010-08-21 21:47 - 00032124 _____ C:\WINDOWS\SchedLgU.Txt
2017-05-24 18:09 - 2010-08-21 21:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-24 17:59 - 2010-08-21 21:40 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-24 17:58 - 2016-11-04 20:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-24 17:58 - 2012-05-04 23:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-05-24 17:46 - 2010-08-22 22:42 - 00000178 ___SH C:\Documents and Settings\dave\ntuser.ini
2017-05-24 14:44 - 2010-08-22 03:20 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-05-24 14:23 - 2016-09-24 06:52 - 00277063 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-57989841-179605362-1644491937-1004-0.dat
2017-05-24 14:23 - 2016-09-19 16:45 - 00151982 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-05-24 14:17 - 2012-03-30 08:10 - 00000000 ____D C:\Documents and Settings\dean\Local Settings\temp
2017-05-24 13:54 - 2010-08-22 22:42 - 00000000 ___RD C:\Documents and Settings\dave\My Documents
2017-05-24 13:37 - 2010-10-18 21:03 - 00000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-1644491937-1003UA.job
2017-05-24 11:43 - 2016-08-12 22:06 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-05-24 10:37 - 2010-10-18 21:03 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-1644491937-1003Core.job
2017-05-24 06:27 - 2014-03-26 18:25 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-05-23 20:08 - 2010-08-21 09:32 - 00000327 __RSH C:\boot.ini
2017-05-23 20:08 - 2008-04-13 18:00 - 00000507 _____ C:\WINDOWS\win.ini
2017-05-23 20:08 - 2008-04-13 18:00 - 00000227 _____ C:\WINDOWS\system.ini
2017-05-23 19:03 - 2016-09-19 15:27 - 00000000 ____D C:\Program Files\Bitdefender
2017-05-23 12:24 - 2010-08-22 22:42 - 00000000 ____D C:\Documents and Settings\dave
2017-05-23 12:24 - 2010-08-22 00:14 - 00000000 ____D C:\Documents and Settings\dean
2017-05-23 12:24 - 2010-08-21 21:49 - 00000000 ____D C:\Documents and Settings\steveo
2017-05-23 12:24 - 2010-08-21 21:47 - 00000000 __SHD C:\Documents and Settings\NetworkService
2017-05-23 12:24 - 2010-08-21 21:47 - 00000000 __SHD C:\Documents and Settings\LocalService
2017-05-23 12:24 - 2010-08-21 21:39 - 00000000 ____D C:\WINDOWS\Registration
2017-05-22 19:39 - 2012-03-30 08:10 - 00000000 ____D C:\Documents and Settings\steveo\Local Settings\temp
2017-05-22 12:08 - 2010-08-21 23:33 - 00000000 ____D C:\Documents and Settings\steveo\Application Data\Adobe
2017-05-22 12:01 - 2014-05-18 22:33 - 00000000 ____D C:\Program Files\TDSSkiller
2017-05-22 10:42 - 2010-08-21 22:02 - 00000000 ____D C:\Documents and Settings\steveo\Application Data\Mozilla
2017-05-22 10:32 - 2010-08-23 18:30 - 00000000 ____D C:\Program Files\Google
2017-05-22 10:28 - 2010-08-21 22:17 - 00000000 ____D C:\Documents and Settings\steveo\Application Data\Apple Computer
2017-05-22 08:16 - 2012-03-29 22:25 - 00000000 __SHD C:\WINDOWS\CSC
2017-05-08 19:15 - 2014-03-26 18:25 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-05-01 23:55 - 2016-11-13 20:09 - 00000364 _____ C:\WINDOWS\Tasks\jucheck.job

==================== Files in the root of some directories =======

2016-10-05 20:25 - 2016-10-05 20:26 - 48013312 _____ () C:\Program Files\AdbeRdrUpd11017.msp
2016-09-19 14:10 - 2016-09-19 14:15 - 0196944 _____ () C:\Program Files\Antivirus_Free_Edition.exe
2016-09-19 15:11 - 2016-09-19 15:11 - 10056744 _____ () C:\Program Files\Antivirus_Free_Edition_x86.exe
2016-09-18 11:48 - 2016-09-18 11:48 - 8244656 _____ (Piriform Ltd) C:\Program Files\ccsetup522.exe
2016-09-05 13:54 - 2016-09-05 13:54 - 1718016 _____ (                                                            ) C:\Program Files\cpu-z_1.77-en.exe
2016-09-07 16:08 - 2016-09-07 16:08 - 0473291 _____ () C:\Program Files\Everything-1.3.4.686.x86-Setup.exe
2016-09-08 04:37 - 2016-09-08 04:37 - 0450352 _____ (Microsoft Corporation) C:\Program Files\FixitCenter_Run_2012.exe
2017-05-24 08:11 - 2017-05-24 08:11 - 1892136 _____ (Malwarebytes                                                ) C:\Program Files\mbae-setup-1.09.1.1410.exe
2016-08-11 09:58 - 2016-08-11 10:00 - 37689480 _____ (Opera Software) C:\Program Files\Opera_winxpvista_36.0.2130.80_Setup.exe
2016-09-19 09:39 - 2016-09-19 09:39 - 0146112 _____ () C:\Program Files\regscanner_setup.exe
2011-12-09 15:04 - 2011-12-09 15:07 - 0000112 _____ () C:\Documents and Settings\All Users\Application Data\0sJT3AhC.dat
2016-09-19 15:30 - 2016-09-19 15:30 - 0218835 _____ () C:\Documents and Settings\All Users\Application Data\1474315919.bdinstall.bin
2016-11-11 00:17 - 2016-11-11 00:17 - 0037173 _____ () C:\Documents and Settings\All Users\Application Data\1478841434.bdinstall.bin
2016-11-11 00:17 - 2016-11-11 01:00 - 0038217 _____ () C:\Documents and Settings\All Users\Application Data\1478841439.2772.bin
2016-11-11 00:17 - 2016-11-11 01:01 - 0018886 _____ () C:\Documents and Settings\All Users\Application Data\1478841439.3056.bin
2016-11-11 00:17 - 2016-11-11 00:18 - 0003557 _____ () C:\Documents and Settings\All Users\Application Data\1478841439.3884.bin
2016-11-11 00:17 - 2016-11-11 00:18 - 0010417 _____ () C:\Documents and Settings\All Users\Application Data\1478841439.3888.bin
2016-11-11 00:17 - 2016-11-11 00:18 - 0106083 _____ () C:\Documents and Settings\All Users\Application Data\1478841439.688.bin
2017-05-23 09:08 - 2017-05-23 09:08 - 0035994 _____ () C:\Documents and Settings\All Users\Application Data\1495548521.bdinstall.bin
2017-05-23 09:09 - 2017-05-23 09:09 - 0010712 _____ () C:\Documents and Settings\All Users\Application Data\1495548528.1236.bin
2017-05-23 09:08 - 2017-05-23 09:21 - 0039169 _____ () C:\Documents and Settings\All Users\Application Data\1495548528.1904.bin
2017-05-23 09:08 - 2017-05-23 09:09 - 0002102 _____ () C:\Documents and Settings\All Users\Application Data\1495548528.240.bin
2017-05-23 09:08 - 2017-05-23 09:09 - 0003256 _____ () C:\Documents and Settings\All Users\Application Data\1495548528.244.bin
2017-05-23 09:08 - 2017-05-23 09:09 - 0023516 _____ () C:\Documents and Settings\All Users\Application Data\1495548528.268.bin
2017-05-23 19:38 - 2017-05-23 19:38 - 0037190 _____ () C:\Documents and Settings\All Users\Application Data\1495586332.bdinstall.bin
2017-05-23 19:39 - 2017-05-23 19:39 - 0039356 _____ () C:\Documents and Settings\All Users\Application Data\1495586334.bdinstall.bin
2017-05-23 21:15 - 2017-05-23 21:15 - 0037164 _____ () C:\Documents and Settings\All Users\Application Data\1495592123.bdinstall.bin
2017-05-23 21:15 - 2017-05-23 21:34 - 0038233 _____ () C:\Documents and Settings\All Users\Application Data\1495592126.3180.bin
2017-05-23 21:15 - 2017-05-23 21:16 - 0003557 _____ () C:\Documents and Settings\All Users\Application Data\1495592126.3240.bin
2017-05-23 21:15 - 2017-05-23 21:16 - 0012114 _____ () C:\Documents and Settings\All Users\Application Data\1495592126.3244.bin
2017-05-23 21:15 - 2017-05-23 21:16 - 0103736 _____ () C:\Documents and Settings\All Users\Application Data\1495592126.3408.bin
2017-05-23 21:15 - 2017-05-23 21:34 - 0018945 _____ () C:\Documents and Settings\All Users\Application Data\1495592126.3508.bin

Some files in TEMP:
====================
2016-10-30 15:42 - 2016-10-30 15:42 - 0737856 _____ (Oracle Corporation) C:\Documents and Settings\dean\Local Settings\temp\jre-8u111-windows-au.exe
2015-10-07 13:17 - 2015-10-07 13:17 - 0585824 _____ (Oracle Corporation) C:\Documents and Settings\dean\Local Settings\temp\jre-8u65-windows-au.exe
2015-11-10 10:59 - 2015-11-10 10:59 - 0585824 _____ (Oracle Corporation) C:\Documents and Settings\dean\Local Settings\temp\jre-8u66-windows-au.exe
2015-12-23 13:48 - 2015-12-23 13:48 - 0644704 _____ (Oracle Corporation) C:\Documents and Settings\dean\Local Settings\temp\jre-8u71-windows-au.exe
2016-01-30 03:10 - 2016-01-30 03:10 - 0736352 _____ (Oracle Corporation) C:\Documents and Settings\dean\Local Settings\temp\jre-8u73-windows-au.exe
2016-05-27 05:43 - 2016-05-27 05:43 - 0739904 _____ (Oracle Corporation) C:\Documents and Settings\dean\Local Settings\temp\jre-8u91-windows-au.exe
2016-09-18 17:58 - 2016-09-18 17:58 - 0000000 _____ () C:\Documents and Settings\dean\Local Settings\temp\ob9zvrxh.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2017
Ran by dave (24-05-2017 20:54:07)
Running from C:\Documents and Settings\dave\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-08-22 02:46:34)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-57989841-179605362-1644491937-500 - Administrator - Enabled)
ASPNET (S-1-5-21-57989841-179605362-1644491937-1006 - Limited - Enabled)
dave (S-1-5-21-57989841-179605362-1644491937-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\dave
dean (S-1-5-21-57989841-179605362-1644491937-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\dean
Guest (S-1-5-21-57989841-179605362-1644491937-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-57989841-179605362-1644491937-1000 - Limited - Disabled)
steveo (S-1-5-21-57989841-179605362-1644491937-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\steveo
SUPPORT_388945a0 (S-1-5-21-57989841-179605362-1644491937-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.32 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 23 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{85991ED2-010C-4930-96FA-52F43C2CE98A}) (Version: 3.1.0.62 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}) (Version: 3.29 - Broadcom)
Broadcom 440x 10/100 Integrated Controller (Version: 3.29 - Broadcom) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Diamond Xtreme Audio (HKLM\...\C-Media PCI Sound) (Version:  - )
EMET 5.0 (HKLM\...\{FDDEBC40-9491-4978-8EF7-3FABA86595FB}) (Version: 5.0 - Microsoft Corporation)
eMusic Download Manager 4.1.4 (HKLM\...\eMusic Download Manager) (Version: 4.1.4 - eMusic, Inc.)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version:  - )
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
iTunes (HKLM\...\{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}) (Version: 9.2.1.5 - Apple Inc.)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Mahjongg Dimensions Deluxe (HKLM\...\am-mahjonggdimensionsdeluxe) (Version:  - )
Malwarebytes Anti-Exploit version 1.9.1.1410 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1410 - Malwarebytes)
Malwarebytes Anti-Malware version 1.60.1.1000 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.60.1.1000 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Mozilla Firefox 52.1.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.1.2 ESR (x86 en-US)) (Version: 52.1.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.1.2.6346 - Mozilla)
Mozilla Thunderbird (3.1.20) (HKLM\...\Mozilla Thunderbird (3.1.20)) (Version: 3.1.20 (en-US) - Mozilla)
NirSoft RegScanner (HKLM\...\NirSoft RegScanner) (Version:  - )
OpenOffice.org 3.2 (HKLM\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org)
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies™ (HKLM\...\am-plantsvszombiestm) (Version:  - )
Qwest Installer (HKLM\...\{C96FF998-45BD-411E-9253-B7F2660FE280}) (Version: 1.0 - Qwest Communications International Inc.)
Qwest Personal Digital Vault™ (HKLM\...\{746FB02B-1D03-43B7-917A-E1341AB69A00}) (Version: 1.0.0002 - Qwest)
Qwest QuickAssist Desktop Tools (HKLM\...\{A63E18AC-B504-4045-AFE6-A279BBABB988}) (Version: 23 - SupportSoft)
Qwest Quickcare 2.7 (HKLM\...\QwestQuickCare_is1) (Version: 2.7.1002.1512 - Qwest)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rhapsody (HKLM\...\Rhapsody) (Version:  - )
Roads of Rome (HKLM\...\am-roadsofrome) (Version:  - )
VLC media player 1.1.3 (HKLM\...\VLC media player) (Version: 1.1.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-57989841-179605362-1644491937-1005_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll => No File

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-1644491937-1003Core.job => C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-1644491937-1003UA.job => C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\jucheck.job => C:\Program Files\Common Files\Java\Java Update\jucheck.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1470936737.job => C:\Program Files\Opera\launcher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2008-04-13 18:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\Antivirus_Free_Edition.exe:SummaryInformation [43]
AlternateDataStreams: C:\Program Files\Antivirus_Free_Edition.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Program Files\mbae-setup-1.09.1.1410.exe:BDU [0]
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB26929$:SummaryInformation [0]
AlternateDataStreams: C:\Documents and Settings\dean\My Documents\K20 Truck Parts List.rtf:SummaryInformation [43]
AlternateDataStreams: C:\Documents and Settings\dean\My Documents\K20 Truck Parts List.rtf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
river"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03833947.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-03-29 22:52 - 2012-03-30 07:57 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-57989841-179605362-1644491937-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.0.1 - 205.171.3.25
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Qwest Personal Digital Vault => "C:\Program Files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe" /m
MSCONFIG\startupreg: QwestTouchPointAgent => "C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe" /autostart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Enabled:Network Diagnostic for Windows XP
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

==================== Restore Points =========================

23-02-2017 17:29:47 System Checkpoint
24-02-2017 17:35:54 System Checkpoint
25-02-2017 17:42:44 System Checkpoint
26-02-2017 18:32:40 System Checkpoint
27-02-2017 19:14:09 System Checkpoint
28-02-2017 20:10:44 System Checkpoint
01-03-2017 22:05:02 System Checkpoint
02-03-2017 23:08:10 System Checkpoint
03-03-2017 23:47:16 System Checkpoint
05-03-2017 00:29:44 System Checkpoint
06-03-2017 02:04:07 System Checkpoint
07-03-2017 03:08:10 System Checkpoint
08-03-2017 03:42:36 System Checkpoint
09-03-2017 04:42:30 System Checkpoint
10-03-2017 05:11:23 System Checkpoint
11-03-2017 06:27:41 System Checkpoint
12-03-2017 07:03:49 System Checkpoint
13-03-2017 07:37:43 System Checkpoint
14-03-2017 08:37:18 System Checkpoint
15-03-2017 03:00:44 Software Distribution Service 3.0
16-03-2017 03:30:21 System Checkpoint
17-03-2017 03:56:38 System Checkpoint
18-03-2017 04:14:13 System Checkpoint
19-03-2017 04:43:34 System Checkpoint
20-03-2017 05:00:41 System Checkpoint
21-03-2017 06:11:54 System Checkpoint
22-03-2017 06:56:40 System Checkpoint
23-03-2017 06:57:44 System Checkpoint
24-03-2017 07:12:23 System Checkpoint
25-03-2017 07:34:09 System Checkpoint
26-03-2017 08:24:18 System Checkpoint
27-03-2017 09:16:41 System Checkpoint
28-03-2017 09:26:10 System Checkpoint
30-03-2017 18:07:33 System Checkpoint
31-03-2017 18:20:29 System Checkpoint
01-04-2017 19:10:28 System Checkpoint
02-04-2017 19:32:14 System Checkpoint
03-04-2017 19:40:35 System Checkpoint
04-04-2017 20:21:22 System Checkpoint
05-04-2017 21:05:00 System Checkpoint
06-04-2017 22:03:53 System Checkpoint
07-04-2017 22:59:45 System Checkpoint
08-04-2017 23:09:41 System Checkpoint
09-04-2017 23:35:29 System Checkpoint
10-04-2017 23:36:32 System Checkpoint
11-04-2017 23:38:14 Software Distribution Service 3.0
13-04-2017 00:24:15 System Checkpoint
14-04-2017 01:24:13 System Checkpoint
15-04-2017 01:48:07 System Checkpoint
16-04-2017 02:33:44 System Checkpoint
17-04-2017 03:24:05 System Checkpoint
18-04-2017 04:15:51 System Checkpoint
19-04-2017 04:24:08 System Checkpoint
20-04-2017 04:25:12 System Checkpoint
21-04-2017 05:25:40 System Checkpoint
22-04-2017 05:30:39 System Checkpoint
23-04-2017 11:05:48 System Checkpoint
24-04-2017 11:35:31 System Checkpoint
25-04-2017 11:53:48 System Checkpoint
26-04-2017 12:33:46 System Checkpoint
27-04-2017 13:21:52 System Checkpoint
28-04-2017 14:00:22 System Checkpoint
29-04-2017 14:57:42 System Checkpoint
30-04-2017 15:49:07 System Checkpoint
01-05-2017 16:49:03 System Checkpoint
02-05-2017 17:48:56 System Checkpoint
03-05-2017 18:35:24 System Checkpoint
04-05-2017 19:20:58 System Checkpoint
05-05-2017 19:29:02 System Checkpoint
06-05-2017 19:56:49 System Checkpoint
07-05-2017 20:32:50 System Checkpoint
08-05-2017 20:59:44 System Checkpoint
09-05-2017 21:24:30 System Checkpoint
10-05-2017 05:54:02 Software Distribution Service 3.0
11-05-2017 06:47:31 System Checkpoint
13-05-2017 06:41:38 System Checkpoint
14-05-2017 06:58:41 System Checkpoint
15-05-2017 07:41:33 System Checkpoint
16-05-2017 19:50:31 System Checkpoint
17-05-2017 20:05:13 System Checkpoint
18-05-2017 21:13:47 System Checkpoint
19-05-2017 22:02:19 System Checkpoint
20-05-2017 22:03:29 System Checkpoint
21-05-2017 23:02:21 System Checkpoint
23-05-2017 07:30:25 Restore Operation
23-05-2017 12:21:19 Restore Operation
24-05-2017 17:07:37 Restore Operation
24-05-2017 17:17:01 Restore Operation
24-05-2017 18:11:01 Restore Operation

==================== Faulty Device Manager Devices =============

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (05/24/2017 06:12:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avc3
bdftdif
bdselfpr
ESProtectionDriver
Fips
gzflt
intelppm
trufos

Error: (05/24/2017 06:11:06 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/24/2017 06:02:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/24/2017 06:02:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

Error: (05/24/2017 05:58:18 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/24/2017 05:57:30 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/24/2017 05:46:21 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/24/2017 05:18:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avc3
bdftdif
bdselfpr
ESProtectionDriver
Fips
gzflt
intelppm
trufos

Error: (05/24/2017 05:17:07 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/24/2017 05:12:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.20GHz
Percentage of memory in use: 71%
Total physical RAM: 759 MB
Available physical RAM: 215.25 MB
Total Virtual: 1853.77 MB
Available Virtual: 1365.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.47 GB) (Free:49.6 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Edited by Lamont_Cranston, 29 May 2017 - 04:00 PM.

  • 0

Advertisements

#2
RKinner
Posted 31 May 2017 - 05:54 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
ComboFix
 
:!: It must be saved to your desktop, do not run it from your browser:!:
 
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
 
 
Download and Save this file --  to your Desktop -- from either of these two sources:
 
Double click on ComboFix to start the program.  
 
 
 
    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
 
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
 
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

  • 0

#3
Lamont_Cranston
Posted 31 May 2017 - 09:01 AM

Lamont_Cranston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Thanks for the reply.  I have to use Safe Mode to access the web.  I've downloaded Combofix and pasted it to my desktop. 

 

I read through your disabling link.  My Bitdefender Free AV hasn't worked in Safe Mode, but Windows Firewall appears to be working.  Do I need to turn the firewall off before running Combofix and if so, how do I disable it from Safe Mode?


Edited by Lamont_Cranston, 31 May 2017 - 09:08 AM.

  • 0

#4
RKinner
Posted 31 May 2017 - 09:08 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

No you can just run it.  It may complain but it will run anyway.


  • 0

#5
Lamont_Cranston
Posted 31 May 2017 - 09:19 AM

Lamont_Cranston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Okay, I'll run it.  Just noticed the drive light on my tower is dead.  How long should I stay away from the PC before checking on Combofix?


  • 0

#6
RKinner
Posted 31 May 2017 - 09:20 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

It claims 10-15 minutes but with larger drives it can take an hour.


  • 0

#7
Lamont_Cranston
Posted 31 May 2017 - 09:34 AM

Lamont_Cranston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Thanks.  I'll play it safe and wait an hour, maybe a little longer.  I'll be back with the file soon after.


  • 0

#8
Lamont_Cranston
Posted 31 May 2017 - 11:02 AM

Lamont_Cranston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Combofix log pasted below.  Sorry for the delay; took a bit of doing to get it.

 

 

ComboFix 17-05-16.01 - dave 05/31/2017  11:26:30.3.1 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.759.632 [GMT -5:00]
Running from: c:\documents and settings\dave\Desktop\ComboFix.exe
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9488E0FA-F058-4673-850E-E755F112BABC}
FW:  *Enabled* {9488E0FA-F058-4673-850E-E755F112BABC}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1474315919.bdinstall.bin
c:\documents and settings\All Users\Application Data\1478841434.bdinstall.bin
c:\documents and settings\All Users\Application Data\1478841439.2772.bin
c:\documents and settings\All Users\Application Data\1478841439.3056.bin
c:\documents and settings\All Users\Application Data\1478841439.3884.bin
c:\documents and settings\All Users\Application Data\1478841439.3888.bin
c:\documents and settings\All Users\Application Data\1478841439.688.bin
c:\documents and settings\All Users\Application Data\1495548521.bdinstall.bin
c:\documents and settings\All Users\Application Data\1495548528.1236.bin
c:\documents and settings\All Users\Application Data\1495548528.1904.bin
c:\documents and settings\All Users\Application Data\1495548528.240.bin
c:\documents and settings\All Users\Application Data\1495548528.244.bin
c:\documents and settings\All Users\Application Data\1495548528.268.bin
c:\documents and settings\All Users\Application Data\1495586332.bdinstall.bin
c:\documents and settings\All Users\Application Data\1495586334.bdinstall.bin
c:\documents and settings\All Users\Application Data\1495592123.bdinstall.bin
c:\documents and settings\All Users\Application Data\1495592126.3180.bin
c:\documents and settings\All Users\Application Data\1495592126.3240.bin
c:\documents and settings\All Users\Application Data\1495592126.3244.bin
c:\documents and settings\All Users\Application Data\1495592126.3408.bin
c:\documents and settings\All Users\Application Data\1495592126.3508.bin
c:\program files\FixitCenter_Run_2012.exe
c:\program files\mbae-setup-1.09.1.1410.exe
c:\program files\Opera_winxpvista_36.0.2130.80_Setup.exe
c:\windows\msdownld.tmp
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.redbook
.
.
(((((((((((((((((((((((((   Files Created from 2017-04-28 to 2017-05-31  )))))))))))))))))))))))))))))))
.
.
2017-05-25 03:48 . 2017-05-25 05:28    --------    d-----w-    c:\program files\Farbar
2017-05-25 01:51 . 2017-05-25 01:54    --------    d-----w-    C:\FRST
2017-05-24 23:00 . 2017-05-24 23:00    --------    d-----w-    c:\documents and settings\dave\Local Settings\Application Data\ESET
2017-05-24 22:59 . 2017-05-24 22:59    --------    d-----w-    c:\program files\MS Safety Scanner
2017-05-24 20:21 . 2015-09-14 18:03    38520    ----a-w-    c:\windows\system32\drivers\DasPtct.SYS
2017-05-24 20:19 . 2017-05-24 20:19    --------    d-----w-    c:\program files\Panda Security
2017-05-24 18:00 . 2017-05-24 18:00    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes Anti-Exploit
2017-05-24 18:00 . 2017-05-24 23:00    --------    d-----w-    c:\program files\Malwarebytes Anti-Exploit
2017-05-24 13:35 . 2017-05-24 13:35    --------    d-----w-    c:\program files\CPUID
2017-05-24 02:24 . 2017-05-24 02:24    242504    ----a-w-    c:\windows\system32\drivers\avchv.sys
2017-05-23 17:24 . 2017-05-23 17:24    --------    d-----w-    c:\windows\system32\wbem\Repository
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-06 01:26 . 2016-10-06 01:25    48013312    ----a-w-    c:\program files\AdbeRdrUpd11017.msp
2016-09-19 20:11 . 2016-09-19 20:11    10056744    ----a-w-    c:\program files\Antivirus_Free_Edition_x86.exe
2016-09-19 19:15 . 2016-09-19 19:10    196944    ----a-w-    c:\program files\Antivirus_Free_Edition.exe
2016-09-19 14:39 . 2016-09-19 14:39    146112    ----a-w-    c:\program files\regscanner_setup.exe
2016-09-18 16:48 . 2016-09-18 16:48    8244656    ----a-w-    c:\program files\ccsetup522.exe
2016-09-07 21:08 . 2016-09-07 21:08    473291    ----a-w-    c:\program files\Everything-1.3.4.686.x86-Setup.exe
2016-09-05 18:54 . 2016-09-05 18:54    1718016    ----a-w-    c:\program files\cpu-z_1.77-en.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-12-17 1085656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"Malwarebytes Anti-Exploit"="c:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2017-05-12 2650576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe" [2016-11-13 1224896]
.
c:\documents and settings\steveo\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-08-26 19:23    6868696    ----a-w-    c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qwest Personal Digital Vault]
2009-12-18 18:58    1064808    ----a-w-    c:\program files\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QwestTouchPointAgent]
2010-07-06 19:14    45992    ----a-w-    c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2016-09-23 01:00    587288    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\steveo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
S0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [11/11/2016 1:14 AM 633344]
S0 cerc6;cerc6; [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\mbae.sys [5/24/2017 1:00 PM 59872]
S1 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [9/19/2016 3:27 PM 164952]
S2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [9/19/2016 3:29 PM 67592]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [5/24/2017 1:00 PM 155088]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
S2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\Qwest\Quickcare\bin\sprtsvc.exe [8/22/2010 10:13 AM 206120]
S2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\Qwest\Quickcare\bin\tgsrvc.exe [8/22/2010 10:13 AM 185640]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [9/19/2016 3:29 PM 486536]
S3 BCM42XX;Broadcom iLine10™ Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [8/21/2010 10:43 PM 54271]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;c:\windows\system32\drivers\BCM4E5.SYS [8/21/2010 10:39 PM 26568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/29/2012 11:01 PM 20464]
S4 EMET_Service;Microsoft EMET Service;c:\program files\EMET 5.0\EMET_Service.exe [7/30/2014 8:11 PM 31880]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/29/2012 11:01 PM 652360]
.
Contents of the 'Scheduled Tasks' folder
.
2017-05-24 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-13 14:47]
.
2017-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-1644491937-1003Core.job
- c:\documents and settings\steveo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-19 16:08]
.
2017-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-1644491937-1003UA.job
- c:\documents and settings\steveo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-19 16:08]
.
2017-05-02 c:\windows\Tasks\jucheck.job
- c:\program files\Common Files\Java\Java Update\jucheck.exe [2016-09-23 01:00]
.
2017-05-24 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
.
2017-05-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
.
2017-05-31 c:\windows\Tasks\Opera scheduled Autoupdate 1470936737.job
- c:\program files\Opera\launcher.exe [2016-08-11 12:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://qwest.live.com
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\documents and settings\dave\Application Data\Mozilla\Firefox\Profiles\omdtrzrs.default\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-NavLogon - (no file)
SafeBoot-03833947.sys
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-05-31 11:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,80,9b,c7,f1,79,48,41,99,13,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,80,9b,c7,f1,79,48,41,99,13,0c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1004)
c:\windows\system32\WININET.dll
c:\windows\AppPatch\EMET.DLL
.
Completion time: 2017-05-31  11:48:14 - machine was rebooted
ComboFix-quarantined-files.txt  2017-05-31 16:48
ComboFix2.txt  2012-03-30 13:10
.
Pre-Run: 53,254,606,848 bytes free
Post-Run: 53,934,604,288 bytes free
.
- - End Of File - - 9B181D89DF607DA9FDFCAB73BA4B71E1
8F558EB6672622401DA993E1E865C861
 


  • 0

#9
Lamont_Cranston
Posted 04 June 2017 - 02:59 AM

Lamont_Cranston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

ComboFix found and "fixed" ZeroAccess.  Still no taskbar or icons on the desktop.


  • 0

#10
RKinner
Posted 04 June 2017 - 06:29 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Combofix is complaing about:

 

c:\windows\system32\drivers\i8042prt.sys

 

being missing.  If I remember correctly this file is only used with ps/2 connected mouse/keyboard and is not used with USB connected mouse/keyboard.  Can you confirm that you are not using mouse/leyboard with round connectors?

 

Does your PC have a separate card for handling external hard drives?  If so I assume they are no linger connected.

 

How long did Combofix take anyway?

 

The service .redbook that it removed was one that FRST thought was suspicious.  Normally it flags zero access but it didn't this time.  Back in the XP days Combofix was the best at removing zero access.  The other tool we used a lot was TDSSKiller so let's try it:

 

You can get it at:

 

https://usa.kaspersk...oads/tdsskiller

 

The instructions I have for it are:

 

Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
 
 
Run TDSSKiller again but this time:
before you hit the Scan  hit  Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
 
 
These may be outdated as I haven't used it in years.
 
One other program we can try is 
 

ShellExView.
 
 
Use this download:
 
Once you get it installed, run it and look in the7th column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if that helped.
 
If it still won't give you a desktop then use Ctrl + Alt + Del to get to task manager then File, New Task (Run) and type in
explorer
then OK
 
What happens?

  • 0

Advertisements

#11
Lamont_Cranston
Posted 04 June 2017 - 12:44 PM

Lamont_Cranston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Thanks for getting back to me.  I'll answer your questions first and provide the log files in a follow-up post.  I'll try to provide as much detail as I can and hopefully you'll find it helpful.

 

 

Mouse and keyboard are both USB.  I don't know why the PS/2 driver is missing.  Oddly, after examining those cables my cursor froze and I had to do a hard reboot.

 

This PC doesn't have an external hard drive connected.  Not sure if it has a separate card to support one.

 

I initially downloaded ComboFix using the geekstogo link you posted.  After starting ComboFix the program informed me that Bitdefender Free AV was running.  I found this puzzling because the Bitdefender icon doesn't appear in the tray when booting into Safe Mode.  I launched the AV from the Start menu a couple of times last week and the tray icon was shaded to indicate it was disabled.  Trying to enable the protections manually didn't work and rebooting the machine as Bitdefender instructed didn't help.  My AV hasn't received any updates since May 24th.

 

I assumed Bitdefender was still down when I ran ComboFix.  Sure enough, when I started the AV from the menu after the ComboFix alert it appeared to be up and running.  I disabled the protections and exited Bitdefender, but to be thorough I launched it a second time.  To my surprise the protections were enabled again.  I then disabled the AV and didn't exit the program.

 

Going back to ComboFix, a window popped up advising me that I had an "expired" version that would only work with reduced functionality--did I want to continue anyway or exit?  I chose exit and downloaded ComboFix from the other link you posted.  This version appeared to be up to date, but still informed me that Bitdefender was active even though the tray icon was shaded.  At this point I figured the AV status was being misreported so I let ComboFix run its course. 

 

The full ComboFix scan took less than half an hour.  After finding the ZeroAccess trojan/rootkit I was instructed to reboot the machine.  Had to do this twice to get back to Safe Mode, and this is where I found the log file on my desktop.  Now you know why it took awhile to get the log you requested.

 

Updated and ran TDSS Killer in Safe Mode after my symptoms first appeared.  It didn't find anything.  Following your instructions, I'll download a fresh version to my desktop and run the 2 scans you requested.  You'll find the results in post #12. 

 

I'll let you know what happens with ShellExView and the Task Manager fix in the same post.


Edited by Lamont_Cranston, 04 June 2017 - 12:46 PM.

  • 0

#12
Lamont_Cranston
Posted 04 June 2017 - 03:42 PM

Lamont_Cranston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Here are the results of the first TDSSKiller scan:

 

14:09:23.0906 0x03b8  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
14:11:48.0343 0x03b8  ============================================================
14:11:48.0343 0x03b8  Current date / time: 2017/06/04 14:11:48.0343
14:11:48.0343 0x03b8  SystemInfo:
14:11:48.0343 0x03b8  
14:11:48.0343 0x03b8  OS Version: 5.1.2600 ServicePack: 3.0
14:11:48.0343 0x03b8  Product type: Workstation
14:11:48.0343 0x03b8  ComputerName: BADDABING
14:11:48.0343 0x03b8  UserName: dave
14:11:48.0343 0x03b8  Windows directory: C:\WINDOWS
14:11:48.0343 0x03b8  System windows directory: C:\WINDOWS
14:11:48.0343 0x03b8  Processor architecture: Intel x86
14:11:48.0343 0x03b8  Number of processors: 1
14:11:48.0343 0x03b8  Page size: 0x1000
14:11:48.0343 0x03b8  Boot type: Safe boot with network
14:11:48.0343 0x03b8  ============================================================
14:11:53.0468 0x03b8  KLMD registered as C:\WINDOWS\system32\drivers\91421899.sys
14:11:53.0468 0x03b8  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 2600.6419, osProperties = 0x0
14:11:53.0906 0x03b8  System UUID: {8BE41F93-6EA6-B673-4168-522EDE6D4AA9}
14:11:55.0156 0x03b8  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 ( 74.51 Gb ), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:11:55.0171 0x03b8  ============================================================
14:11:55.0171 0x03b8  \Device\Harddisk0\DR0:
14:11:55.0171 0x03b8  MBR partitions:
14:11:55.0171 0x03b8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x94EEEB9
14:11:55.0171 0x03b8  ============================================================
14:11:55.0218 0x03b8  C: <-> \Device\Harddisk0\DR0\Partition1
14:11:55.0234 0x03b8  ============================================================
14:11:55.0250 0x03b8  Initialize success
14:11:55.0250 0x03b8  ============================================================
14:12:11.0375 0x05f8  ============================================================
14:12:11.0375 0x05f8  Scan started
14:12:11.0375 0x05f8  Mode: Manual;
14:12:11.0375 0x05f8  ============================================================
14:12:11.0375 0x05f8  KSN ping started
14:12:14.0046 0x05f8  KSN ping finished: true
14:12:15.0546 0x05f8  ================ Scan system memory ========================
14:12:15.0546 0x05f8  System memory - ok
14:12:15.0578 0x05f8  ================ Scan services =============================
14:12:15.0921 0x05f8  Abiosdsk - ok
14:12:15.0968 0x05f8  abp480n5 - ok
14:12:16.0062 0x05f8  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:12:16.0078 0x05f8  ACPI - ok
14:12:16.0218 0x05f8  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:12:16.0218 0x05f8  ACPIEC - ok
14:12:16.0265 0x05f8  adpu160m - ok
14:12:16.0359 0x05f8  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:12:16.0359 0x05f8  aec - ok
14:12:16.0484 0x05f8  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:12:16.0500 0x05f8  AFD - ok
14:12:16.0531 0x05f8  Aha154x - ok
14:12:16.0609 0x05f8  aic78u2 - ok
14:12:16.0671 0x05f8  aic78xx - ok
14:12:16.0812 0x05f8  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:12:16.0812 0x05f8  Alerter - ok
14:12:16.0875 0x05f8  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
14:12:16.0875 0x05f8  ALG - ok
14:12:16.0937 0x05f8  AliIde - ok
14:12:16.0984 0x05f8  amsint - ok
14:12:17.0140 0x05f8  [ 2E3E53A6AEF23E24F402C7855B9B1542, 0327D3609B2EA3705B35875A68C0EA3281983091B8BA56CF7CC0686E6CEFD495 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:12:17.0156 0x05f8  Apple Mobile Device - ok
14:12:17.0250 0x05f8  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:12:17.0265 0x05f8  AppMgmt - ok
14:12:17.0312 0x05f8  asc - ok
14:12:17.0359 0x05f8  asc3350p - ok
14:12:17.0406 0x05f8  asc3550 - ok
14:12:17.0609 0x05f8  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:12:17.0625 0x05f8  aspnet_state - ok
14:12:17.0703 0x05f8  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:12:17.0718 0x05f8  AsyncMac - ok
14:12:17.0859 0x05f8  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:12:17.0859 0x05f8  atapi - ok
14:12:17.0906 0x05f8  Atdisk - ok
14:12:18.0078 0x05f8  [ 8759322FFC1A50569C1E5528EE8026B7, 4096F61F5C580622ABDC2FFC523FD81D667ACBD584074182134FB00E1EE43EC7 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:12:18.0140 0x05f8  ati2mtag - ok
14:12:18.0218 0x05f8  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:12:18.0234 0x05f8  Atmarpc - ok
14:12:18.0281 0x05f8  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:12:18.0296 0x05f8  AudioSrv - ok
14:12:18.0375 0x05f8  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:12:18.0375 0x05f8  audstub - ok
14:12:18.0500 0x05f8  [ B5B8FC2C4D520F1F1EED52A980ED5091, 31C853FAC89A145AC999DC779C3865E6DE666229085F3E963C50BD78A980B2D5 ] avc3            C:\WINDOWS\system32\DRIVERS\avc3.sys
14:12:18.0562 0x05f8  avc3 - ok
14:12:18.0671 0x05f8  [ 818E7E029DB594DCB8D6218A7D6FA575, A78A9C9F689C228BF49EB806CDB4EBB88F0FE6E62DF21108ED33F901C5E2A267 ] avckf           C:\WINDOWS\system32\DRIVERS\avckf.sys
14:12:18.0718 0x05f8  avckf - ok
14:12:18.0796 0x05f8  [ B9391A83F075351C923C3A37C53AF396, E98DE8AF0D5D517C7A718CC544C84C992D277673C31C9F92AB57F8396FB8B694 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
14:12:18.0812 0x05f8  b57w2k - ok
14:12:18.0953 0x05f8  [ 5FF4A1E41DF9F1E328C955CAA12CD3B0, 3ECBC8897AFA564F3A7607120B7D068B01D072DA916A7B7E755C7317AB70D102 ] BCM42XX         C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys
14:12:18.0953 0x05f8  BCM42XX - ok
14:12:19.0015 0x05f8  [ F13FE9A3648628B29306EDB48A4E48D3, FB77CB611FD2FDB54F0357CF8291BCEAC6327C5CD55B02913C5E810141448AE8 ] BCM44X2         C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS
14:12:19.0015 0x05f8  BCM44X2 - ok
14:12:19.0093 0x05f8  [ B60F57B4D9CDBC663CC03EB8AF7EC34E, 4D4DC5D2A332C2ECDAD22CAB5FE827761FBEDA1D3ED0FA0BF34016E230505421 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
14:12:19.0093 0x05f8  bcm4sbxp - ok
14:12:19.0265 0x05f8  [ 41347688046D49CDE0F6D138A534F73D, 3EF4157B47C103BC289E9C2BBDC2EFF3961EEAD0C40509076064FF7B9E75FF22 ] BCMModem        C:\WINDOWS\system32\DRIVERS\BCMSM.sys
14:12:19.0406 0x05f8  BCMModem - ok
14:12:19.0531 0x05f8  [ 560E3C3D50F8FAA6227EBE97600D3220, ABEE86D15EEF893071AE65EC6A0F5B42B2098F26AEE81796D54A3CDC8A87B68D ] bdftdif         C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys
14:12:19.0546 0x05f8  bdftdif - ok
14:12:19.0609 0x05f8  [ 66668490AC6165FDA83089BF71511BF4, ADD6BE1B7ABC91F2B29E996BDA30A2A906E76C50D9D47B5F73A779DF593C78B6 ] bdselfpr        C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys
14:12:19.0625 0x05f8  bdselfpr - ok
14:12:19.0687 0x05f8  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:12:19.0687 0x05f8  Beep - ok
14:12:19.0828 0x05f8  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:12:20.0046 0x05f8  BITS - ok
14:12:20.0187 0x05f8  [ 5AB58C337AC65837FE404462AD6265AB, F7E145F5D8DB1017D5B7B9D5380100F170FE5CC2050B5F7346A521B7B72D2166 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:12:20.0218 0x05f8  Bonjour Service - ok
14:12:20.0296 0x05f8  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
14:12:20.0312 0x05f8  Browser - ok
14:12:20.0359 0x05f8  catchme - ok
14:12:20.0421 0x05f8  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:12:20.0421 0x05f8  cbidf2k - ok
14:12:20.0468 0x05f8  cd20xrnt - ok
14:12:20.0531 0x05f8  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:12:20.0531 0x05f8  Cdaudio - ok
14:12:20.0609 0x05f8  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:12:20.0625 0x05f8  Cdfs - ok
14:12:20.0687 0x05f8  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:12:20.0687 0x05f8  Cdrom - ok
14:12:20.0718 0x05f8  cerc6 - ok
14:12:20.0750 0x05f8  Changer - ok
14:12:20.0859 0x05f8  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:12:20.0859 0x05f8  CiSvc - ok
14:12:20.0953 0x05f8  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:12:20.0953 0x05f8  ClipSrv - ok
14:12:21.0031 0x05f8  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:12:21.0078 0x05f8  clr_optimization_v2.0.50727_32 - ok
14:12:21.0187 0x05f8  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:12:21.0281 0x05f8  clr_optimization_v4.0.30319_32 - ok
14:12:21.0312 0x05f8  CmdIde - ok
14:12:21.0515 0x05f8  [ A0F7D6B070F15EAD9F4231B51B246E4C, 308CC43B296518CF33B5FF599B7D02C266C6A709C4BEE3C76185C0F9A4E81591 ] cmuda3          C:\WINDOWS\system32\drivers\cmudax3.sys
14:12:21.0640 0x05f8  cmuda3 - ok
14:12:21.0718 0x05f8  COMSysApp - ok
14:12:21.0812 0x05f8  Cpqarray - ok
14:12:21.0953 0x05f8  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:12:21.0968 0x05f8  CryptSvc - ok
14:12:22.0015 0x05f8  dac2w2k - ok
14:12:22.0062 0x05f8  dac960nt - ok
14:12:22.0171 0x05f8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:12:22.0218 0x05f8  DcomLaunch - ok
14:12:22.0343 0x05f8  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:12:22.0343 0x05f8  Dhcp - ok
14:12:22.0437 0x05f8  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:12:22.0437 0x05f8  Disk - ok
14:12:22.0500 0x05f8  dmadmin - ok
14:12:22.0656 0x05f8  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:12:22.0718 0x05f8  dmboot - ok
14:12:22.0843 0x05f8  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:12:22.0937 0x05f8  dmio - ok
14:12:23.0000 0x05f8  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:12:23.0000 0x05f8  dmload - ok
14:12:23.0078 0x05f8  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:12:23.0078 0x05f8  dmserver - ok
14:12:23.0171 0x05f8  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:12:23.0171 0x05f8  DMusic - ok
14:12:23.0250 0x05f8  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:12:23.0265 0x05f8  Dnscache - ok
14:12:23.0359 0x05f8  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:12:23.0375 0x05f8  Dot3svc - ok
14:12:23.0406 0x05f8  dpti2o - ok
14:12:23.0484 0x05f8  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:12:23.0484 0x05f8  drmkaud - ok
14:12:23.0562 0x05f8  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:12:23.0562 0x05f8  EapHost - ok
14:12:23.0687 0x05f8  [ E434C57936AACAB22A5B43CCF1580806, D60252C3AD222F0C1D8B19DB89B5EA2FBEA1A1E7A8357946D69DD301BD1A0687 ] EMET_Service    C:\Program Files\EMET 5.0\EMET_Service.exe
14:12:23.0687 0x05f8  EMET_Service - ok
14:12:23.0781 0x05f8  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:12:23.0781 0x05f8  ERSvc - ok
14:12:23.0921 0x05f8  [ B7B3A43640209484A1E22065F227959A, 53334E31EEBB5E21C09BD4E7717A40CB6D735AAC3FAF86F3FDD066E4800698CB ] ESProtectionDriver C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys
14:12:23.0921 0x05f8  ESProtectionDriver - ok
14:12:24.0000 0x05f8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
14:12:24.0031 0x05f8  Eventlog - ok
14:12:24.0140 0x05f8  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
14:12:24.0156 0x05f8  EventSystem - ok
14:12:24.0250 0x05f8  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:12:24.0265 0x05f8  Fastfat - ok
14:12:24.0328 0x05f8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:12:24.0359 0x05f8  FastUserSwitchingCompatibility - ok
14:12:24.0437 0x05f8  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:12:24.0437 0x05f8  Fdc - ok
14:12:24.0484 0x05f8  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:12:24.0500 0x05f8  Fips - ok
14:12:24.0546 0x05f8  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:12:24.0546 0x05f8  Flpydisk - ok
14:12:24.0656 0x05f8  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:12:24.0671 0x05f8  FltMgr - ok
14:12:24.0750 0x05f8  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:12:24.0750 0x05f8  FontCache3.0.0.0 - ok
14:12:24.0812 0x05f8  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:12:24.0812 0x05f8  Fs_Rec - ok
14:12:24.0906 0x05f8  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:12:25.0000 0x05f8  Ftdisk - ok
14:12:25.0078 0x05f8  [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:12:25.0078 0x05f8  GEARAspiWDM - ok
14:12:25.0171 0x05f8  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:12:25.0171 0x05f8  Gpc - ok
14:12:25.0281 0x05f8  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:12:25.0296 0x05f8  gusvc - ok
14:12:25.0359 0x05f8  [ 46524E4F27A44A86F28772D80BC3CE02, DEDAB3CE5CE0417962D49C58F0557339EF83365372E28A485F3999411C3519AF ] gzflt           C:\WINDOWS\system32\DRIVERS\gzflt.sys
14:12:25.0359 0x05f8  gzflt - ok
14:12:25.0437 0x05f8  [ F95E3F9EF9D7E268F7CB26341D6D9B91, 0B9B02C5FEAFDA7F665DBD8302EDA7B7E7E45C83CE5D52E539208EFDAA791CA4 ] gzserv          C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
14:12:25.0453 0x05f8  gzserv - ok
14:12:25.0546 0x05f8  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:12:25.0546 0x05f8  helpsvc - ok
14:12:25.0625 0x05f8  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:12:25.0625 0x05f8  HidServ - ok
14:12:25.0718 0x05f8  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:12:25.0718 0x05f8  hidusb - ok
14:12:25.0796 0x05f8  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:12:25.0796 0x05f8  hkmsvc - ok
14:12:25.0843 0x05f8  hpn - ok
14:12:25.0937 0x05f8  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:12:26.0046 0x05f8  HTTP - ok
14:12:26.0140 0x05f8  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:12:26.0156 0x05f8  HTTPFilter - ok
14:12:26.0203 0x05f8  i2omgmt - ok
14:12:26.0250 0x05f8  i2omp - ok
14:12:26.0375 0x05f8  [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4, D371103E752EF852BEDE330AB23EED4BFFD4150961EC377B03D69D871368F144 ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:12:26.0468 0x05f8  ialm - ok
14:12:26.0671 0x05f8  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:12:26.0765 0x05f8  idsvc - ok
14:12:26.0843 0x05f8  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:12:26.0843 0x05f8  Imapi - ok
14:12:26.0937 0x05f8  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:12:26.0953 0x05f8  ImapiService - ok
14:12:27.0015 0x05f8  ini910u - ok
14:12:27.0187 0x05f8  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
14:12:27.0187 0x05f8  IntelIde - ok
14:12:27.0265 0x05f8  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:12:27.0265 0x05f8  intelppm - ok
14:12:27.0328 0x05f8  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:12:27.0328 0x05f8  Ip6Fw - ok
14:12:27.0406 0x05f8  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:12:27.0406 0x05f8  IpFilterDriver - ok
14:12:27.0484 0x05f8  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:12:27.0484 0x05f8  IpInIp - ok
14:12:27.0546 0x05f8  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:12:27.0562 0x05f8  IpNat - ok
14:12:27.0703 0x05f8  [ 630D74599070824AF3DC63A894ADCDFC, CC19169F1B9B104219029F6DA8AE5B73CFFFD639FDB12868824ED7A5086949D2 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:12:27.0765 0x05f8  iPod Service - ok
14:12:27.0859 0x05f8  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:12:27.0859 0x05f8  IPSec - ok
14:12:27.0937 0x05f8  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:12:27.0937 0x05f8  IRENUM - ok
14:12:28.0062 0x05f8  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:12:28.0062 0x05f8  isapnp - ok
14:12:28.0156 0x05f8  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:12:28.0156 0x05f8  Kbdclass - ok
14:12:28.0203 0x05f8  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:12:28.0203 0x05f8  kbdhid - ok
14:12:28.0281 0x05f8  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:12:28.0296 0x05f8  kmixer - ok
14:12:28.0375 0x05f8  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:12:28.0390 0x05f8  KSecDD - ok
14:12:28.0453 0x05f8  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
14:12:28.0453 0x05f8  LanmanServer - ok
14:12:28.0578 0x05f8  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:12:28.0609 0x05f8  lanmanworkstation - ok
14:12:28.0656 0x05f8  lbrtfdc - ok
14:12:28.0812 0x05f8  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:12:28.0812 0x05f8  LmHosts - ok
14:12:28.0890 0x05f8  [ 6EB137ECCDFE7CA15E59463859175899, EBAC796C99903223C98360082E4CDCCB57C8974925561AAF3E51D88B9A412532 ] MbaeSvc         C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
14:12:28.0906 0x05f8  MbaeSvc - ok
14:12:29.0000 0x05f8  [ B7CA8CC3F978201856B6AB82F40953C3, 2B58B8B989F2659FF6C45D94B72BDE9FFEC340DAC5648CE21921A213590BDA06 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
14:12:29.0000 0x05f8  MBAMProtector - ok
14:12:29.0203 0x05f8  [ 056B19651BD7B7CE5F89A3AC46DBDC08, B9F2A725BA930A0A3BB6C03C394C7D2E642B9A2E8F390491D58C893742E29476 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:12:29.0265 0x05f8  MBAMService - ok
14:12:29.0328 0x05f8  MBAMSwissArmy - ok
14:12:29.0390 0x05f8  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:12:29.0406 0x05f8  Messenger - ok
14:12:29.0484 0x05f8  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:12:29.0484 0x05f8  mnmdd - ok
14:12:29.0562 0x05f8  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:12:29.0562 0x05f8  mnmsrvc - ok
14:12:29.0640 0x05f8  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:12:29.0656 0x05f8  Modem - ok
14:12:29.0718 0x05f8  [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:12:29.0718 0x05f8  MODEMCSA - ok
14:12:29.0781 0x05f8  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:12:29.0781 0x05f8  Mouclass - ok
14:12:29.0859 0x05f8  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:12:29.0859 0x05f8  mouhid - ok
14:12:29.0937 0x05f8  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:12:29.0953 0x05f8  MountMgr - ok
14:12:30.0078 0x05f8  [ 558DAAA4774009CF1A711562F9F5DCFE, 9C0D2EF19D40A2A8F91C9EBAA53D4E3D9D9CE6F5ECA9638211A8C6FD0647C79D ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:12:30.0093 0x05f8  MozillaMaintenance - ok
14:12:30.0140 0x05f8  mraid35x - ok
14:12:30.0203 0x05f8  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:12:30.0218 0x05f8  MRxDAV - ok
14:12:30.0375 0x05f8  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:12:30.0437 0x05f8  MRxSmb - ok
14:12:30.0500 0x05f8  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:12:30.0515 0x05f8  MSDTC - ok
14:12:30.0640 0x05f8  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:12:30.0640 0x05f8  Msfs - ok
14:12:30.0687 0x05f8  MSIServer - ok
14:12:30.0750 0x05f8  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:12:30.0750 0x05f8  MSKSSRV - ok
14:12:30.0796 0x05f8  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:12:30.0796 0x05f8  MSPCLOCK - ok
14:12:30.0828 0x05f8  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:12:30.0828 0x05f8  MSPQM - ok
14:12:30.0921 0x05f8  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:12:30.0921 0x05f8  mssmbios - ok
14:12:31.0000 0x05f8  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:12:31.0015 0x05f8  Mup - ok
14:12:31.0156 0x05f8  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:12:31.0171 0x05f8  napagent - ok
14:12:31.0328 0x05f8  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:12:31.0343 0x05f8  NDIS - ok
14:12:31.0421 0x05f8  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:12:31.0421 0x05f8  NdisTapi - ok
14:12:31.0484 0x05f8  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:12:31.0500 0x05f8  Ndisuio - ok
14:12:31.0546 0x05f8  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:12:31.0546 0x05f8  NdisWan - ok
14:12:31.0640 0x05f8  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:12:31.0640 0x05f8  NDProxy - ok
14:12:31.0718 0x05f8  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:12:31.0734 0x05f8  NetBIOS - ok
14:12:31.0781 0x05f8  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:12:31.0796 0x05f8  NetBT - ok
14:12:31.0890 0x05f8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:12:31.0890 0x05f8  NetDDE - ok
14:12:31.0953 0x05f8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:12:31.0953 0x05f8  NetDDEdsdm - ok
14:12:32.0015 0x05f8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:12:32.0031 0x05f8  Netlogon - ok
14:12:32.0125 0x05f8  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
14:12:32.0140 0x05f8  Netman - ok
14:12:32.0234 0x05f8  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:12:32.0328 0x05f8  NetTcpPortSharing - ok
14:12:32.0421 0x05f8  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:12:32.0437 0x05f8  Nla - ok
14:12:32.0484 0x05f8  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:12:32.0500 0x05f8  Npfs - ok
14:12:32.0625 0x05f8  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:12:32.0671 0x05f8  Ntfs - ok
14:12:32.0718 0x05f8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:12:32.0718 0x05f8  NtLmSsp - ok
14:12:32.0812 0x05f8  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:12:32.0859 0x05f8  NtmsSvc - ok
14:12:32.0921 0x05f8  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:12:32.0921 0x05f8  Null - ok
14:12:33.0062 0x05f8  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:12:33.0062 0x05f8  NwlnkFlt - ok
14:12:33.0109 0x05f8  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:12:33.0125 0x05f8  NwlnkFwd - ok
14:12:33.0250 0x05f8  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:12:33.0312 0x05f8  ose - ok
14:12:33.0406 0x05f8  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:12:33.0406 0x05f8  Parport - ok
14:12:33.0468 0x05f8  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:12:33.0468 0x05f8  PartMgr - ok
14:12:33.0562 0x05f8  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:12:33.0562 0x05f8  ParVdm - ok
14:12:33.0609 0x05f8  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:12:33.0609 0x05f8  PCI - ok
14:12:33.0656 0x05f8  PCIDump - ok
14:12:33.0703 0x05f8  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\drivers\PCIIde.sys
14:12:33.0703 0x05f8  PCIIde - ok
14:12:33.0781 0x05f8  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:12:33.0796 0x05f8  Pcmcia - ok
14:12:33.0859 0x05f8  PDCOMP - ok
14:12:33.0906 0x05f8  PDFRAME - ok
14:12:33.0953 0x05f8  PDRELI - ok
14:12:34.0000 0x05f8  PDRFRAME - ok
14:12:34.0031 0x05f8  perc2 - ok
14:12:34.0109 0x05f8  perc2hib - ok
14:12:34.0250 0x05f8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:12:34.0265 0x05f8  PlugPlay - ok
14:12:34.0421 0x05f8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:12:34.0421 0x05f8  PolicyAgent - ok
14:12:34.0500 0x05f8  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:12:34.0515 0x05f8  PptpMiniport - ok
14:12:34.0562 0x05f8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:12:34.0562 0x05f8  ProtectedStorage - ok
14:12:34.0625 0x05f8  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:12:34.0640 0x05f8  PSched - ok
14:12:34.0687 0x05f8  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:12:34.0687 0x05f8  Ptilink - ok
14:12:34.0734 0x05f8  ql1080 - ok
14:12:34.0781 0x05f8  Ql10wnt - ok
14:12:34.0828 0x05f8  ql12160 - ok
14:12:34.0890 0x05f8  ql1240 - ok
14:12:34.0937 0x05f8  ql1280 - ok
14:12:35.0015 0x05f8  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:12:35.0015 0x05f8  RasAcd - ok
14:12:35.0093 0x05f8  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:12:35.0093 0x05f8  RasAuto - ok
14:12:35.0171 0x05f8  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:12:35.0171 0x05f8  Rasl2tp - ok
14:12:35.0234 0x05f8  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:12:35.0250 0x05f8  RasMan - ok
14:12:35.0312 0x05f8  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:12:35.0312 0x05f8  RasPppoe - ok
14:12:35.0375 0x05f8  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:12:35.0453 0x05f8  Raspti - ok
14:12:35.0500 0x05f8  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:12:35.0515 0x05f8  Rdbss - ok
14:12:35.0578 0x05f8  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:12:35.0578 0x05f8  RDPCDD - ok
14:12:35.0671 0x05f8  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:12:35.0687 0x05f8  rdpdr - ok
14:12:35.0828 0x05f8  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:12:35.0828 0x05f8  RDPWD - ok
14:12:35.0921 0x05f8  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:12:35.0921 0x05f8  RDSessMgr - ok
14:12:36.0000 0x05f8  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:12:36.0000 0x05f8  redbook - ok
14:12:36.0093 0x05f8  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:12:36.0093 0x05f8  RemoteAccess - ok
14:12:36.0187 0x05f8  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:12:36.0203 0x05f8  RemoteRegistry - ok
14:12:36.0312 0x05f8  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:12:36.0312 0x05f8  RpcLocator - ok
14:12:36.0484 0x05f8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
14:12:36.0500 0x05f8  RpcSs - ok
14:12:36.0609 0x05f8  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:12:36.0625 0x05f8  RSVP - ok
14:12:36.0687 0x05f8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:12:36.0687 0x05f8  SamSs - ok
14:12:36.0750 0x05f8  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:12:36.0765 0x05f8  SCardSvr - ok
14:12:36.0843 0x05f8  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:12:36.0859 0x05f8  Schedule - ok
14:12:36.0921 0x05f8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:12:36.0921 0x05f8  Secdrv - ok
14:12:36.0984 0x05f8  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:12:37.0000 0x05f8  seclogon - ok
14:12:37.0078 0x05f8  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
14:12:37.0078 0x05f8  SENS - ok
14:12:37.0140 0x05f8  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:12:37.0140 0x05f8  serenum - ok
14:12:37.0234 0x05f8  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:12:37.0234 0x05f8  Serial - ok
14:12:37.0515 0x05f8  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:12:37.0515 0x05f8  Sfloppy - ok
14:12:37.0578 0x05f8  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:12:37.0609 0x05f8  SharedAccess - ok
14:12:37.0671 0x05f8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:12:37.0687 0x05f8  ShellHWDetection - ok
14:12:37.0734 0x05f8  Simbad - ok
14:12:37.0875 0x05f8  Sparrow - ok
14:12:37.0968 0x05f8  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:12:37.0968 0x05f8  splitter - ok
14:12:38.0031 0x05f8  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:12:38.0031 0x05f8  Spooler - ok
14:12:38.0109 0x05f8  sprtlisten - ok
14:12:38.0187 0x05f8  sprtsvc_quickcare - ok
14:12:38.0265 0x05f8  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:12:38.0265 0x05f8  sr - ok
14:12:38.0328 0x05f8  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:12:38.0343 0x05f8  srservice - ok
14:12:38.0484 0x05f8  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:12:38.0546 0x05f8  Srv - ok
14:12:38.0625 0x05f8  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:12:38.0640 0x05f8  SSDPSRV - ok
14:12:38.0734 0x05f8  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:12:38.0781 0x05f8  stisvc - ok
14:12:38.0890 0x05f8  [ 9A97B7024E2CA4D42046BF272997E14C, DB724A4A1B28F8C4D63937D749590475FB0D9E2045D66F086D14BC5499B58045 ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
14:12:38.0953 0x05f8  SupportSoft RemoteAssist - ok
14:12:39.0031 0x05f8  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:12:39.0031 0x05f8  swenum - ok
14:12:39.0109 0x05f8  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:12:39.0109 0x05f8  swmidi - ok
14:12:39.0156 0x05f8  SwPrv - ok
14:12:39.0203 0x05f8  symc810 - ok
14:12:39.0265 0x05f8  symc8xx - ok
14:12:39.0312 0x05f8  sym_hi - ok
14:12:39.0359 0x05f8  sym_u3 - ok
14:12:39.0437 0x05f8  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:12:39.0437 0x05f8  sysaudio - ok
14:12:39.0578 0x05f8  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:12:39.0593 0x05f8  SysmonLog - ok
14:12:39.0703 0x05f8  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:12:39.0718 0x05f8  TapiSrv - ok
14:12:39.0859 0x05f8  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:12:39.0890 0x05f8  Tcpip - ok
14:12:39.0968 0x05f8  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:12:39.0984 0x05f8  TDPIPE - ok
14:12:40.0046 0x05f8  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:12:40.0046 0x05f8  TDTCP - ok
14:12:40.0109 0x05f8  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:12:40.0109 0x05f8  TermDD - ok
14:12:40.0187 0x05f8  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
14:12:40.0218 0x05f8  TermService - ok
14:12:40.0265 0x05f8  tgsrvc_quickcare - ok
14:12:40.0359 0x05f8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:12:40.0359 0x05f8  Themes - ok
14:12:40.0437 0x05f8  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:12:40.0500 0x05f8  TlntSvr - ok
14:12:40.0531 0x05f8  TosIde - ok
14:12:40.0609 0x05f8  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:12:40.0625 0x05f8  TrkWks - ok
14:12:40.0734 0x05f8  [ 88E0F99FDB8DDCB6E6A15380E164FEA2, 794C084B60DAC803E35BE933143A77EF2888D53B9EBEDAE4825C40A05A04F7E4 ] trufos          C:\WINDOWS\system32\DRIVERS\trufos.sys
14:12:40.0765 0x05f8  trufos - ok
14:12:40.0859 0x05f8  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:12:40.0859 0x05f8  Udfs - ok
14:12:40.0906 0x05f8  ultra - ok
14:12:41.0015 0x05f8  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:12:41.0046 0x05f8  Update - ok
14:12:41.0156 0x05f8  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:12:41.0171 0x05f8  upnphost - ok
14:12:41.0234 0x05f8  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
14:12:41.0234 0x05f8  UPS - ok
14:12:41.0312 0x05f8  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:12:41.0343 0x05f8  usbccgp - ok
14:12:41.0406 0x05f8  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:12:41.0406 0x05f8  usbehci - ok
14:12:41.0531 0x05f8  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:12:41.0546 0x05f8  usbhub - ok
14:12:41.0625 0x05f8  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:12:41.0625 0x05f8  usbprint - ok
14:12:41.0718 0x05f8  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:12:41.0718 0x05f8  usbstor - ok
14:12:41.0796 0x05f8  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:12:41.0796 0x05f8  usbuhci - ok
14:12:41.0843 0x05f8  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:12:41.0843 0x05f8  VgaSave - ok
14:12:41.0921 0x05f8  ViaIde - ok
14:12:41.0968 0x05f8  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:12:41.0968 0x05f8  VolSnap - ok
14:12:42.0078 0x05f8  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
14:12:42.0093 0x05f8  VSS - ok
14:12:42.0203 0x05f8  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
14:12:42.0218 0x05f8  W32Time - ok
14:12:42.0328 0x05f8  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:12:42.0328 0x05f8  Wanarp - ok
14:12:42.0421 0x05f8  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
14:12:42.0468 0x05f8  Wdf01000 - ok
14:12:42.0515 0x05f8  WDICA - ok
14:12:42.0640 0x05f8  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:12:42.0656 0x05f8  wdmaud - ok
14:12:42.0734 0x05f8  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:12:42.0750 0x05f8  WebClient - ok
14:12:42.0921 0x05f8  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:12:42.0937 0x05f8  winmgmt - ok
14:12:43.0093 0x05f8  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
14:12:43.0093 0x05f8  WmdmPmSN - ok
14:12:43.0218 0x05f8  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:12:43.0281 0x05f8  Wmi - ok
14:12:43.0390 0x05f8  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:12:43.0406 0x05f8  WmiApSrv - ok
14:12:43.0640 0x05f8  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
14:12:43.0734 0x05f8  WMPNetworkSvc - ok
14:12:43.0937 0x05f8  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:12:44.0000 0x05f8  WPFFontCache_v0400 - ok
14:12:44.0109 0x05f8  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:12:44.0109 0x05f8  WS2IFSL - ok
14:12:44.0187 0x05f8  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:12:44.0218 0x05f8  wscsvc - ok
14:12:44.0312 0x05f8  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:12:44.0343 0x05f8  wuauserv - ok
14:12:44.0437 0x05f8  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:12:44.0453 0x05f8  WudfPf - ok
14:12:44.0515 0x05f8  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:12:44.0515 0x05f8  WudfRd - ok
14:12:44.0671 0x05f8  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:12:44.0687 0x05f8  WudfSvc - ok
14:12:44.0812 0x05f8  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:12:44.0875 0x05f8  WZCSVC - ok
14:12:44.0937 0x05f8  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:12:44.0953 0x05f8  xmlprov - ok
14:12:45.0000 0x05f8  ================ Scan global ===============================
14:12:45.0078 0x05f8  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
14:12:45.0171 0x05f8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:12:45.0250 0x05f8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:12:45.0296 0x05f8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
14:12:45.0312 0x05f8  [ Global ] - ok
14:12:45.0328 0x05f8  ================ Scan MBR ==================================
14:12:45.0359 0x05f8  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:12:45.0562 0x05f8  \Device\Harddisk0\DR0 - ok
14:12:45.0578 0x05f8  ================ Scan VBR ==================================
14:12:45.0640 0x05f8  [ 33B71562F7EFC7C84E1731B6C0C45D39 ] \Device\Harddisk0\DR0\Partition1
14:12:45.0687 0x05f8  \Device\Harddisk0\DR0\Partition1 - ok
14:12:45.0718 0x05f8  ================ Scan generic autorun ======================
14:12:45.0781 0x05f8  [ 2D99607F21FF368C0E335A2D91A052A1, 97C8DADC411B2B2470F764CB44738F39EC4652FD021A32420D2A460B02BB4F4B ] C:\WINDOWS\BCMSMMSG.exe
14:12:46.0796 0x05f8  BCMSMMSG - ok
14:12:46.0984 0x05f8  [ 4EAF6F8F0B3BE33A0E3877EB7FFD48D4, CD89A31004E3E5A3253554CABF70B89D4F2FCBC40161FFA9E633CD85261A2769 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:12:47.0093 0x05f8  Adobe ARM - ok
14:12:47.0187 0x05f8  [ 093D3EE722542BA2E7AD929AA3CA6ABC, C96CAFE2365DB062A06CC0426C5C1519350CD2E57D2721148BC20F72130CBF5C ] C:\WINDOWS\system32\igfxtray.exe
14:12:47.0203 0x05f8  IgfxTray - ok
14:12:47.0265 0x05f8  [ E4CF942A4AEA9D27C87F190F65E7D0F6, 4F0875FDEA3B5363CB54295EE3A9EA2355E270C8DD2FC57F0713116867F8AE77 ] C:\WINDOWS\system32\hkcmd.exe
14:12:47.0281 0x05f8  HotKeysCmds - ok
14:12:47.0406 0x05f8  [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
14:12:47.0406 0x05f8  APSDaemon - ok
14:12:47.0687 0x05f8  [ 5A63691DA367ADBA3081D4D51AE3C939, 05E3D4AB716BF68BC6EEFDC4FC2B85F6738E052EB6D75198F7C876435CA198B5 ] C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
14:12:48.0046 0x05f8  Malwarebytes Anti-Exploit - ok
14:12:48.0156 0x05f8  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
14:12:48.0156 0x05f8  ctfmon.exe - ok
14:12:48.0375 0x05f8  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] C:\Documents and Settings\steveo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
14:12:48.0390 0x05f8  Google Update - ok
14:12:48.0453 0x05f8  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
14:12:48.0453 0x05f8  ctfmon.exe - ok
14:12:48.0484 0x05f8  Waiting for KSN requests completion. In queue: 215
14:12:49.0484 0x05f8  Waiting for KSN requests completion. In queue: 215
14:12:50.0484 0x05f8  Waiting for KSN requests completion. In queue: 215
14:12:51.0843 0x05f8  AV detected via SS1: Bitdefender Antivirus Free Edition, 1.0.21.1109, enabled, updated
14:12:51.0859 0x05f8  FW detected via SS1: , 1.0.21.1109, enabled
14:12:54.0453 0x05f8  ============================================================
14:12:54.0453 0x05f8  Scan finished
14:12:54.0453 0x05f8  ============================================================
14:12:54.0500 0x06ac  Detected object count: 0
14:12:54.0500 0x06ac  Actual detected object count: 0

 

The second scan didn't generate a separate log, although the clock time on the original file did change in Windows after the second scan was completed.  The clock time within the log file itself was unchanged.  No threats were detected in either scan.

If you know of a different scanner that detects trojans & rootkits and works with XP--one that's been updated more recently than TDSSKiller--I'm willing to give it a try.

 

 

ShellExView identified 16 NO items in the Microsoft column.  Bitdefender and MBAM dll files were included.  The Bitdefender dll is dated 5/23/17; all of the others are dated from last year or earlier.  Followed your instructions to disable all non-Microsoft additions to Explorer and reboot.  No joy.

 

Summoned Task Manager on my empty desktop and tried 2 new tasks separately, typed in as explorer.exe and explorer.  Each appeared in the Processes list as explorer.exe for a few seconds then disappeared.

 

Couldn't help noticing that the Windows font on the startup and welcome screens is smaller than normal.  Also true of Task Manager.  Don't know if this is relevant here or not.


Edited by Lamont_Cranston, 04 June 2017 - 03:52 PM.

  • 0

#13
RKinner
Posted 04 June 2017 - 04:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

When you boot into the Safe Mode menu there is an option for Enable Low Resolution Video.  See if that lets you get into regular mode.  Perhaps the video driver is the problem.

 

You can try

aswMBR

 

It used to work with XP and it's been kept up to date

 

 
 
Download aswMBR.exe  to your desktop.
 
Right click the aswMBR.exe and select Run As Administrator to run it
 
Click the "Scan" button to start scan
 
 
On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply

  • 0

#14
Lamont_Cranston
Posted 04 June 2017 - 06:21 PM

Lamont_Cranston

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts

Selected "Enable VGA Mode" from the boot menu.  When Windows launched it looked a lot like Safe Mode--everything low res & oversized.  Still got an empty desktop.

 

Downloaded and ran aswMBR.  Log file posted below.  Fix button remained disabled at the conclusion of the scan. 

 

Was given an option to download avast antivirus and/or its definition files (this was unclear) to broaden my scan. I decided against this option.  Why?  An attempted custom install of avast AV (without bells & whistles) a few months ago balled up my machine bigtime.

 

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2017-06-04 18:51:18
-----------------------------
18:51:18.171    OS Version: Windows 5.1.2600 Service Pack 3
18:51:18.171    Number of processors: 1 586 0x209
18:51:18.171    ComputerName: BADDABING  UserName: dave
18:51:19.015    Initialize success
18:52:38.500    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:52:38.531    Disk 0 Vendor: ST380011A 3.16 Size: 76293MB BusType: 3
18:52:38.703    Disk 0 MBR read successfully
18:52:38.718    Disk 0 MBR scan
18:52:38.734    Disk 0 Windows XP default MBR code
18:52:38.750    Disk 0 Partition 1 00     DE   Dell Utility Dell 4.1       31 MB offset 63
18:52:38.781    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS        76253 MB offset 64260
18:52:38.812    Disk 0 default boot code
18:52:38.828    Disk 0 scanning sectors +156232125
18:52:39.015    Disk 0 scanning C:\WINDOWS\system32\drivers
18:52:46.296    Service scanning
18:53:11.343    Modules scanning
18:53:11.390    Disk 0 trace - called modules:
18:53:11.421    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
18:53:15.828    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83bcdab8]
18:53:16.078    3 CLASSPNP.SYS[f7897fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83b6cd98]
18:53:16.312    Disk 0 statistics 44785/0/0 @ 3.27 MB/s
18:53:16.562    Scan finished successfully
18:54:09.765    Disk 0 MBR has been saved successfully to "C:\Program Files\Farbar\MBR.dat"
18:54:09.812    The log file has been saved successfully to "C:\Program Files\Farbar\aswMBR.txt"
18:55:42.531    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\dave\Desktop\MBR.dat"
18:55:42.578    The log file has been saved successfully to "C:\Documents and Settings\dave\Desktop\aswMBR.txt"


 


  • 0

#15
RKinner
Posted 04 June 2017 - 07:18 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Yes Safe Mode & Low Res both lack the video driver so look about the same.

 

Have you tried msconfig?

 

Search for

msconfig

hit Enter

 

That should bring up the config window.  Click on DIagnostic Startup then OK.  Reboot.

 

This rules out most third party stuff.  If it's able to boot into regular mode with a desktop then we go back into msconfig and

 

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains.  Go to Startup tab and uncheck everything.  OK and
reboot.  If it doesn't boot into regular mode with a desktop then go back into msconfig and recheck the
things you turned off.  If it helps then go back and turn on about 1/2  items each
time until you find the culprit. You have to reboot each time so it's a bit tedious but if a service or start routine is causing the problem this is the way to find it.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP