ActivityMonitoring malware?

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

ActivityMonitoring malware?

Post by Wingnut on Mon Oct 05, 2015 12:41 am

I was asked by SuperDave to start this here, to see if I had malware, or something in my PC. It keeps trying to install "ActivityMonitor" software into my PC, but I didn't ask for it, and I don't know if I need it. It starts the install many times a day. It started after I installed FireFox browser into my Dell with XP. It was really slow before I installed it, but worked great after installing it, but it is back to really slow, and gives me "Not responding" most all the time, again.
SuperDave asked me to post a screen shot of "ActivityMonitor " install, or stop installing window. I tried, I can get the site to host it, but it won't up load the picture to here.

Thanks, Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Mon Oct 05, 2015 1:46 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download [You must be registered and logged in to see this link.]by Xplode onto your Desktop.

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.



AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.



AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • It should update automatically if the computer is connected to the internet.
  • Click on Threat Scan and click on Scan Now.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  • Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  • When disinfection is completed you can click on "Copy to Clipboard".
  • Paste the log in you next reply (CTRL+ V)

*************************************************
Please download [You must be registered and logged in to see this link.] to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Thu Oct 08, 2015 12:12 pm

I have not forgot about this! My wife went into the Hospital Monday, and I have been busy with that. She should be back home Friday, or Saturday. I will run all this then. Sorry.

I do run Spybot, Malewarebytes, CCleaner, and Defragmenter every one to two weeks, on a regular bases. Just so you know what I do.

Thanks, Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Thu Oct 08, 2015 7:30 pm

No Rush. Whenever you get a chance. Spybot is obsolete.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Mon Oct 12, 2015 1:03 am

I ran them this morning. I was going to post this then, but my PC had other ideas. It is working ok now.

AdwCleaner-->

# AdwCleaner v5.013 - Logfile created 11/10/2015 at 07:57:04
# Updated 09/10/2015 by Xplode
# Database : 2015-10-09.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : ann summers - DFSVF091
# Running from : C:\Documents and Settings\ann summers\My Documents\Downloads\adwcleaner_5.013.exe
# Option : Cleaning
# Support : [You must be registered and logged in to see this link.]

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Fighters
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\BoostSoftware
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\slimware utilities inc
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\186493BA35338AFF000018647B5C91D7
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\7e953a6800000a31
[-] Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\DriverRestore
[-] Folder Deleted : C:\Documents and Settings\ann summers\Application Data\Yahoo!\Companion
[-] Folder Deleted : C:\Program Files\JustCloud
[-] Folder Deleted : C:\Program Files\Uninstaller
[-] Folder Deleted : C:\Program Files\DriverRestore
[-] Folder Deleted : C:\Program Files\slimservice
[-] Folder Deleted : C:\Program Files\Ascentive

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\system32\drivers\swdumon.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\db57cacb-c867-f264-a141-81fc98c8e502
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Security Toolbar
[-] Key Deleted : HKU\.DEFAULT\Software\IGearSettings
[-] Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\AVG Secure Search
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\DriverRestore
[-] Key Deleted : HKCU\Software\Defender Pro
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
[-] Key Deleted : HKLM\SOFTWARE\DriverRestore
[-] Key Deleted : HKLM\SOFTWARE\BoostSoftware
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[!] Key Not Deleted : HKU\S-1-5-21-2016721540-239028778-2641180281-1006\Software\AppDataLow\Software\Yahoo\Companion

***** [ Web browsers ] *****

[-] [C:\Documents and Settings\ann summers\Local Settings\Application Data\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : dregol
[-] [C:\Documents and Settings\ann summers\Local Settings\Application Data\Chromium\User Data\Default\Secure Preferences] [Homepage] Deleted : [You must be registered and logged in to see this link.]

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4244 bytes] ##########

************************************************************************************************************************************
Malwarebytes -->

Found and quarantined --> PUP.Optional.AdPeak

************************************************************************************************************************************
Junkware removal tool -->

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Microsoft Windows XP x86
Ran by ann summers on Sun 10/11/2015 at 9:27:44.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\\{710EB7A1-45ED-11D0-924A-0020AFC7AC4D}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer

************************************************************************************************************************************

Security Check by screen317 -->

Results of screen317's Security Check version 1.009
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2015
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
CCleaner
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Flash Player 19.0.0.185
Adobe Reader XI
Mozilla Firefox (41.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````

************************************************************************************************************************************
Thanks, Pat


Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Mon Oct 12, 2015 1:04 am

So are you say to scrap Spybot, don't bother using it any more?

Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Mon Oct 12, 2015 1:49 am

So are you say to scrap Spybot, don't bother using it any more?
It has been obsolete for quite some time. You can un-install it.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Tue Oct 13, 2015 2:53 pm

I've downloaded JavaRa, and then I ran the Eset test.

Results --->
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b09cae17f3e4194390768e09c2738ab6
# end=init
# utc_time=2015-10-13 01:01:47
# local_time=2015-10-13 09:01:47 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
Update Init
Update Download
Update Finalize
Updated modules version: 26213
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b09cae17f3e4194390768e09c2738ab6
# end=updated
# utc_time=2015-10-13 01:06:27
# local_time=2015-10-13 09:06:27 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b09cae17f3e4194390768e09c2738ab6
# engine=26213
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-10-13 02:28:30
# local_time=2015-10-13 10:28:30 (-0500, Eastern Daylight Time)
# country="United States"



When I hit the "Finish" I didn't click it to remove them, Should I have?

Thanks, Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Tue Oct 13, 2015 9:35 pm

How's your computer working now? Any other issues?

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Fri Oct 16, 2015 12:27 am

It is working faster. I have gotten a few "Not responding" , they last only a short time. I do still get that window that say's it's trying to install  "ActivityMonitoring" I hit the "Stop installation" and then I have to wait till it's done, and then my AVG updates and it still makes my pc run real slow till that is done. I just got done doing that, and then my pc locked up, and I had to power it down, and then restart it, and then restart it again to get my icons on the task bar to show most of them.

I'm trying to attach a screen shot of it. I hope it works.

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Fri Oct 16, 2015 1:53 am

Could you please run MBAM and post the log.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Mon Oct 19, 2015 12:15 pm

Is this the log you wanted me to post?

Malwarebytes Anti-Malware
[You must be registered and logged in to see this link.]

Scan Date: 10/16/2015
Scan Time: 7:53:44 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.16.04
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: ann summers

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332293
Time Elapsed: 44 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Thanks, Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Mon Oct 19, 2015 7:01 pm

Please download: [You must be registered and logged in to see this link.] to your Desktop.

  • Double Click the HijackThis icon, located on your Desktop.
  • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
  • Accept the license agreement.

•Start HijackThis
•Click on the Misc Tools button
•Click on the Open Uninstall Manager button.
•Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
Copy and paste this file in your next reply.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Tue Oct 20, 2015 12:33 pm

Here are the results from "Hijackthis"

---->
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:25 AM, on 10/20/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1150313312\ee\AOLSoftware.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\AVG\AVG2015\avgemcx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1150313312\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &ieSpell Options - [You must be registered and logged in to see this link.] Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - [You must be registered and logged in to see this link.] Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - [You must be registered and logged in to see this link.] Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - [You must be registered and logged in to see this link.] Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8721 bytes




Thanks, Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Tue Oct 20, 2015 2:57 pm

That's not the correct log. I want you to Click on the Uninstall Manager. That will give me a list of all programs installed on your computer.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Wed Oct 21, 2015 12:20 am

Ok, I think I did it right this time. (I hope)

---->
7-Zip 9.38 beta
Adobe Flash Player 19 ActiveX
Adobe Flash Player 19 NPAPI
Adobe Reader XI (11.0.08)
AOLIcon
AVG 2015
AVG 2015
AVG 2015
CCleaner
Conexant D850 56K V.9x DFVc Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Digital Line Detect
ESET Online Scanner v3
Google Earth
Google Update Helper
Google Update Helper
HD Tune 2.55
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Memories Disc
hp psc 1200 series
ieSpell
Image Resizer Powertoy for Windows XP
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
Java 8 Update 60
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 2.1.8.1057
Mastercam 9
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Modem Helper
Mouse Driver
Mozilla Firefox 41.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Photo Click
PowerDVD 5.5
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Snood 4
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Visual Studio 2012 x86 Redistributables
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3






Thanks, Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Fri Oct 23, 2015 1:39 pm

Now when I start my pc it goes to a black screen and asks:

Please select the operating system to start

Microsoft windows recovery console
do not select this (debugger enabled)

Microsoft windows XP Home Edition

Thanks, Pat



Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Fri Oct 23, 2015 9:30 pm

Please run this even if you don't have your OS disk. Let me know if you get any messages.

•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Fri Oct 23, 2015 11:54 pm

I have figured out the start up problem. I had a stuck key, and didn't know it. It now boots up right.
Sorry about that, it was the "+" key. I could not even tell you the last time I used it. Rarely ever.

Do you still want me to run that system checker?

Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Sat Oct 24, 2015 6:09 pm

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system. You may get a warning that it can't update your Java because you're running XP but download anyway.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**********************************************

Do you still want me to run that system checker?
No. Now we know why you were having trouble starting the computer
I can't see anything on your computer that would try to download ActivityMonitoring.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Mon Oct 26, 2015 11:25 pm

Today I had big problems!

Every time I get the "ActivityMonitoring", and I decline it, it undoes what eve it was doing, and then my AVG updates, and always fails. So I thought maybe it's my AVG causing it. So I uninstalled my AVG, and then tried to re-install it. The "ActivityMonitoring" came up every time, and would not allow it to download.
So then I thought it was the firefox doing it, so I un-installed that also. Nope! I tried to re-install firefox, but the "ActivityMonitoring" kept stopping it from downloading it. I tried many different ways to install AVG, and I finally got it mostly installed, but not completely. I then finally got firefox installed. I then updated the AVG (which didn't complete the installation of it), and then ran it they way it is. It found 29 threats. I removed them, and then opened firefox to search for something, and it took a long time to bring it up. The site seem to run ok after they open.

I did update the Java, yesterday.

What did I do to my PC. it was running so good, and quick, and now it takes for ever to bring any site up.

 Sorry,  Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Tue Oct 27, 2015 1:52 am

Please download [You must be registered and logged in to see this link.] to Desktop and run it.



Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size

Click Go and copy/paste the log (Result.txt) into your next post.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Wed Oct 28, 2015 12:42 pm

Here are the results from that.

--->
MiniToolBox by Farbar Version: 25-07-2015 01
Ran by ann summers (administrator) on 28-10-2015 at 08:40:01
Running from "C:\Documents and Settings\ann summers\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Model: Dell DE051 Manufacturer: Dell Computer Corporation
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel(R) PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : DFSVF091

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-C6-5A-68

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Wednesday, October 28, 2015 5:30:16 AM

Lease Expires . . . . . . . . . . : Thursday, October 29, 2015 5:30:16 AM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 69.8.160.113, 69.8.160.93, 69.8.160.108, 69.8.160.102
69.8.160.98, 69.8.160.106, 69.8.160.83, 69.8.160.121, 69.8.160.117
69.8.160.91, 69.8.160.109, 69.8.160.123, 69.8.160.79, 69.8.160.94
69.8.160.87



Pinging google.com [69.8.160.93] with 32 bytes of data:



Reply from 69.8.160.93: bytes=32 time=6ms TTL=60

Reply from 69.8.160.93: bytes=32 time=6ms TTL=60



Ping statistics for 69.8.160.93:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 6ms, Maximum = 6ms, Average = 6ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 206.190.36.45, 98.138.253.109



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=76ms TTL=46

Reply from 206.190.36.45: bytes=32 time=76ms TTL=46



Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 76ms, Maximum = 76ms, Average = 76ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 c6 5a 68 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/28/2015 05:32:54 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800700ea.

Error: (10/27/2015 04:30:47 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800700ea.

Error: (10/26/2015 10:30:04 AM) (Source: MsiInstaller) (User: DFSVF091)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 27046. CA_Error27046: DriverInstallation(0xC007022F): Driver installation failed

Error: (10/26/2015 10:30:04 AM) (Source: MsiInstaller) (User: DFSVF091)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 27046. CA_Error27046: DriverInstallationFun(0xC007022F): Driver installation failed

Error: (10/26/2015 10:00:05 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800700ea.

Error: (10/26/2015 09:46:00 AM) (Source: MsiInstaller) (User: DFSVF091)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 27046. CA_Error27046: DriverInstallation(0xC007022F): Driver installation failed

Error: (10/26/2015 09:46:00 AM) (Source: MsiInstaller) (User: DFSVF091)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 27046. CA_Error27046: DriverInstallationFun(0xC007022F): Driver installation failed

Error: (10/26/2015 09:05:42 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800700ea.

Error: (10/26/2015 08:46:00 AM) (Source: MsiInstaller) (User: DFSVF091)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 27046. CA_Error27046: DriverInstallation(0xC007022F): Driver installation failed

Error: (10/26/2015 08:46:00 AM) (Source: MsiInstaller) (User: DFSVF091)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 27046. CA_Error27046: DriverInstallationFun(0xC007022F): Driver installation failed


System errors:
=============
Error: (10/26/2015 05:01:36 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (10/25/2015 06:14:44 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (10/23/2015 09:43:53 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (10/23/2015 05:35:10 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (10/21/2015 09:07:40 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (10/20/2015 05:25:58 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (10/19/2015 05:18:20 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (10/18/2015 06:03:32 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (10/17/2015 05:23:18 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (10/15/2015 08:03:33 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2


Microsoft Office Sessions:
=========================
Error: (10/28/2015 05:32:54 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800700ea.

Error: (10/27/2015 04:30:47 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800700ea.

Error: (10/26/2015 10:30:04 AM) (Source: MsiInstaller)(User: DFSVF091)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 27046. CA_Error27046: DriverInstallation(0xC007022F): Driver installation failed(NULL)(NULL)(NULL)

Error: (10/26/2015 10:30:04 AM) (Source: MsiInstaller)(User: DFSVF091)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 27046. CA_Error27046: DriverInstallationFun(0xC007022F): Driver installation failed(NULL)(NULL)(NULL)

Error: (10/26/2015 10:00:05 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800700ea.

Error: (10/26/2015 09:46:00 AM) (Source: MsiInstaller)(User: DFSVF091)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 27046. CA_Error27046: DriverInstallation(0xC007022F): Driver installation failed(NULL)(NULL)(NULL)

Error: (10/26/2015 09:46:00 AM) (Source: MsiInstaller)(User: DFSVF091)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 27046. CA_Error27046: DriverInstallationFun(0xC007022F): Driver installation failed(NULL)(NULL)(NULL)

Error: (10/26/2015 09:05:42 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800700ea.

Error: (10/26/2015 08:46:00 AM) (Source: MsiInstaller)(User: DFSVF091)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 27046. CA_Error27046: DriverInstallation(0xC007022F): Driver installation failed(NULL)(NULL)(NULL)

Error: (10/26/2015 08:46:00 AM) (Source: MsiInstaller)(User: DFSVF091)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 27046. CA_Error27046: DriverInstallationFun(0xC007022F): Driver installation failed(NULL)(NULL)(NULL)


========================= Memory info: ===================================

Percentage of memory in use: 71%
Total physical RAM: 1021.98 MB
Available physical RAM: 290.48 MB
Total Virtual: 1695.19 MB
Available Virtual: 979.04 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:71.46 GB) (Free:45.43 GB) NTFS

========================= Users: ========================================

User accounts for \\DFSVF091

Administrator ann summers Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****



Thanks, Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Wed Oct 28, 2015 4:44 pm

You can uninstall HiJackthis. What is MCU for?
Could you please run AdwCleaner again and post the log?

  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

  • If an infected file is detected, the default action will be Cure, click on Continue.

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Thu Oct 29, 2015 12:36 pm

"What is MCU for?"

I don't know what "MCU" stands for, so I can not answer that.

Adwcleaner results --->

# AdwCleaner v5.015 - Logfile created 29/10/2015 at 08:26:58
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : ann summers - DFSVF091
# Running from : C:\Documents and Settings\ann summers\My Documents\Downloads\adwcleaner_5.015.exe
# Option : Scan
# Support : [You must be registered and logged in to see this link.]

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [631 bytes] ##########


Thanks, Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Thu Oct 29, 2015 12:46 pm

It keeps telling me that the post is to large to post, when I try to post the results of the "Kdsskiller"
The results tell me this.
--->
07:52:05.0406 0x059c TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
07:52:16.0796 0x059c ============================================================
07:52:16.0796 0x059c Current date / time: 2015/10/29 07:52:16.0796
07:52:16.0796 0x059c SystemInfo:
07:52:16.0796 0x059c
07:52:16.0796 0x059c OS Version: 5.1.2600 ServicePack: 3.0
07:52:16.0796 0x059c Product type: Workstation
07:52:16.0796 0x059c ComputerName: DFSVF091
07:52:16.0796 0x059c UserName: ann summers
07:52:16.0796 0x059c Windows directory: C:\WINDOWS
07:52:16.0796 0x059c System windows directory: C:\WINDOWS
07:52:16.0796 0x059c Processor architecture: Intel x86
07:52:16.0796 0x059c Number of processors: 1
07:52:16.0796 0x059c Page size: 0x1000
07:52:16.0796 0x059c Boot type: Normal boot
07:52:16.0796 0x059c ============================================================
07:52:19.0234 0x059c KLMD registered as C:\WINDOWS\system32\drivers\33383639.sys
07:52:19.0875 0x059c System UUID: {532E7B14-8F17-E8C0-D79F-01803337E10E}
07:52:20.0953 0x059c Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 ( 74.51 Gb ), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:52:20.0984 0x059c ============================================================
07:52:20.0984 0x059c \Device\Harddisk0\DR0:
07:52:20.0984 0x059c MBR partitions:
07:52:20.0984 0x059c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8EE9870
07:52:20.0984 0x059c ============================================================
07:52:21.0046 0x059c C: <-> \Device\Harddisk0\DR0\Partition1
07:52:21.0046 0x059c ============================================================
07:52:21.0046 0x059c Initialize success
07:52:21.0046 0x059c ============================================================
07:52:24.0531 0x0448 ============================================================
07:52:24.0531 0x0448 Scan started
07:52:24.0531 0x0448 Mode: Manual;
07:52:24.0531 0x0448 ============================================================
07:52:24.0531 0x0448 KSN ping started
07:52:26.0937 0x0448 KSN ping finished: true
07:52:27.0703 0x0448 ================ Scan system memory ========================
07:52:27.0703 0x0448 System memory - ok
07:52:27.0703 0x0448 ================ Scan services =============================
07:52:27.0812 0x0448 Abiosdsk - ok
07:52:27.0843 0x0448 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:52:27.0843 0x0448 abp480n5 - ok
07:52:28.0015 0x0448 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:52:28.0031 0x0448 ACPI - ok
07:52:28.0062 0x0448 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
07:52:28.0062 0x0448 ACPIEC - ok
07:52:28.0140 0x0448 [ 8C194A201698B4B4F77D974549819D1F, 081A2496FE1CE519E48677D99A831FF1FEEB1B33C75224CF288FA52F3E0E5FF0 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:52:28.0140 0x0448 AdobeFlashPlayerUpdateSvc - ok
07:52:28.0203 0x0448 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:52:28.0203 0x0448 adpu160m - ok
07:52:28.0250 0x0448 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:52:28.0265 0x0448 aec - ok
07:52:28.0312 0x0448 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:52:28.0312 0x0448 AFD - ok
07:52:28.0359 0x0448 [ 0EBB674888CBDEFD5773341C16DD6A07, EC87828DBD4E11079C1E7296EEC568917A7B4052AA3EFFA402DD5FAA7E45741D ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
07:52:28.0359 0x0448 AFS2K - ok
07:52:28.0406 0x0448 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
07:52:28.0406 0x0448 agp440 - ok
07:52:28.0421 0x0448 [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:52:28.0421 0x0448 agpCPQ - ok
07:52:28.0437 0x0448 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:52:28.0453 0x0448 Aha154x - ok
07:52:28.0453 0x0448 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:52:28.0468 0x0448 aic78u2 - ok
07:52:28.0484 0x0448 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:52:28.0500 0x0448 aic78xx - ok
07:52:28.0531 0x0448 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:52:28.0531 0x0448 Alerter - ok
07:52:28.0562 0x0448 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
07:52:28.0562 0x0448 ALG - ok
07:52:28.0593 0x0448 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
07:52:28.0593 0x0448 AliIde - ok
07:52:28.0625 0x0448 [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:52:28.0640 0x0448 alim1541 - ok
07:52:28.0640 0x0448 [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:52:28.0656 0x0448 amdagp - ok
07:52:28.0656 0x0448 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
07:52:28.0671 0x0448 amsint - ok
07:52:28.0671 0x0448 AppMgmt - ok
07:52:28.0703 0x0448 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
07:52:28.0703 0x0448 asc - ok
07:52:28.0718 0x0448 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:52:28.0718 0x0448 asc3350p - ok
07:52:28.0734 0x0448 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:52:28.0734 0x0448 asc3550 - ok
07:52:28.0843 0x0448 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:52:28.0843 0x0448 aspnet_state - ok
07:52:28.0890 0x0448 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:52:28.0890 0x0448 AsyncMac - ok
07:52:28.0921 0x0448 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:52:28.0921 0x0448 atapi - ok
07:52:28.0937 0x0448 Atdisk - ok
07:52:28.0953 0x0448 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:52:28.0953 0x0448 Atmarpc - ok
07:52:28.0984 0x0448 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:52:29.0000 0x0448 AudioSrv - ok
07:52:29.0031 0x0448 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:52:29.0031 0x0448 audstub - ok
07:52:29.0250 0x0448 [ 636347755757553AFCF77CF3120287B7, 5F3ED5546170F32A84AA12E922EBB73EB45544309D9F0EE0C4AC7E92FE673551 ] AvgAMPS C:\Program Files\AVG\Av\avgamps.exe
07:52:29.0265 0x0448 AvgAMPS - ok
07:52:29.0312 0x0448 [ 28ED163EBC48BF20F76B5A90032383A5, 3ADDEBD6CAADC923C8F5CF3206CBD6E4842EAFE3D0ACA39608E4A526BE1D8BF6 ] Avgdiskx C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
07:52:29.0312 0x0448 Avgdiskx - ok
07:52:29.0468 0x0448 [ 12863EC25C1C46D6CEA1236BA1A3E2D5, 0081FD31533D6B1A6CE379FA8FD7B37D995A6A4044E7BE4F42F825959C6E7513 ] avgfws C:\Program Files\AVG\AVG2015\avgfws.exe
07:52:29.0515 0x0448 avgfws - ok
07:52:29.0750 0x0448 [ D580A66587595A26EE6C6DD302D70BB7, EA75BF010341F6EB8D40973A4F80C5155B221170EFAAEDBAB51AFDAF90B1899D ] AVGIDSAgent C:\Program Files\AVG\Av\avgidsagent.exe
07:52:29.0875 0x0448 AVGIDSAgent - ok
07:52:29.0937 0x0448 [ E12570E23BB21AD8D51C983446E3D95C, 88EB293275BA1F8D4EDF0618A5740CA867FC80D6AF6CB5651A10A1EA1BE9EACC ] AVGIDSDriverl C:\WINDOWS\system32\DRIVERS\avgidsdriverlx.sys
07:52:29.0937 0x0448 AVGIDSDriverl - ok
07:52:30.0000 0x0448 [ 58D2DD279EF94567F3ADE0A183AA8E73, 3039A598B2EE9D0A1BD2C2B1004279470710A6B450D4800C9CE89B8D3AB21ED3 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
07:52:30.0000 0x0448 AVGIDSHX - ok
07:52:30.0031 0x0448 [ B2A20F53C393247935B921831151C107, 6F4366DF54D4FDAE61E47DB6F20A5ED2D99E1273743CE8ED1F62F6BEF49E51B6 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
07:52:30.0031 0x0448 AVGIDSShim - ok
07:52:30.0093 0x0448 [ 0279A6866096DDCF88E9774D4D026879, 9B561AA7450B73E88B21B122D48EDE36F2C4127469124B3E44C96962601C2740 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
07:52:30.0093 0x0448 Avgldx86 - ok
07:52:30.0140 0x0448 [ 671832356F02077F305F711FF8894BDA, DD0F193EF2F40DDEEABBEE13A4D669654AECF57B0C54CBF87FA8871536688C83 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
07:52:30.0156 0x0448 Avglogx - ok
07:52:30.0187 0x0448 [ 5A5297A835310226A044F3FE87E7F1A2, ED484E4B302596391C8D1DDCA1845BAE6E0643C93563FA87FB6FC4A9E2FC6295 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
07:52:30.0187 0x0448 Avgmfx86 - ok
07:52:30.0203 0x0448 [ 961DA8B7CE470D85D67262A3E3F45F63, 86987FAF0E69D819F7EBA30C2C11C4650AC5F6CC64977DE8E790D3D6F0639F74 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
07:52:30.0218 0x0448 Avgrkx86 - ok
07:52:30.0296 0x0448 [ EF5B460A6DD845A17D9AA1D06C622A7D, 4F5717A62AC8B087A90C507311AAEFBED0FA35A69FC02481F9471439A0D3F0AD ] avgsvc C:\Program Files\AVG\Framework\Common\avgsvcx.exe
07:52:30.0312 0x0448 avgsvc - ok
07:52:30.0375 0x0448 [ 771EB18C15CC90C716F7A88777384BB6, 3689A1E1A356E9BB9813493D391ECE361D6FF6C5050A7C1A7B04733BA3D5C5E8 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
07:52:30.0390 0x0448 Avgtdix - ok
07:52:30.0468 0x0448 [ E3E9166D2CC7AB2E03800302644EE74F, 7E0C9B1E3C3F6C2C9E9908C05B9BBD7EEDDE26D328DBAE235DF742F8153528A0 ] avgwd C:\Program Files\AVG\Av\avgwdsvcx.exe
07:52:30.0484 0x0448 avgwd - ok
07:52:30.0546 0x0448 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:52:30.0546 0x0448 Beep - ok
07:52:30.0609 0x0448 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
07:52:30.0640 0x0448 BITS - ok
07:52:30.0671 0x0448 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
07:52:30.0687 0x0448 Browser - ok
07:52:30.0687 0x0448 bvrp_pci - ok
07:52:30.0828 0x0448 catchme - ok
07:52:30.0859 0x0448 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:52:30.0859 0x0448 cbidf - ok
07:52:30.0875 0x0448 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:52:30.0875 0x0448 cbidf2k - ok
07:52:30.0906 0x0448 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:52:30.0906 0x0448 cd20xrnt - ok
07:52:30.0937 0x0448 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:52:30.0937 0x0448 Cdaudio - ok
07:52:30.0984 0x0448 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:52:30.0984 0x0448 Cdfs - ok
07:52:31.0015 0x0448 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:52:31.0015 0x0448 Cdrom - ok
07:52:31.0046 0x0448 Changer - ok
07:52:31.0078 0x0448 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:52:31.0078 0x0448 CiSvc - ok
07:52:31.0109 0x0448 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:52:31.0109 0x0448 ClipSrv - ok
07:52:31.0140 0x0448 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:52:31.0156 0x0448 clr_optimization_v2.0.50727_32 - ok
07:52:31.0234 0x0448 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:52:31.0234 0x0448 clr_optimization_v4.0.30319_32 - ok
07:52:31.0281 0x0448 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:52:31.0281 0x0448 CmdIde - ok
07:52:31.0296 0x0448 COMSysApp - ok
07:52:31.0328 0x0448 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:52:31.0328 0x0448 Cpqarray - ok
07:52:31.0375 0x0448 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:52:31.0375 0x0448 CryptSvc - ok
07:52:31.0421 0x0448 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:52:31.0421 0x0448 dac2w2k - ok
07:52:31.0453 0x0448 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:52:31.0453 0x0448 dac960nt - ok
07:52:31.0515 0x0448 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:52:31.0531 0x0448 DcomLaunch - ok
07:52:31.0578 0x0448 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:52:31.0578 0x0448 Dhcp - ok
07:52:31.0593 0x0448 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:52:31.0593 0x0448 Disk - ok
07:52:31.0609 0x0448 dmadmin - ok
07:52:31.0671 0x0448 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:52:31.0687 0x0448 dmboot - ok
07:52:31.0734 0x0448 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:52:31.0750 0x0448 dmio - ok
07:52:31.0781 0x0448 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:52:31.0781 0x0448 dmload - ok
07:52:31.0812 0x0448 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
07:52:31.0812 0x0448 dmserver - ok
07:52:31.0843 0x0448 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:52:31.0843 0x0448 DMusic - ok
07:52:31.0906 0x0448 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:52:31.0906 0x0448 Dnscache - ok
07:52:31.0937 0x0448 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:52:31.0953 0x0448 Dot3svc - ok
07:52:31.0984 0x0448 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:52:31.0984 0x0448 dpti2o - ok
07:52:32.0015 0x0448 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:52:32.0015 0x0448 drmkaud - ok
07:52:32.0078 0x0448 [ 7D91DC6342248369F94D6EBA0CF42E99, 3A0B94862AF1E085F1FD9B8B96FC1F7BD6FF00342AC04D697AB65BC686F7BC2F ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:52:32.0093 0x0448 E100B - ok
07:52:32.0125 0x0448 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:52:32.0140 0x0448 EapHost - ok
07:52:32.0187 0x0448 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:52:32.0187 0x0448 ERSvc - ok
07:52:32.0218 0x0448 esgiguard - ok
07:52:32.0265 0x0448 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
07:52:32.0265 0x0448 Eventlog - ok
07:52:32.0312 0x0448 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
07:52:32.0328 0x0448 EventSystem - ok
07:52:32.0390 0x0448 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:52:32.0390 0x0448 Fastfat - ok
07:52:32.0437 0x0448 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:52:32.0453 0x0448 FastUserSwitchingCompatibility - ok
07:52:32.0500 0x0448 [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax C:\WINDOWS\system32\fxssvc.exe
07:52:32.0500 0x0448 Fax - ok
07:52:32.0531 0x0448 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
07:52:32.0531 0x0448 Fdc - ok
07:52:32.0578 0x0448 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:52:32.0578 0x0448 Fips - ok
07:52:32.0609 0x0448 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:52:32.0609 0x0448 Flpydisk - ok
07:52:32.0656 0x0448 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
07:52:32.0656 0x0448 FltMgr - ok
07:52:32.0718 0x0448 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:52:32.0718 0x0448 FontCache3.0.0.0 - ok
07:52:32.0750 0x0448 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:52:32.0750 0x0448 Fs_Rec - ok
07:52:32.0812 0x0448 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:52:32.0812 0x0448 Ftdisk - ok
07:52:32.0859 0x0448 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:52:32.0859 0x0448 Gpc - ok
07:52:32.0953 0x0448 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:52:32.0953 0x0448 gupdate - ok
07:52:32.0968 0x0448 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:52:32.0984 0x0448 gupdatem - ok
07:52:33.0031 0x0448 [ C818B973110A1C9F7763DD39BFFD0FD3, 2896295427691625242623A2ABA9C21462ADE2B9C9052455AA592EF46257B59C ] hardlock C:\WINDOWS\system32\drivers\hardlock.sys
07:52:33.0031 0x0448 hardlock - ok
07:52:33.0062 0x0448 [ 2DD25F060DC9F79B5CDF33D90ED93669, 1095E091B1F42E04B054478E029D166990A375D27E9B9D0D1170F35536462C8E ] Haspnt C:\WINDOWS\system32\drivers\Haspnt.sys
07:52:33.0062 0x0448 Haspnt - ok
07:52:33.0140 0x0448 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:52:33.0140 0x0448 helpsvc - ok
07:52:33.0187 0x0448 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
07:52:33.0203 0x0448 HidServ - ok
07:52:33.0234 0x0448 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:52:33.0234 0x0448 HidUsb - ok
07:52:33.0281 0x0448 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:52:33.0281 0x0448 hkmsvc - ok
07:52:33.0296 0x0448 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
07:52:33.0296 0x0448 hpn - ok
07:52:33.0328 0x0448 [ 2A8A2AA68185B47632188F1A8BE44170, 1CA6799283A0F35B8755958C15E82FCAEDEF0D015F41A08C659208671E15B5FC ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
07:52:33.0328 0x0448 HPZid412 - ok
07:52:33.0359 0x0448 [ 0A520679B0AD3F438E88B746D0C5BA6C, 292B4029DBF80BF29819E786934B0D759D084928FEEFB6DE24F65729F3B614D2 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
07:52:33.0359 0x0448 HPZipr12 - ok
07:52:33.0390 0x0448 [ 1D53F2B2051A3FCE2C8EF0E01B042E25, D2FCE6EDEAE2EC56174228EC03320F30F0DFABFD3880750B1DF9BC0353F318AA ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
07:52:33.0390 0x0448 HPZius12 - ok
07:52:33.0453 0x0448 [ 77E4FF0B73BC0AEAAF39BF0C8104231F, A5D35FCD9E52003D990EB97DF1634DE9B516647C8DAAD3152550CD875DBBDA82 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
07:52:33.0468 0x0448 HSFHWBS2 - ok
07:52:33.0531 0x0448 [ 60E1604729A15EF4A3B05F298427B3B1, 139DE473F645A300DD436B4AA8359A23FCE3BB9688B6B597E89F8ADBC36A71B9 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
07:52:33.0562 0x0448 HSF_DP - ok
07:52:33.0625 0x0448 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:52:33.0640 0x0448 HTTP - ok
07:52:33.0671 0x0448 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:52:33.0671 0x0448 HTTPFilter - ok
07:52:33.0718 0x0448 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
07:52:33.0718 0x0448 i2omgmt - ok
07:52:33.0718 0x0498 Object required for P2P: [ D580A66587595A26EE6C6DD302D70BB7 ] AVGIDSAgent
07:52:33.0765 0x0448 [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:52:33.0765 0x0448 i2omp - ok
07:52:33.0875 0x0448 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:52:33.0875 0x0448 i8042prt - ok
07:52:33.0984 0x0448 [ 9A883C3C4D91292C0D09DE7C728E781C, 34DD9E781C42FF55BF83F62DFE7B0F4FE3CAEF19B517245BA004C2C641493A98 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:52:34.0031 0x0448 ialm - ok
07:52:34.0140 0x0448 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:52:34.0171 0x0448 idsvc - ok
07:52:34.0203 0x0448 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:52:34.0218 0x0448 Imapi - ok
07:52:34.0250 0x0448 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
07:52:34.0265 0x0448 ImapiService - ok
07:52:34.0296 0x0448 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:52:34.0296 0x0448 ini910u - ok
07:52:34.0343 0x0448 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
07:52:34.0343 0x0448 IntelIde - ok
07:52:34.0390 0x0448 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:52:34.0390 0x0448 intelppm - ok
07:52:34.0421 0x0448 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
07:52:34.0421 0x0448 Ip6Fw - ok
07:52:34.0468 0x0448 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:52:34.0468 0x0448 IpFilterDriver - ok
07:52:34.0500 0x0448 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:52:34.0500 0x0448 IpInIp - ok
07:52:34.0531 0x0448 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:52:34.0546 0x0448 IpNat - ok
07:52:34.0562 0x0448 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:52:34.0578 0x0448 IPSec - ok
07:52:34.0609 0x0448 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:52:34.0609 0x0448 IRENUM - ok
07:52:34.0656 0x0448 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:52:34.0656 0x0448 isapnp - ok
07:52:34.0671 0x0448 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:52:34.0671 0x0448 Kbdclass - ok
07:52:34.0718 0x0448 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:52:34.0718 0x0448 kbdhid - ok
07:52:34.0750 0x0448 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:52:34.0750 0x0448 kmixer - ok
07:52:34.0781 0x0448 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:52:34.0796 0x0448 KSecDD - ok
07:52:34.0843 0x0448 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
07:52:34.0843 0x0448 lanmanserver - ok
07:52:34.0906 0x0448 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:52:34.0906 0x0448 lanmanworkstation - ok
07:52:34.0921 0x0448 lbrtfdc - ok
07:52:34.0968 0x0448 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:52:34.0968 0x0448 LmHosts - ok
07:52:35.0031 0x0448 [ E2C45D8E17B7599AD665146B1E19CA57, 7B3B6379E21130D5259691968B5B8D71E215F73F2775494A69D87CAA76D91297 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
07:52:35.0031 0x0448 mbamchameleon - ok
07:52:35.0062 0x0448 [ EEAEA6514BA7C9D273B5E87C4E1AAB30, 3B724C6A8867B1B7A45D832150E0CFAC1004D3B972A2A7BFDD2ADDDB2488BB1E ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:52:35.0062 0x0448 mdmxsdk - ok
07:52:35.0109 0x0448 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:52:35.0109 0x0448 Messenger - ok
07:52:35.0140 0x0448 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:52:35.0140 0x0448 mnmdd - ok
07:52:35.0171 0x0448 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:52:35.0171 0x0448 mnmsrvc - ok
07:52:35.0218 0x0448 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:52:35.0234 0x0448 Modem - ok
07:52:35.0265 0x0448 [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
07:52:35.0281 0x0448 MODEMCSA - ok
07:52:35.0281 0x0448 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:52:35.0296 0x0448 Mouclass - ok
07:52:35.0328 0x0448 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:52:35.0328 0x0448 mouhid - ok
07:52:35.0359 0x0448 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:52:35.0359 0x0448 MountMgr - ok
07:52:35.0437 0x0448 [ C34AB4280614658903BE848CE79ACDB5, 9A943D9B3CF941DAE4EA4E2771B5EC5DA37AB16AD43095EF092B4259D62FF810 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:52:35.0437 0x0448 MozillaMaintenance - ok
07:52:35.0468 0x0448 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:52:35.0484 0x0448 mraid35x - ok
07:52:35.0515 0x0448 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:52:35.0515 0x0448 MRxDAV - ok
07:52:35.0593 0x0448 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:52:35.0593 0x0448 MRxSmb - ok
07:52:35.0625 0x0448 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:52:35.0625 0x0448 MSDTC - ok
07:52:35.0671 0x0448 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:52:35.0671 0x0448 Msfs - ok
07:52:35.0687 0x0448 MSIServer - ok
07:52:35.0718 0x0448 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:52:35.0718 0x0448 MSKSSRV - ok
07:52:35.0750 0x0448 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:52:35.0750 0x0448 MSPCLOCK - ok
07:52:35.0765 0x0448 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:52:35.0765 0x0448 MSPQM - ok
07:52:35.0796 0x0448 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:52:35.0812 0x0448 mssmbios - ok
07:52:35.0859 0x0448 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:52:35.0859 0x0448 Mup - ok
07:52:35.0921 0x0448 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:52:35.0921 0x0448 napagent - ok
07:52:35.0968 0x0448 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:52:35.0984 0x0448 NDIS - ok
07:52:36.0015 0x0448 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:52:36.0031 0x0448 NdisTapi - ok
07:52:36.0062 0x0448 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:52:36.0062 0x0448 Ndisuio - ok
07:52:36.0093 0x0448 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:52:36.0093 0x0448 NdisWan - ok
07:52:36.0140 0x0448 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:52:36.0140 0x0448 NDProxy - ok
07:52:36.0187 0x0448 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:52:36.0187 0x0448 NetBIOS - ok
07:52:36.0203 0x0448 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:52:36.0218 0x0448 NetBT - ok
07:52:36.0250 0x0448 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
07:52:36.0265 0x0448 NetDDE - ok
07:52:36.0281 0x0448 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:52:36.0296 0x0448 NetDDEdsdm - ok


That is the first half.
Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Thu Oct 29, 2015 12:50 pm

Her is the second half

--->

07:52:36.0328 0x0448 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:52:36.0328 0x0448 Netlogon - ok
07:52:36.0359 0x0448 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
07:52:36.0375 0x0448 Netman - ok
07:52:36.0468 0x0448 [ 02D0798F376FCBD0210EDA58476D0B1B, 7658BFBF216FC92C27A60D7E6FF105E89AF2C125519174F27AC73D2E9F397E4C ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
07:52:36.0484 0x0448 NetSvc - ok
07:52:36.0515 0x0448 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:52:36.0515 0x0448 NetTcpPortSharing - ok
07:52:36.0562 0x0448 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
07:52:36.0578 0x0448 Nla - ok
07:52:36.0593 0x0498 Object send P2P result: true
07:52:36.0625 0x0448 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:52:36.0640 0x0448 Npfs - ok
07:52:36.0671 0x0448 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:52:36.0703 0x0448 Ntfs - ok
07:52:36.0718 0x0448 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:52:36.0718 0x0448 NtLmSsp - ok
07:52:36.0781 0x0448 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:52:36.0796 0x0448 NtmsSvc - ok
07:52:36.0828 0x0448 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
07:52:36.0828 0x0448 Null - ok
07:52:36.0953 0x0448 [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:52:37.0015 0x0448 nv - ok
07:52:37.0046 0x0448 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:52:37.0046 0x0448 NwlnkFlt - ok
07:52:37.0078 0x0448 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:52:37.0078 0x0448 NwlnkFwd - ok
07:52:37.0140 0x0448 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:52:37.0156 0x0448 ose - ok
07:52:37.0203 0x0448 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
07:52:37.0203 0x0448 Parport - ok
07:52:37.0218 0x0448 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:52:37.0218 0x0448 PartMgr - ok
07:52:37.0250 0x0448 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:52:37.0250 0x0448 ParVdm - ok
07:52:37.0265 0x0448 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:52:37.0265 0x0448 PCI - ok
07:52:37.0281 0x0448 PCIDump - ok
07:52:37.0312 0x0448 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:52:37.0328 0x0448 PCIIde - ok
07:52:37.0343 0x0448 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:52:37.0359 0x0448 Pcmcia - ok
07:52:37.0375 0x0448 PDCOMP - ok
07:52:37.0390 0x0448 PDFRAME - ok
07:52:37.0406 0x0448 PDRELI - ok
07:52:37.0421 0x0448 PDRFRAME - ok
07:52:37.0437 0x0448 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
07:52:37.0437 0x0448 perc2 - ok
07:52:37.0468 0x0448 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:52:37.0468 0x0448 perc2hib - ok
07:52:37.0531 0x0448 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
07:52:37.0531 0x0448 PlugPlay - ok
07:52:37.0578 0x0448 [ 364E30F27BE1E6DED83E81C4DE93E808, 4C66D8B0654E87306291249CC95876F930AC490C77365B0A7FBACD1D6376A514 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
07:52:37.0593 0x0448 Pml Driver HPZ12 - ok
07:52:37.0609 0x0448 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:52:37.0609 0x0448 PolicyAgent - ok
07:52:37.0656 0x0448 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:52:37.0671 0x0448 PptpMiniport - ok
07:52:37.0671 0x0448 Profos - ok
07:52:37.0687 0x0448 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:52:37.0703 0x0448 ProtectedStorage - ok
07:52:37.0718 0x0448 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:52:37.0718 0x0448 PSched - ok
07:52:37.0750 0x0448 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:52:37.0750 0x0448 Ptilink - ok
07:52:37.0796 0x0448 [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:52:37.0796 0x0448 PxHelp20 - ok
07:52:37.0812 0x0448 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:52:37.0812 0x0448 ql1080 - ok
07:52:37.0843 0x0448 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:52:37.0843 0x0448 Ql10wnt - ok
07:52:37.0875 0x0448 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:52:37.0875 0x0448 ql12160 - ok
07:52:37.0906 0x0448 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:52:37.0906 0x0448 ql1240 - ok
07:52:37.0937 0x0448 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:52:37.0937 0x0448 ql1280 - ok
07:52:37.0984 0x0448 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:52:37.0984 0x0448 RasAcd - ok
07:52:38.0015 0x0448 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:52:38.0031 0x0448 RasAuto - ok
07:52:38.0062 0x0448 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:52:38.0062 0x0448 Rasl2tp - ok
07:52:38.0109 0x0448 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:52:38.0125 0x0448 RasMan - ok
07:52:38.0171 0x0448 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:52:38.0171 0x0448 RasPppoe - ok
07:52:38.0187 0x0448 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:52:38.0187 0x0448 Raspti - ok
07:52:38.0218 0x0448 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:52:38.0234 0x0448 Rdbss - ok
07:52:38.0250 0x0448 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:52:38.0250 0x0448 RDPCDD - ok
07:52:38.0296 0x0448 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:52:38.0312 0x0448 rdpdr - ok
07:52:38.0343 0x0448 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:52:38.0359 0x0448 RDPWD - ok
07:52:38.0390 0x0448 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:52:38.0390 0x0448 RDSessMgr - ok
07:52:38.0421 0x0448 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:52:38.0437 0x0448 redbook - ok
07:52:38.0468 0x0448 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:52:38.0468 0x0448 RemoteAccess - ok
07:52:38.0515 0x0448 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
07:52:38.0531 0x0448 RpcLocator - ok
07:52:38.0562 0x0448 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
07:52:38.0578 0x0448 RpcSs - ok
07:52:38.0625 0x0448 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:52:38.0640 0x0448 RSVP - ok
07:52:38.0671 0x0448 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
07:52:38.0671 0x0448 SamSs - ok
07:52:38.0718 0x0448 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:52:38.0718 0x0448 SCardSvr - ok
07:52:38.0765 0x0448 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:52:38.0765 0x0448 Schedule - ok
07:52:38.0812 0x0448 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:52:38.0812 0x0448 Secdrv - ok
07:52:38.0859 0x0448 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:52:38.0859 0x0448 seclogon - ok
07:52:38.0937 0x0448 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8, E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
07:52:38.0968 0x0448 senfilt - ok
07:52:39.0015 0x0448 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
07:52:39.0015 0x0448 SENS - ok
07:52:39.0078 0x0448 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
07:52:39.0078 0x0448 serenum - ok
07:52:39.0093 0x0448 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
07:52:39.0093 0x0448 Serial - ok
07:52:39.0156 0x0448 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:52:39.0156 0x0448 Sfloppy - ok
07:52:39.0203 0x0448 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:52:39.0218 0x0448 SharedAccess - ok
07:52:39.0250 0x0448 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:52:39.0265 0x0448 ShellHWDetection - ok
07:52:39.0281 0x0448 Simbad - ok
07:52:39.0312 0x0448 [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:52:39.0312 0x0448 sisagp - ok
07:52:39.0375 0x0448 [ 0066FF77AEB4AE70066F7E94D5A6D866, 5067FC7F71FD3D1AFF4173D6379EF85DCB2B6B5588897430F3B440F3BB85D967 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
07:52:39.0390 0x0448 smwdm - ok
07:52:39.0421 0x0448 [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:52:39.0421 0x0448 Sparrow - ok
07:52:39.0453 0x0448 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:52:39.0453 0x0448 splitter - ok
07:52:39.0500 0x0448 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:52:39.0515 0x0448 Spooler - ok
07:52:39.0546 0x0448 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:52:39.0562 0x0448 sr - ok
07:52:39.0609 0x0448 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
07:52:39.0609 0x0448 srservice - ok
07:52:39.0671 0x0448 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:52:39.0687 0x0448 Srv - ok
07:52:39.0718 0x0448 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:52:39.0718 0x0448 SSDPSRV - ok
07:52:39.0781 0x0448 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:52:39.0781 0x0448 stisvc - ok
07:52:39.0828 0x0448 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:52:39.0828 0x0448 swenum - ok
07:52:39.0859 0x0448 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:52:39.0859 0x0448 swmidi - ok
07:52:39.0875 0x0448 SwPrv - ok
07:52:39.0906 0x0448 [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
07:52:39.0906 0x0448 symc810 - ok
07:52:39.0921 0x0448 [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:52:39.0921 0x0448 symc8xx - ok
07:52:39.0953 0x0448 [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:52:39.0953 0x0448 sym_hi - ok
07:52:39.0984 0x0448 [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:52:39.0984 0x0448 sym_u3 - ok
07:52:40.0015 0x0448 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:52:40.0015 0x0448 sysaudio - ok
07:52:40.0062 0x0448 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:52:40.0062 0x0448 SysmonLog - ok
07:52:40.0093 0x0448 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:52:40.0109 0x0448 TapiSrv - ok
07:52:40.0171 0x0448 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:52:40.0171 0x0448 Tcpip - ok
07:52:40.0218 0x0448 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:52:40.0218 0x0448 TDPIPE - ok
07:52:40.0250 0x0448 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:52:40.0250 0x0448 TDTCP - ok
07:52:40.0281 0x0448 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:52:40.0296 0x0448 TermDD - ok
07:52:40.0343 0x0448 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
07:52:40.0359 0x0448 TermService - ok
07:52:40.0390 0x0448 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
07:52:40.0390 0x0448 Themes - ok
07:52:40.0421 0x0448 [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
07:52:40.0421 0x0448 TosIde - ok
07:52:40.0484 0x0448 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:52:40.0484 0x0448 TrkWks - ok
07:52:40.0500 0x0448 Trufos - ok
07:52:40.0531 0x0448 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:52:40.0531 0x0448 Udfs - ok
07:52:40.0562 0x0448 [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
07:52:40.0562 0x0448 ultra - ok
07:52:40.0625 0x0448 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:52:40.0640 0x0448 Update - ok
07:52:40.0687 0x0448 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
07:52:40.0687 0x0448 upnphost - ok
07:52:40.0718 0x0448 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
07:52:40.0718 0x0448 UPS - ok
07:52:40.0750 0x0448 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:52:40.0750 0x0448 usbccgp - ok
07:52:40.0781 0x0448 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:52:40.0781 0x0448 usbehci - ok
07:52:40.0828 0x0448 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:52:40.0828 0x0448 usbhub - ok
07:52:40.0859 0x0448 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:52:40.0859 0x0448 usbprint - ok
07:52:40.0906 0x0448 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:52:40.0906 0x0448 usbscan - ok
07:52:40.0921 0x0448 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:52:40.0937 0x0448 USBSTOR - ok
07:52:40.0953 0x0448 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:52:40.0953 0x0448 usbuhci - ok
07:52:41.0000 0x0448 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:52:41.0000 0x0448 VgaSave - ok
07:52:41.0031 0x0448 [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:52:41.0046 0x0448 viaagp - ok
07:52:41.0062 0x0448 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
07:52:41.0062 0x0448 ViaIde - ok
07:52:41.0109 0x0448 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:52:41.0109 0x0448 VolSnap - ok
07:52:41.0171 0x0448 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
07:52:41.0171 0x0448 VSS - ok
07:52:41.0234 0x0448 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time C:\WINDOWS\system32\w32time.dll
07:52:41.0234 0x0448 w32time - ok
07:52:41.0265 0x0448 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:52:41.0265 0x0448 Wanarp - ok
07:52:41.0312 0x0448 [ 0A716C08CB13C3A8F4F51E882DBF7416, 66FFDC9151CB3676B5DF073431DE055E7F2CDA5722F7EAAC6EC45F2CF9910882 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
07:52:41.0312 0x0448 wanatw - ok
07:52:41.0328 0x0448 WDICA - ok
07:52:41.0375 0x0448 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:52:41.0375 0x0448 wdmaud - ok
07:52:41.0421 0x0448 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
07:52:41.0421 0x0448 WebClient - ok
07:52:41.0468 0x0448 [ F59ED5A43B988A18EF582BB07B2327A7, E870821C9C4E31D3B05049FBA5D81358F9C30E6A67F600D4EA3A5736CA344028 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:52:41.0500 0x0448 winachsf - ok
07:52:41.0609 0x0448 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:52:41.0609 0x0448 winmgmt - ok
07:52:41.0687 0x0448 [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM C:\WINDOWS\system32\WsmSvc.dll
07:52:41.0734 0x0448 WinRM - ok
07:52:41.0812 0x0448 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
07:52:41.0812 0x0448 WmdmPmSN - ok
07:52:41.0875 0x0448 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:52:41.0875 0x0448 WmiApSrv - ok
07:52:41.0968 0x0448 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
07:52:42.0015 0x0448 WMPNetworkSvc - ok
07:52:42.0093 0x0448 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:52:42.0125 0x0448 WPFFontCache_v0400 - ok
07:52:42.0156 0x0448 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:52:42.0156 0x0448 WS2IFSL - ok
07:52:42.0203 0x0448 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:52:42.0203 0x0448 wscsvc - ok
07:52:42.0218 0x0448 WSearch - ok
07:52:42.0250 0x0448 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:52:42.0250 0x0448 wuauserv - ok
07:52:42.0296 0x0448 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:52:42.0296 0x0448 WudfPf - ok
07:52:42.0312 0x0448 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:52:42.0312 0x0448 WudfRd - ok
07:52:42.0343 0x0448 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
07:52:42.0343 0x0448 WudfSvc - ok
07:52:42.0406 0x0448 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:52:42.0421 0x0448 WZCSVC - ok
07:52:42.0468 0x0448 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:52:42.0484 0x0448 xmlprov - ok
07:52:42.0500 0x0448 ================ Scan global ===============================
07:52:42.0546 0x0448 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
07:52:42.0593 0x0448 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
07:52:42.0640 0x0448 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
07:52:42.0671 0x0448 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
07:52:42.0671 0x0448 [ Global ] - ok
07:52:42.0671 0x0448 ================ Scan MBR ==================================
07:52:42.0703 0x0448 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
07:52:42.0937 0x0448 \Device\Harddisk0\DR0 - ok
07:52:42.0937 0x0448 ================ Scan VBR ==================================
07:52:42.0937 0x0448 [ 28F3B8167AB8A1E39B6D0439A28D2719 ] \Device\Harddisk0\DR0\Partition1
07:52:42.0953 0x0448 \Device\Harddisk0\DR0\Partition1 - ok
07:52:42.0953 0x0448 ================ Scan generic autorun ======================
07:52:43.0046 0x0448 [ 10247C15D999CC116C87DA36BD0AD64D, C2F0EE62505690DD7A11E08B555C522843B9A0902E05A6A75EB6FFFF3654606A ] C:\Program Files\Analog Devices\Core\smax4pnp.exe
07:52:43.0093 0x0448 SoundMAXPnP - ok
07:52:43.0140 0x0448 [ B3E3C57FD22E71CE20389372D972C6DC, 846996C47292E8AFA553C4792F2C3DC4ABBB2396E4EB71499408DAE1C72F682A ] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
07:52:43.0140 0x0448 DVDLauncher - ok
07:52:43.0187 0x0448 [ C341CCFBE98BC7DF6E0B856BB9FC265A, 7EA0A5407591EC8D97A9658DBEB7CB57550E143C526C3502E73F12FEF46F778C ] C:\Program Files\QuickTime\qttask.exe
07:52:43.0187 0x0448 QuickTime Task - ok
07:52:43.0250 0x0448 [ 9E109B03018763FDCB075CE74547BE22, 7321873E646F24B63B7C88B6BC9F4BE5D4DAB60284A9C2E9F0EB895A9E90231B ] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
07:52:43.0265 0x0448 ISUSPM Startup - ok
07:52:43.0296 0x0448 [ 583B7D111304BE63D7D9CB65482D2187, BD9618C9EFED73BC0EB1029502FE0AE0AECD8B0ABA506797C78327E71FF0FC0F ] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
07:52:43.0296 0x0448 ISUSScheduler - ok
07:52:43.0359 0x0448 [ 526874EFE8D1F0EC1B7BBB87D5C433E6, 1F4EA90C74EAEABA632F3528884D670AAA1D58F0B14F5A30C7D5BDCE4E76422C ] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
07:52:43.0359 0x0448 DMXLauncher - ok
07:52:43.0390 0x0448 [ 3F2C8DD08549BB3419CDA372F5999FFA, D2AF3C3BD950A027094034B40C6F81BE966A557F9BD403D3D10E3D0D31CF8A76 ] C:\WINDOWS\system32\igfxtray.exe
07:52:43.0406 0x0448 igfxtray - ok
07:52:43.0421 0x0448 [ 01018F75F3F18CE629FAC9689954A2AE, F10802A5DEE4527B34939A5FF77B6B3184F7A2FF2963DE6C872C85C25233C7CF ] C:\WINDOWS\system32\hkcmd.exe
07:52:43.0421 0x0448 igfxhkcmd - ok
07:52:43.0453 0x0448 [ 996ABAC2332DE28F3B6A179C6DA20205, D9E7D690400FA5816555A1030BB39CC9DC3C5EF195A44085B072BEF5EDA7A67A ] C:\WINDOWS\system32\igfxpers.exe
07:52:43.0453 0x0448 igfxpers - ok
07:52:43.0531 0x0448 [ 01CA06B4A25EE7832D8959667D4FD42D, C6F288677575085C623F70020B1908AD164A05698DCFA724E8C143791483CE1C ] C:\Program Files\Common Files\AOL\1150313312\ee\AOLSoftware.exe
07:52:43.0531 0x0448 HostManager - ok
07:52:43.0625 0x0448 [ 1AC2C58B587C70DE64582AD41EE79FBA, 6CCA4B7A839E75AB7C5C8ACD20DF66A9570FD9EEDC5F24C537D1C269E22E22B8 ] C:\Program Files\Common Files\Real\Update_OB\realsched.exe
07:52:43.0625 0x0448 TkBellExe - ok
07:52:43.0687 0x0448 [ B361E86404522CEFFEBFB9D24ED4E7B5, D2FBE9D04059EB7497773D4D333D86B9543ECAC05348A1A0B7D01ECC571F1FC1 ] C:\Program Files\Mouse Driver\MouseDrv.exe
07:52:43.0703 0x0448 CreativeMouse - ok
07:52:43.0796 0x0448 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
07:52:43.0828 0x0448 Adobe ARM - ok
07:52:43.0921 0x0448 [ 2D9CE5DDE52CEEA539E0DD20735A0797, 258D81DE33DD37FC044E56D50BB8DD338AB9534A736C9A41640B038C65DE213D ] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
07:52:43.0921 0x0448 HPDJ Taskbar Utility - ok
07:52:43.0953 0x0448 KernelFaultCheck - ok
07:52:44.0000 0x0448 [ FCEC6F664FA7E5FE323165FBC9314470, 4E5AB1E6C3D2881D95E74F2F28649A7DBC4919CA249829A0E4CD9804E401A025 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
07:52:44.0031 0x0448 SunJavaUpdateSched - ok
07:52:44.0171 0x0448 [ 69E6AA230410AF75DE5C81B77C63BBDF, 56D6B2823695EA116FBEB3F3F49FC1023359528BF6377069D7E320EC28AE6561 ] C:\Program Files\AVG\Framework\Common\avguix.exe
07:52:44.0203 0x0448 AvgUi - ok
07:52:44.0484 0x0448 [ 2C2B353AF7F1EFC451988E14E2380B48, 5F4B98C1CFFFF8E334B48080E2A25C69F69CC3FBFA5F339E9C359BE1EEFD6CB5 ] C:\Program Files\AVG\Av\avgui.exe
07:52:44.0593 0x0448 AVG_UI - ok
07:52:44.0671 0x0448 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
07:52:44.0671 0x0448 ctfmon.exe - ok
07:52:44.0984 0x0448 [ 2E4EE47FBD9BB663A5220DBC38579986, 264A48ADA13FEC6F49F34C3118ABFFEEB569B631E9EE35168FE19DE78AF9C7C8 ] C:\Program Files\CCleaner\CCleaner.exe
07:52:45.0125 0x0448 CCleaner Monitoring - ok
07:52:45.0187 0x0448 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
07:52:45.0187 0x0448 ctfmon.exe - ok
07:52:45.0187 0x0448 Waiting for KSN requests completion. In queue: 251
07:52:46.0187 0x0448 Waiting for KSN requests completion. In queue: 251
07:52:47.0187 0x0448 Waiting for KSN requests completion. In queue: 251
07:52:47.0718 0x0b90 Object required for P2P: [ 2C2B353AF7F1EFC451988E14E2380B48 ] C:\Program Files\AVG\Av\avgui.exe
07:52:48.0187 0x0448 Waiting for KSN requests completion. In queue: 4
07:52:49.0187 0x0448 Waiting for KSN requests completion. In queue: 4
07:52:50.0187 0x0448 Waiting for KSN requests completion. In queue: 4
07:52:50.0453 0x0b90 Object send P2P result: true
07:52:51.0234 0x0448 AV detected via SS1: Defender Pro Antivirus, 12.0, disabled, updated
07:52:51.0234 0x0448 AV detected via SS1: AVG AntiVirus Free Edition, 2016.0, enabled, updated
07:52:51.0234 0x0448 FW detected via SS1: AVG Internet Security 2015, 2015.0, disabled
07:52:51.0234 0x0448 FW detected via SS1: Defender Pro Firewall, 12.0, enabled
07:52:53.0703 0x0448 ============================================================
07:52:53.0703 0x0448 Scan finished
07:52:53.0703 0x0448 ============================================================
07:52:53.0718 0x0468 Detected object count: 0
07:52:53.0718 0x0468 Actual detected object count: 0
07:53:18.0890 0x0fb4 Deinitialize success


Thanks, Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Thu Oct 29, 2015 6:26 pm

I don't know what "MCU" stands for, so I can not answer that.
You can find out by going to Start, All Programs and see if you can start MCU from there. If you didn't install it or want it you should uninstall it.
It keeps telling me that the post is to large to post, when I try to post the results of the "Kdsskiller"
Any large logs may have to be split into two or more posts.
Please let me know if there is any change?

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Sat Oct 31, 2015 11:33 am

I went to Start, All Programs, I looked through everything, and I don't see anything MCU, or anything with the initials MCU.

My pc seems to be running good again. Thank you!!!

I will go and try to reinstall the AVG, and see if I can get the whole thing this time. I will let you know how it goes.

Thanks again! Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Fri Nov 06, 2015 12:53 pm

Since doing all this work on my PC, I have lost the volume to my speakers. I have checked everything I can think of, but no luck. I also don't have the speaker icon on my task bar anymore. When I turn on my speakers, they make the normal pop sound when I turn them on, but nothing else.

Any idea's how to get them back?

Thanks, Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Fri Nov 06, 2015 4:47 pm

Go into Device Manager and see if there are any yellow warnings anywhere. Did you check all your connections.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Sun Nov 15, 2015 4:03 pm

Sorry, I have been busy with my wife in and out of the hospital.
I went into the sounds and audio devices, in the control panel. I do not see any yellow warnings any where.

I have removed my desk top speakers, and replaced them with another set, and still no sounds. I have been trying to watch some you tube video's to repair something, but I get no sound.

I keep getting the same 28 virus's every time I run my AVG. My pc is slow to open a site, and I get "Not responding" all the time again. It's constant stop, and go when on any internet site.

Thanks, Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Sun Nov 15, 2015 6:18 pm

You need to get into the Device Manager to see if there is anything not correct on your computer. Right-click on My Computer, select Manage and click on Device Manager.
What browser are you using?
Please download, install and run a scan with MSE (below) to see if it finds anything.


[You must be registered and logged in to see this link.] All versions and all languages.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Mon Nov 16, 2015 3:10 pm

I found the "Device Manager" you wanted me to check. I see no yellow warnings any where in there.

I am running XP Home, it won't down load any of the "MSE" on to XP.

Thanks, Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Mon Nov 16, 2015 7:10 pm

Ok, Please try this one.

[You must be registered and logged in to see this link.]

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Sat Nov 21, 2015 11:45 am

I down loaded Avira  antivirus, and ran it.

Here's the report --->

Free Antivirus
Report file date: Thursday, November 19, 2015  11:17


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Antivirus Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Microsoft Windows XP
Windows version : (Service Pack 3)  [5.1.2600]
Boot mode       : Normally booted
Username        : ann summers
Computer name   : DFSVF091

Version information:
BUILD.DAT       : 15.0.13.210    92152 Bytes   10/5/2015 15:51:00
AVSCAN.EXE      : 15.0.13.202  1183208 Bytes  11/19/2015 14:33:57
AVSCANRC.DLL    : 15.0.13.158    57912 Bytes  11/19/2015 14:33:57
LUKE.DLL        : 15.0.13.190    69248 Bytes  11/19/2015 14:34:27
AVSCPLR.DLL     : 15.0.13.202   106352 Bytes  11/19/2015 14:33:57
REPAIR.DLL      : 15.0.13.193   517328 Bytes  11/19/2015 14:33:55
REPAIR.RDF      : 1.0.12.16    1329930 Bytes  11/19/2015 14:36:05
AVREG.DLL       : 15.0.13.193   339632 Bytes  11/19/2015 14:33:55
AVLODE.DLL      : 15.0.13.193   633688 Bytes  11/19/2015 14:33:53
AVLODE.RDF      : 14.0.5.6       84211 Bytes  11/19/2015 14:33:38
XBV00029.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00030.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00031.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00032.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00033.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00034.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00035.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00036.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00037.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00038.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00039.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00040.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00041.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00068.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:05
XBV00069.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:05
XBV00070.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:05
XBV00071.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00072.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00073.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00074.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00075.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00076.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00077.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00078.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00079.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00080.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00081.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:07
XBV00082.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:07
XBV00083.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:07
XBV00084.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:07
XBV00085.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:07
XBV00086.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:07
XBV00087.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:07
XBV00088.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:08
XBV00089.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:08
XBV00090.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:08
XBV00091.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:08
XBV00092.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:08
XBV00093.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:08
XBV00094.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:08
XBV00095.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00096.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00097.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00098.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00099.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00100.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00101.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00102.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00103.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00104.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00105.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00106.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00107.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00108.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00109.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00110.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00111.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00112.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00113.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00114.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00115.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00116.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00117.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00118.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00119.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00120.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00121.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00122.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00123.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00124.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00125.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:12
XBV00126.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:12
XBV00127.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:12
XBV00128.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:12
XBV00129.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:12
XBV00130.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:13
XBV00131.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:13
XBV00132.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:13
XBV00133.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:13
XBV00134.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:13
XBV00135.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:13
XBV00136.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:14
XBV00137.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:14
XBV00138.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:14
XBV00139.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:14
XBV00140.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:14
XBV00141.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:14
XBV00142.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:15
XBV00143.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:15
XBV00144.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:15
XBV00145.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:15
XBV00146.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:15
XBV00147.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:15
XBV00148.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:15
XBV00149.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00150.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00151.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00152.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00153.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00154.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00155.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00156.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00157.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00158.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00159.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00160.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00161.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00162.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00163.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00164.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00165.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00166.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00167.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00168.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00169.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00170.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00171.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00172.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00173.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00174.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00175.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00176.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00177.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00178.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00179.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00180.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00181.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00182.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00183.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00184.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00185.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00186.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00187.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00188.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00189.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00190.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00191.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00192.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00193.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00194.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00195.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00196.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00197.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00198.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00199.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00200.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00201.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00202.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00203.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00204.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00205.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00206.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00207.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00208.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:22
XBV00209.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:22
XBV00210.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:22
XBV00211.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:22
XBV00212.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:22
XBV00213.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:22
XBV00214.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00215.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00216.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00217.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00218.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00219.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00220.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00221.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00222.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00223.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00224.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00225.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00226.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00227.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00228.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00229.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00230.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00231.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00232.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00233.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00234.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00235.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00236.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00237.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00238.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00239.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00240.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00241.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00242.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00243.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00244.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00245.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00246.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00247.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00248.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00249.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00250.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00251.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00252.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:27
XBV00253.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:27
XBV00254.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:27
XBV00255.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:27
XBV00000.VDF    : 7.11.70.0   66736640 Bytes    4/4/2013 20:05:46
XBV00001.VDF    : 7.11.74.226  2201600 Bytes   4/30/2013 20:05:46
XBV00002.VDF    : 7.11.80.60   2751488 Bytes   5/28/2013 20:05:46
XBV00003.VDF    : 7.11.85.214  2162688 Bytes   6/21/2013 20:05:46
XBV00004.VDF    : 7.11.91.176  3903488 Bytes   7/23/2013 20:05:46
XBV00005.VDF    : 7.11.98.186  6822912 Bytes   8/29/2013 20:05:46
XBV00006.VDF    : 7.11.139.38 15708672 Bytes   3/27/2014 20:05:46
XBV00007.VDF    : 7.11.152.100  4193792 Bytes    6/2/2014 20:05:46
XBV00008.VDF    : 8.11.165.192  4251136 Bytes    8/7/2014 20:05:46
XBV00009.VDF    : 8.11.172.30  2094080 Bytes   9/15/2014 20:05:46
XBV00010.VDF    : 8.11.178.32  1581056 Bytes  10/14/2014 20:05:46
XBV00011.VDF    : 8.11.184.50  2178560 Bytes  11/11/2014 20:05:46
XBV00012.VDF    : 8.11.190.32  1876992 Bytes   12/3/2014 20:05:46
XBV00013.VDF    : 8.11.201.28  2973696 Bytes   1/14/2015 20:05:46
XBV00014.VDF    : 8.11.206.252  2695680 Bytes    2/4/2015 20:05:46
XBV00015.VDF    : 8.11.213.84  3175936 Bytes    3/3/2015 20:05:46
XBV00016.VDF    : 8.11.213.176   212480 Bytes    3/5/2015 20:05:46
XBV00017.VDF    : 8.11.219.166  2033664 Bytes   3/25/2015 20:05:46
XBV00018.VDF    : 8.11.225.88  2367488 Bytes   4/22/2015 14:34:38
XBV00019.VDF    : 8.11.230.186  1674752 Bytes   5/13/2015 14:34:39
XBV00020.VDF    : 8.11.237.30  4711936 Bytes    6/2/2015 14:34:44
XBV00021.VDF    : 8.11.243.12  2747904 Bytes   6/26/2015 14:34:46
XBV00022.VDF    : 8.11.248.172  2350592 Bytes   7/17/2015 14:34:49
XBV00023.VDF    : 8.11.254.112  2570752 Bytes    8/7/2015 14:34:51
XBV00024.VDF    : 8.12.3.6     2196480 Bytes   8/27/2015 14:34:53
XBV00025.VDF    : 8.12.8.238   1951232 Bytes   9/16/2015 14:34:55
XBV00026.VDF    : 8.12.16.180  2211328 Bytes   10/7/2015 14:34:58
XBV00027.VDF    : 8.12.21.126  2252288 Bytes  10/27/2015 14:35:00
XBV00028.VDF    : 8.12.28.114  2935296 Bytes  11/17/2015 14:35:03
XBV00042.VDF    : 8.12.28.118    33792 Bytes  11/17/2015 14:35:03
XBV00043.VDF    : 8.12.28.122    39424 Bytes  11/17/2015 14:35:03
XBV00044.VDF    : 8.12.28.124     2048 Bytes  11/18/2015 14:35:03
XBV00045.VDF    : 8.12.28.128    51712 Bytes  11/18/2015 14:35:03
XBV00046.VDF    : 8.12.28.130     2048 Bytes  11/18/2015 14:35:04
XBV00047.VDF    : 8.12.28.132    14336 Bytes  11/18/2015 14:35:04
XBV00048.VDF    : 8.12.28.158    10752 Bytes  11/18/2015 14:35:04
XBV00049.VDF    : 8.12.28.184     5632 Bytes  11/18/2015 14:35:04
XBV00050.VDF    : 8.12.28.210     3584 Bytes  11/18/2015 14:35:04
XBV00051.VDF    : 8.12.28.236    10240 Bytes  11/18/2015 14:35:04
XBV00052.VDF    : 8.12.29.6      27136 Bytes  11/18/2015 14:35:04
XBV00053.VDF    : 8.12.29.8       3072 Bytes  11/18/2015 14:35:04
XBV00054.VDF    : 8.12.29.10     15360 Bytes  11/18/2015 14:35:04
XBV00055.VDF    : 8.12.29.12      2048 Bytes  11/18/2015 14:35:04
XBV00056.VDF    : 8.12.29.14      2048 Bytes  11/18/2015 14:35:04
XBV00057.VDF    : 8.12.29.16     13312 Bytes  11/18/2015 14:35:04
XBV00058.VDF    : 8.12.29.18      2048 Bytes  11/18/2015 14:35:04
XBV00059.VDF    : 8.12.29.20     15360 Bytes  11/18/2015 14:35:04
XBV00060.VDF    : 8.12.29.22      6144 Bytes  11/18/2015 14:35:05
XBV00061.VDF    : 8.12.29.24      6144 Bytes  11/18/2015 14:35:05
XBV00062.VDF    : 8.12.29.26     13312 Bytes  11/18/2015 14:35:05
XBV00063.VDF    : 8.12.29.28     15872 Bytes  11/18/2015 14:35:05
XBV00064.VDF    : 8.12.29.52     39424 Bytes  11/19/2015 14:35:05
XBV00065.VDF    : 8.12.29.72      8192 Bytes  11/19/2015 14:35:05
XBV00066.VDF    : 8.12.29.92     13824 Bytes  11/19/2015 14:35:05
XBV00067.VDF    : 8.12.29.112     2048 Bytes  11/19/2015 14:35:05
LOCAL000.VDF    : 8.12.29.112 145051136 Bytes  11/19/2015 14:41:05
Engine version  : 8.3.34.76
AEBB.DLL        : 8.1.3.0        59296 Bytes  11/19/2015 14:33:27
AECORE.DLL      : 8.3.9.0       249920 Bytes  11/19/2015 14:33:27
AEDROID.DLL     : 8.4.3.348    1800104 Bytes  11/19/2015 14:33:37
AEEMU.DLL       : 8.1.3.6       404328 Bytes  11/19/2015 14:33:28
AEEXP.DLL       : 8.4.2.134     277360 Bytes  11/19/2015 14:33:36
AEGEN.DLL       : 8.1.8.2       482424 Bytes  11/19/2015 14:33:28
AEHELP.DLL      : 8.3.2.6       284584 Bytes  11/19/2015 14:33:28
AEHEUR.DLL      : 8.1.4.2050   9894768 Bytes  11/19/2015 14:33:33
AEMOBILE.DLL    : 8.1.8.8       300968 Bytes  11/19/2015 14:33:37
AEOFFICE.DLL    : 8.3.1.56      408432 Bytes  11/19/2015 14:33:33
AEPACK.DLL      : 8.4.1.18      802880 Bytes  11/19/2015 14:33:34
AERDL.DLL       : 8.2.1.38      813928 Bytes  11/19/2015 14:33:34
AESBX.DLL       : 8.2.21.2     1629032 Bytes  11/19/2015 14:33:36
AESCN.DLL       : 8.3.4.0       141216 Bytes  11/19/2015 14:33:34
AESCRIPT.DLL    : 8.3.0.4       542632 Bytes  11/19/2015 14:33:35
AEVDF.DLL       : 8.3.2.4       141216 Bytes  11/19/2015 14:33:35
AVWINLL.DLL     : 15.0.13.158    29600 Bytes  11/19/2015 14:33:24
AVPREF.DLL      : 15.0.13.158    55864 Bytes  11/19/2015 14:33:55
AVREP.DLL       : 15.0.13.158   225320 Bytes  11/19/2015 14:33:55
AVARKT.DLL      : 15.0.13.158   232000 Bytes  11/19/2015 14:33:40
AVEVTLOG.DLL    : 15.0.13.190   202112 Bytes  11/19/2015 14:33:45
SQLITE3.DLL     : 15.0.13.158   461672 Bytes  11/19/2015 14:34:32
AVSMTP.DLL      : 15.0.13.158    82120 Bytes  11/19/2015 14:33:58
NETNT.DLL       : 15.0.13.158    18792 Bytes  11/19/2015 14:34:28
CommonImageRc.dll: 15.0.13.190  4308216 Bytes  11/19/2015 14:33:25
CommonTextRc.dll: 15.0.13.158    69760 Bytes  11/19/2015 14:33:25

Configuration settings for the scan:
Jobname.............................: Full scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Thursday, November 19, 2015  11:17

Start scanning boot sectors:
Boot sector 'HDD0(C:)'
   [INFO]      No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'rsmsink.exe' - '31' Module(s) have been scanned
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '62' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '101' Module(s) have been scanned
Scan process 'avcenter.exe' - '115' Module(s) have been scanned
Scan process 'firefox.exe' - '105' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'WPFFontCache_v0400.exe' - '15' Module(s) have been scanned
Scan process 'svchost.exe' - '93' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'mbam.exe' - '92' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'mbamservice.exe' - '46' Module(s) have been scanned
Scan process 'mbamscheduler.exe' - '33' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '66' Module(s) have been scanned
Scan process 'DLG.exe' - '23' Module(s) have been scanned
Scan process 'CCleaner.exe' - '40' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'Avira.OE.Systray.exe' - '130' Module(s) have been scanned
Scan process 'avgnt.exe' - '102' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'hpztsb07.exe' - '20' Module(s) have been scanned
Scan process 'MouseDrv.exe' - '38' Module(s) have been scanned
Scan process 'AOLSoftware.exe' - '62' Module(s) have been scanned
Scan process 'igfxpers.exe' - '23' Module(s) have been scanned
Scan process 'hkcmd.exe' - '22' Module(s) have been scanned
Scan process 'DMXLauncher.exe' - '18' Module(s) have been scanned
Scan process 'issch.exe' - '11' Module(s) have been scanned
Scan process 'avguard.exe' - '89' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '20' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'AVG-Secure-Search-Update_0615piz.exe' - '44' Module(s) have been scanned
Scan process 'Explorer.EXE' - '112' Module(s) have been scanned
Scan process 'sched.exe' - '71' Module(s) have been scanned
Scan process 'spoolsv.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '167' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'lsass.exe' - '61' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'winlogon.exe' - '69' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '1720' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Mcam9\nhasp9.exe
 [DETECTION] Is the TR/Agent.126976.381 Trojan
C:\Mcam9\Common\testhasp.exe
 [DETECTION] Is the TR/Dropper.Gen Trojan

Beginning disinfection:
C:\Mcam9\Common\testhasp.exe
 [DETECTION] Is the TR/Dropper.Gen Trojan
 [NOTE]      The file was moved to the quarantine directory under the name '3b1090a1.qua'!
C:\Mcam9\nhasp9.exe
 [DETECTION] Is the TR/Agent.126976.381 Trojan
 [NOTE]      The file was moved to the quarantine directory under the name '4465a53f.qua'!


End of the scan: Thursday, November 19, 2015  14:31
Used time:  2:11:29 Hour(s)

The scan has been done completely.

  6794 Scanned directories
451683 Files were scanned
     2 Viruses and/or unwanted programs were found
     0 Files were classified as suspicious
     0 Files were deleted
     0 Viruses and unwanted programs were repaired
     2 Files were moved to quarantine
     0 Files were renamed
     0 Files cannot be scanned
451681 Files not concerned
 13455 Archives were scanned
     0 Warnings
     2 Notes
347354 Objects were scanned with rootkit scan
     0 Hidden objects were found


Thanks, Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Sat Nov 21, 2015 11:52 am

My computer seems to run good, but it still at times gives me "not responding".  It locked I have had to shut it off, and restart it twice, since I've run  Avira. But if I am not online doing something, it seems to run real good.

But still no sound.

Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Sat Nov 21, 2015 6:34 pm

Click on Start, Control Panel and double-click on Sounds and Audio devices. Click on the box for "place volume icon in the taskbar." Make sure your control is not muted and the volume control is up as far as it will go.
The other problem with page not loading could be an intermittent problem with your modem. Make sure all your cables are secure.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Mon Nov 30, 2015 3:01 pm

I have check the "Audio Devices" many times through out this, and it is has not, is not muted,and all volumes are to full. The "place volume in the task bar" has been check all along. It say's my desk stereo speakers are working, but they are not. When I do sound test on them, there is nothing.

I have stopped having the same 28 virus's, and it now shows the volume control in the task bar, but still no sound.

I checked all my connections, they are good. They also are new, I had fiber optic's installed in the spring and they replaced everything. But I still checked them.

Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Mon Nov 30, 2015 6:53 pm

Can you get sound with earphones?

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Tue Dec 08, 2015 11:45 pm

Sorry for the delay, I had to get some earphones. No there is no sound with them.

Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Wed Dec 09, 2015 12:18 am

Go to Device Manager and check if there are any yellow icons.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Wed Dec 09, 2015 4:32 pm

I went to "Device Manager" and I see no yellow icons.

Here is a screen shot of it.

Thanks, Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Wed Dec 09, 2015 4:40 pm


It keeps telling me the picture is to big, it has to be 1.5mb or smaller, and mine is 1.12mb

 Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Wed Dec 09, 2015 4:48 pm

My PC has twice in the last 4 days gone into CHKDSK, and said it "The type of the file system is NTFS. The volume is dirty"
It then went though files deleting them (to many to count), and then, said "Recovering orphaned file 4352", and then went back to working normal again.

I don't remember which file it did last night, when it did it again.

Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Wed Dec 09, 2015 5:00 pm

Please run the SFC I posted earlier and tell me if it asks for the OS disk.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Tue Dec 15, 2015 2:16 pm

I just ran the SFC, and when I came back in the room, it was done, and closed itself. So I guessing it didn't want me to install the OS disc.

I am getting the "not responding" quit often again, and it seems to stop, and go most the time when loading info. I thought it could be a busy internet, but after the PC sits awhile, it takes awhile before it does anything, when I tell it to open anything.

I fixed the sound, I think, for now any ways. I updated the software for it, and it worked again. I left my PC on all day, as I usually do, and when I tried it again later in the day, it didn't work again. I then told it to go back to the original software, it now works again, and this mourning, I tried it, and it still is working.

Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Tue Dec 15, 2015 3:20 pm

Please try running MiniToolbox I provided earlier and tell me if the internet connection is any better.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Wed Dec 16, 2015 1:17 pm

I just ran the Minitoolbox again. I'll give the internet a try and get back to you later today.

One thing that I have been getting lately is a box that opens, it say's.

"Unresponsive Script"
A script on the page may be busy, or it may have stopped responding.
Then I need to check one of these box's
"Continue", "Debug Script", "Stop Script"

I just thought I'd let you know that.

I'll see how it work today.

Thanks, Pat
Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Wed Dec 16, 2015 1:19 pm

I didn't know if you wanted me to post the results of the MiniToolBox, but here they are in case you did.

MiniToolBox by Farbar Version: 02-11-2015
Ran by ann summers (administrator) on 16-12-2015 at 08:06:49
Running from "C:\Documents and Settings\ann summers\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Model: Dell DE051 Manufacturer: Dell Computer Corporation
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================

Intel(R) PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : DFSVF091

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-C6-5A-68

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Wednesday, December 16, 2015 5:11:42 AM

Lease Expires . . . . . . . . . . : Thursday, December 17, 2015 5:11:42 AM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 69.8.160.109, 69.8.160.117, 69.8.160.93, 69.8.160.102
69.8.160.87, 69.8.160.123, 69.8.160.91, 69.8.160.83, 69.8.160.98
69.8.160.113, 69.8.160.108, 69.8.160.79, 69.8.160.121, 69.8.160.106
69.8.160.94



Pinging google.com [69.8.160.117] with 32 bytes of data:



Reply from 69.8.160.117: bytes=32 time=9ms TTL=60

Reply from 69.8.160.117: bytes=32 time=5ms TTL=60



Ping statistics for 69.8.160.117:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 5ms, Maximum = 9ms, Average = 7ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 206.190.36.45



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=49ms TTL=49

Reply from 98.139.183.24: bytes=32 time=44ms TTL=49



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 44ms, Maximum = 49ms, Average = 46ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 c6 5a 68 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/16/2015 05:21:09 AM) (Source: .NET Runtime) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/16/2015 05:20:48 AM) (Source: .NET Runtime 4.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 avira.oe.servicehost.exe, P2 1.1.30.21727, P3 54bce4af, P4 mscorlib, P5 4.0.0.0, P6 52ccf750, P7 3fde, P8 13c, P9 clr20r30, P10 clr20r31.

Error: (12/16/2015 05:20:34 AM) (Source: .NET Runtime) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/16/2015 05:20:16 AM) (Source: .NET Runtime 4.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 avira.oe.servicehost.exe, P2 1.1.30.21727, P3 54bce4af, P4 mscorlib, P5 4.0.0.0, P6 52ccf750, P7 3fde, P8 13c, P9 clr20r30, P10 clr20r31.

Error: (12/16/2015 05:19:58 AM) (Source: .NET Runtime) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/16/2015 05:17:53 AM) (Source: .NET Runtime 4.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 avira.oe.servicehost.exe, P2 1.1.30.21727, P3 54bce4af, P4 mscorlib, P5 4.0.0.0, P6 52ccf750, P7 3fde, P8 13c, P9 clr20r30, P10 clr20r31.

Error: (12/16/2015 05:17:07 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800700ea.

Error: (12/16/2015 05:12:00 AM) (Source: ESENT) (User: )
Description: avguard (856) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).

Error: (12/15/2015 03:15:20 PM) (Source: .NET Runtime) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/15/2015 03:14:30 PM) (Source: .NET Runtime) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (12/16/2015 05:21:09 AM) (Source: Service Control Manager) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s).

Error: (12/16/2015 05:20:35 AM) (Source: Service Control Manager) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/16/2015 05:19:59 AM) (Source: Service Control Manager) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/15/2015 03:15:20 PM) (Source: Service Control Manager) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s).

Error: (12/15/2015 03:14:31 PM) (Source: Service Control Manager) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/15/2015 03:12:40 PM) (Source: Service Control Manager) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (12/16/2015 05:21:09 AM) (Source: .NET Runtime)(User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/16/2015 05:20:48 AM) (Source: .NET Runtime 4.0 Error Reporting)(User: )
Description: clr20r3avira.oe.servicehost.exe1.1.30.2172754bce4afmscorlib4.0.0.052ccf7503fde13csystem.unauthorizedaccessNIL

Error: (12/16/2015 05:20:34 AM) (Source: .NET Runtime)(User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/16/2015 05:20:16 AM) (Source: .NET Runtime 4.0 Error Reporting)(User: )
Description: clr20r3avira.oe.servicehost.exe1.1.30.2172754bce4afmscorlib4.0.0.052ccf7503fde13csystem.unauthorizedaccessNIL

Error: (12/16/2015 05:19:58 AM) (Source: .NET Runtime)(User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/16/2015 05:17:53 AM) (Source: .NET Runtime 4.0 Error Reporting)(User: )
Description: clr20r3avira.oe.servicehost.exe1.1.30.2172754bce4afmscorlib4.0.0.052ccf7503fde13csystem.unauthorizedaccessNIL

Error: (12/16/2015 05:17:07 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800700ea.

Error: (12/16/2015 05:12:00 AM) (Source: ESENT)(User: )
Description: avguard856C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (12/15/2015 03:15:20 PM) (Source: .NET Runtime)(User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/15/2015 03:14:30 PM) (Source: .NET Runtime)(User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 1021.98 MB
Available physical RAM: 472.31 MB
Total Virtual: 1695.86 MB
Available Virtual: 694.14 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:71.46 GB) (Free:44.79 GB) NTFS

========================= Users: ========================================

User accounts for \\DFSVF091

Administrator ann summers Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****


Pat

Wingnut
Intermediate
Intermediate

Status :
Online
Offline

Posts : 74
Joined : 2012-10-06
OS : XP home

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum