ActivityMonitoring malware?

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

ActivityMonitoring malware?

Post by Wingnut on Mon 05 Oct 2015, 11:41 am

First topic message reminder :

I was asked by SuperDave to start this here, to see if I had malware, or something in my PC. It keeps trying to install "ActivityMonitor" software into my PC, but I didn't ask for it, and I don't know if I need it. It starts the install many times a day. It started after I installed FireFox browser into my Dell with XP. It was really slow before I installed it, but worked great after installing it, but it is back to really slow, and gives me "Not responding" most all the time, again.
SuperDave asked me to post a screen shot of "ActivityMonitor " install, or stop installing window. I tried, I can get the site to host it, but it won't up load the picture to here.

Thanks, Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down


Re: ActivityMonitoring malware?

Post by Wingnut on Thu 29 Oct 2015, 11:46 pm

It keeps telling me that the post is to large to post, when I try to post the results of the "Kdsskiller"
The results tell me this.
--->
07:52:05.0406 0x059c TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
07:52:16.0796 0x059c ============================================================
07:52:16.0796 0x059c Current date / time: 2015/10/29 07:52:16.0796
07:52:16.0796 0x059c SystemInfo:
07:52:16.0796 0x059c
07:52:16.0796 0x059c OS Version: 5.1.2600 ServicePack: 3.0
07:52:16.0796 0x059c Product type: Workstation
07:52:16.0796 0x059c ComputerName: DFSVF091
07:52:16.0796 0x059c UserName: ann summers
07:52:16.0796 0x059c Windows directory: C:\WINDOWS
07:52:16.0796 0x059c System windows directory: C:\WINDOWS
07:52:16.0796 0x059c Processor architecture: Intel x86
07:52:16.0796 0x059c Number of processors: 1
07:52:16.0796 0x059c Page size: 0x1000
07:52:16.0796 0x059c Boot type: Normal boot
07:52:16.0796 0x059c ============================================================
07:52:19.0234 0x059c KLMD registered as C:\WINDOWS\system32\drivers\33383639.sys
07:52:19.0875 0x059c System UUID: {532E7B14-8F17-E8C0-D79F-01803337E10E}
07:52:20.0953 0x059c Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 ( 74.51 Gb ), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:52:20.0984 0x059c ============================================================
07:52:20.0984 0x059c \Device\Harddisk0\DR0:
07:52:20.0984 0x059c MBR partitions:
07:52:20.0984 0x059c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8EE9870
07:52:20.0984 0x059c ============================================================
07:52:21.0046 0x059c C: <-> \Device\Harddisk0\DR0\Partition1
07:52:21.0046 0x059c ============================================================
07:52:21.0046 0x059c Initialize success
07:52:21.0046 0x059c ============================================================
07:52:24.0531 0x0448 ============================================================
07:52:24.0531 0x0448 Scan started
07:52:24.0531 0x0448 Mode: Manual;
07:52:24.0531 0x0448 ============================================================
07:52:24.0531 0x0448 KSN ping started
07:52:26.0937 0x0448 KSN ping finished: true
07:52:27.0703 0x0448 ================ Scan system memory ========================
07:52:27.0703 0x0448 System memory - ok
07:52:27.0703 0x0448 ================ Scan services =============================
07:52:27.0812 0x0448 Abiosdsk - ok
07:52:27.0843 0x0448 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:52:27.0843 0x0448 abp480n5 - ok
07:52:28.0015 0x0448 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:52:28.0031 0x0448 ACPI - ok
07:52:28.0062 0x0448 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
07:52:28.0062 0x0448 ACPIEC - ok
07:52:28.0140 0x0448 [ 8C194A201698B4B4F77D974549819D1F, 081A2496FE1CE519E48677D99A831FF1FEEB1B33C75224CF288FA52F3E0E5FF0 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:52:28.0140 0x0448 AdobeFlashPlayerUpdateSvc - ok
07:52:28.0203 0x0448 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:52:28.0203 0x0448 adpu160m - ok
07:52:28.0250 0x0448 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:52:28.0265 0x0448 aec - ok
07:52:28.0312 0x0448 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:52:28.0312 0x0448 AFD - ok
07:52:28.0359 0x0448 [ 0EBB674888CBDEFD5773341C16DD6A07, EC87828DBD4E11079C1E7296EEC568917A7B4052AA3EFFA402DD5FAA7E45741D ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
07:52:28.0359 0x0448 AFS2K - ok
07:52:28.0406 0x0448 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
07:52:28.0406 0x0448 agp440 - ok
07:52:28.0421 0x0448 [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:52:28.0421 0x0448 agpCPQ - ok
07:52:28.0437 0x0448 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:52:28.0453 0x0448 Aha154x - ok
07:52:28.0453 0x0448 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:52:28.0468 0x0448 aic78u2 - ok
07:52:28.0484 0x0448 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:52:28.0500 0x0448 aic78xx - ok
07:52:28.0531 0x0448 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:52:28.0531 0x0448 Alerter - ok
07:52:28.0562 0x0448 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
07:52:28.0562 0x0448 ALG - ok
07:52:28.0593 0x0448 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
07:52:28.0593 0x0448 AliIde - ok
07:52:28.0625 0x0448 [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:52:28.0640 0x0448 alim1541 - ok
07:52:28.0640 0x0448 [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:52:28.0656 0x0448 amdagp - ok
07:52:28.0656 0x0448 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
07:52:28.0671 0x0448 amsint - ok
07:52:28.0671 0x0448 AppMgmt - ok
07:52:28.0703 0x0448 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
07:52:28.0703 0x0448 asc - ok
07:52:28.0718 0x0448 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:52:28.0718 0x0448 asc3350p - ok
07:52:28.0734 0x0448 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:52:28.0734 0x0448 asc3550 - ok
07:52:28.0843 0x0448 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:52:28.0843 0x0448 aspnet_state - ok
07:52:28.0890 0x0448 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:52:28.0890 0x0448 AsyncMac - ok
07:52:28.0921 0x0448 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:52:28.0921 0x0448 atapi - ok
07:52:28.0937 0x0448 Atdisk - ok
07:52:28.0953 0x0448 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:52:28.0953 0x0448 Atmarpc - ok
07:52:28.0984 0x0448 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:52:29.0000 0x0448 AudioSrv - ok
07:52:29.0031 0x0448 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:52:29.0031 0x0448 audstub - ok
07:52:29.0250 0x0448 [ 636347755757553AFCF77CF3120287B7, 5F3ED5546170F32A84AA12E922EBB73EB45544309D9F0EE0C4AC7E92FE673551 ] AvgAMPS C:\Program Files\AVG\Av\avgamps.exe
07:52:29.0265 0x0448 AvgAMPS - ok
07:52:29.0312 0x0448 [ 28ED163EBC48BF20F76B5A90032383A5, 3ADDEBD6CAADC923C8F5CF3206CBD6E4842EAFE3D0ACA39608E4A526BE1D8BF6 ] Avgdiskx C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
07:52:29.0312 0x0448 Avgdiskx - ok
07:52:29.0468 0x0448 [ 12863EC25C1C46D6CEA1236BA1A3E2D5, 0081FD31533D6B1A6CE379FA8FD7B37D995A6A4044E7BE4F42F825959C6E7513 ] avgfws C:\Program Files\AVG\AVG2015\avgfws.exe
07:52:29.0515 0x0448 avgfws - ok
07:52:29.0750 0x0448 [ D580A66587595A26EE6C6DD302D70BB7, EA75BF010341F6EB8D40973A4F80C5155B221170EFAAEDBAB51AFDAF90B1899D ] AVGIDSAgent C:\Program Files\AVG\Av\avgidsagent.exe
07:52:29.0875 0x0448 AVGIDSAgent - ok
07:52:29.0937 0x0448 [ E12570E23BB21AD8D51C983446E3D95C, 88EB293275BA1F8D4EDF0618A5740CA867FC80D6AF6CB5651A10A1EA1BE9EACC ] AVGIDSDriverl C:\WINDOWS\system32\DRIVERS\avgidsdriverlx.sys
07:52:29.0937 0x0448 AVGIDSDriverl - ok
07:52:30.0000 0x0448 [ 58D2DD279EF94567F3ADE0A183AA8E73, 3039A598B2EE9D0A1BD2C2B1004279470710A6B450D4800C9CE89B8D3AB21ED3 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
07:52:30.0000 0x0448 AVGIDSHX - ok
07:52:30.0031 0x0448 [ B2A20F53C393247935B921831151C107, 6F4366DF54D4FDAE61E47DB6F20A5ED2D99E1273743CE8ED1F62F6BEF49E51B6 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
07:52:30.0031 0x0448 AVGIDSShim - ok
07:52:30.0093 0x0448 [ 0279A6866096DDCF88E9774D4D026879, 9B561AA7450B73E88B21B122D48EDE36F2C4127469124B3E44C96962601C2740 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
07:52:30.0093 0x0448 Avgldx86 - ok
07:52:30.0140 0x0448 [ 671832356F02077F305F711FF8894BDA, DD0F193EF2F40DDEEABBEE13A4D669654AECF57B0C54CBF87FA8871536688C83 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
07:52:30.0156 0x0448 Avglogx - ok
07:52:30.0187 0x0448 [ 5A5297A835310226A044F3FE87E7F1A2, ED484E4B302596391C8D1DDCA1845BAE6E0643C93563FA87FB6FC4A9E2FC6295 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
07:52:30.0187 0x0448 Avgmfx86 - ok
07:52:30.0203 0x0448 [ 961DA8B7CE470D85D67262A3E3F45F63, 86987FAF0E69D819F7EBA30C2C11C4650AC5F6CC64977DE8E790D3D6F0639F74 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
07:52:30.0218 0x0448 Avgrkx86 - ok
07:52:30.0296 0x0448 [ EF5B460A6DD845A17D9AA1D06C622A7D, 4F5717A62AC8B087A90C507311AAEFBED0FA35A69FC02481F9471439A0D3F0AD ] avgsvc C:\Program Files\AVG\Framework\Common\avgsvcx.exe
07:52:30.0312 0x0448 avgsvc - ok
07:52:30.0375 0x0448 [ 771EB18C15CC90C716F7A88777384BB6, 3689A1E1A356E9BB9813493D391ECE361D6FF6C5050A7C1A7B04733BA3D5C5E8 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
07:52:30.0390 0x0448 Avgtdix - ok
07:52:30.0468 0x0448 [ E3E9166D2CC7AB2E03800302644EE74F, 7E0C9B1E3C3F6C2C9E9908C05B9BBD7EEDDE26D328DBAE235DF742F8153528A0 ] avgwd C:\Program Files\AVG\Av\avgwdsvcx.exe
07:52:30.0484 0x0448 avgwd - ok
07:52:30.0546 0x0448 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:52:30.0546 0x0448 Beep - ok
07:52:30.0609 0x0448 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
07:52:30.0640 0x0448 BITS - ok
07:52:30.0671 0x0448 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
07:52:30.0687 0x0448 Browser - ok
07:52:30.0687 0x0448 bvrp_pci - ok
07:52:30.0828 0x0448 catchme - ok
07:52:30.0859 0x0448 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:52:30.0859 0x0448 cbidf - ok
07:52:30.0875 0x0448 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:52:30.0875 0x0448 cbidf2k - ok
07:52:30.0906 0x0448 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:52:30.0906 0x0448 cd20xrnt - ok
07:52:30.0937 0x0448 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:52:30.0937 0x0448 Cdaudio - ok
07:52:30.0984 0x0448 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:52:30.0984 0x0448 Cdfs - ok
07:52:31.0015 0x0448 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:52:31.0015 0x0448 Cdrom - ok
07:52:31.0046 0x0448 Changer - ok
07:52:31.0078 0x0448 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:52:31.0078 0x0448 CiSvc - ok
07:52:31.0109 0x0448 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:52:31.0109 0x0448 ClipSrv - ok
07:52:31.0140 0x0448 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:52:31.0156 0x0448 clr_optimization_v2.0.50727_32 - ok
07:52:31.0234 0x0448 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:52:31.0234 0x0448 clr_optimization_v4.0.30319_32 - ok
07:52:31.0281 0x0448 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:52:31.0281 0x0448 CmdIde - ok
07:52:31.0296 0x0448 COMSysApp - ok
07:52:31.0328 0x0448 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:52:31.0328 0x0448 Cpqarray - ok
07:52:31.0375 0x0448 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:52:31.0375 0x0448 CryptSvc - ok
07:52:31.0421 0x0448 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:52:31.0421 0x0448 dac2w2k - ok
07:52:31.0453 0x0448 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:52:31.0453 0x0448 dac960nt - ok
07:52:31.0515 0x0448 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:52:31.0531 0x0448 DcomLaunch - ok
07:52:31.0578 0x0448 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:52:31.0578 0x0448 Dhcp - ok
07:52:31.0593 0x0448 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:52:31.0593 0x0448 Disk - ok
07:52:31.0609 0x0448 dmadmin - ok
07:52:31.0671 0x0448 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:52:31.0687 0x0448 dmboot - ok
07:52:31.0734 0x0448 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:52:31.0750 0x0448 dmio - ok
07:52:31.0781 0x0448 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:52:31.0781 0x0448 dmload - ok
07:52:31.0812 0x0448 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
07:52:31.0812 0x0448 dmserver - ok
07:52:31.0843 0x0448 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:52:31.0843 0x0448 DMusic - ok
07:52:31.0906 0x0448 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:52:31.0906 0x0448 Dnscache - ok
07:52:31.0937 0x0448 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:52:31.0953 0x0448 Dot3svc - ok
07:52:31.0984 0x0448 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:52:31.0984 0x0448 dpti2o - ok
07:52:32.0015 0x0448 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:52:32.0015 0x0448 drmkaud - ok
07:52:32.0078 0x0448 [ 7D91DC6342248369F94D6EBA0CF42E99, 3A0B94862AF1E085F1FD9B8B96FC1F7BD6FF00342AC04D697AB65BC686F7BC2F ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:52:32.0093 0x0448 E100B - ok
07:52:32.0125 0x0448 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:52:32.0140 0x0448 EapHost - ok
07:52:32.0187 0x0448 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:52:32.0187 0x0448 ERSvc - ok
07:52:32.0218 0x0448 esgiguard - ok
07:52:32.0265 0x0448 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
07:52:32.0265 0x0448 Eventlog - ok
07:52:32.0312 0x0448 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
07:52:32.0328 0x0448 EventSystem - ok
07:52:32.0390 0x0448 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:52:32.0390 0x0448 Fastfat - ok
07:52:32.0437 0x0448 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:52:32.0453 0x0448 FastUserSwitchingCompatibility - ok
07:52:32.0500 0x0448 [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax C:\WINDOWS\system32\fxssvc.exe
07:52:32.0500 0x0448 Fax - ok
07:52:32.0531 0x0448 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
07:52:32.0531 0x0448 Fdc - ok
07:52:32.0578 0x0448 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:52:32.0578 0x0448 Fips - ok
07:52:32.0609 0x0448 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:52:32.0609 0x0448 Flpydisk - ok
07:52:32.0656 0x0448 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
07:52:32.0656 0x0448 FltMgr - ok
07:52:32.0718 0x0448 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:52:32.0718 0x0448 FontCache3.0.0.0 - ok
07:52:32.0750 0x0448 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:52:32.0750 0x0448 Fs_Rec - ok
07:52:32.0812 0x0448 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:52:32.0812 0x0448 Ftdisk - ok
07:52:32.0859 0x0448 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:52:32.0859 0x0448 Gpc - ok
07:52:32.0953 0x0448 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:52:32.0953 0x0448 gupdate - ok
07:52:32.0968 0x0448 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:52:32.0984 0x0448 gupdatem - ok
07:52:33.0031 0x0448 [ C818B973110A1C9F7763DD39BFFD0FD3, 2896295427691625242623A2ABA9C21462ADE2B9C9052455AA592EF46257B59C ] hardlock C:\WINDOWS\system32\drivers\hardlock.sys
07:52:33.0031 0x0448 hardlock - ok
07:52:33.0062 0x0448 [ 2DD25F060DC9F79B5CDF33D90ED93669, 1095E091B1F42E04B054478E029D166990A375D27E9B9D0D1170F35536462C8E ] Haspnt C:\WINDOWS\system32\drivers\Haspnt.sys
07:52:33.0062 0x0448 Haspnt - ok
07:52:33.0140 0x0448 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:52:33.0140 0x0448 helpsvc - ok
07:52:33.0187 0x0448 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
07:52:33.0203 0x0448 HidServ - ok
07:52:33.0234 0x0448 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:52:33.0234 0x0448 HidUsb - ok
07:52:33.0281 0x0448 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:52:33.0281 0x0448 hkmsvc - ok
07:52:33.0296 0x0448 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
07:52:33.0296 0x0448 hpn - ok
07:52:33.0328 0x0448 [ 2A8A2AA68185B47632188F1A8BE44170, 1CA6799283A0F35B8755958C15E82FCAEDEF0D015F41A08C659208671E15B5FC ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
07:52:33.0328 0x0448 HPZid412 - ok
07:52:33.0359 0x0448 [ 0A520679B0AD3F438E88B746D0C5BA6C, 292B4029DBF80BF29819E786934B0D759D084928FEEFB6DE24F65729F3B614D2 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
07:52:33.0359 0x0448 HPZipr12 - ok
07:52:33.0390 0x0448 [ 1D53F2B2051A3FCE2C8EF0E01B042E25, D2FCE6EDEAE2EC56174228EC03320F30F0DFABFD3880750B1DF9BC0353F318AA ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
07:52:33.0390 0x0448 HPZius12 - ok
07:52:33.0453 0x0448 [ 77E4FF0B73BC0AEAAF39BF0C8104231F, A5D35FCD9E52003D990EB97DF1634DE9B516647C8DAAD3152550CD875DBBDA82 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
07:52:33.0468 0x0448 HSFHWBS2 - ok
07:52:33.0531 0x0448 [ 60E1604729A15EF4A3B05F298427B3B1, 139DE473F645A300DD436B4AA8359A23FCE3BB9688B6B597E89F8ADBC36A71B9 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
07:52:33.0562 0x0448 HSF_DP - ok
07:52:33.0625 0x0448 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:52:33.0640 0x0448 HTTP - ok
07:52:33.0671 0x0448 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:52:33.0671 0x0448 HTTPFilter - ok
07:52:33.0718 0x0448 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
07:52:33.0718 0x0448 i2omgmt - ok
07:52:33.0718 0x0498 Object required for P2P: [ D580A66587595A26EE6C6DD302D70BB7 ] AVGIDSAgent
07:52:33.0765 0x0448 [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:52:33.0765 0x0448 i2omp - ok
07:52:33.0875 0x0448 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:52:33.0875 0x0448 i8042prt - ok
07:52:33.0984 0x0448 [ 9A883C3C4D91292C0D09DE7C728E781C, 34DD9E781C42FF55BF83F62DFE7B0F4FE3CAEF19B517245BA004C2C641493A98 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:52:34.0031 0x0448 ialm - ok
07:52:34.0140 0x0448 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:52:34.0171 0x0448 idsvc - ok
07:52:34.0203 0x0448 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:52:34.0218 0x0448 Imapi - ok
07:52:34.0250 0x0448 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
07:52:34.0265 0x0448 ImapiService - ok
07:52:34.0296 0x0448 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:52:34.0296 0x0448 ini910u - ok
07:52:34.0343 0x0448 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
07:52:34.0343 0x0448 IntelIde - ok
07:52:34.0390 0x0448 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:52:34.0390 0x0448 intelppm - ok
07:52:34.0421 0x0448 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
07:52:34.0421 0x0448 Ip6Fw - ok
07:52:34.0468 0x0448 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:52:34.0468 0x0448 IpFilterDriver - ok
07:52:34.0500 0x0448 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:52:34.0500 0x0448 IpInIp - ok
07:52:34.0531 0x0448 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:52:34.0546 0x0448 IpNat - ok
07:52:34.0562 0x0448 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:52:34.0578 0x0448 IPSec - ok
07:52:34.0609 0x0448 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:52:34.0609 0x0448 IRENUM - ok
07:52:34.0656 0x0448 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:52:34.0656 0x0448 isapnp - ok
07:52:34.0671 0x0448 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:52:34.0671 0x0448 Kbdclass - ok
07:52:34.0718 0x0448 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:52:34.0718 0x0448 kbdhid - ok
07:52:34.0750 0x0448 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:52:34.0750 0x0448 kmixer - ok
07:52:34.0781 0x0448 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:52:34.0796 0x0448 KSecDD - ok
07:52:34.0843 0x0448 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
07:52:34.0843 0x0448 lanmanserver - ok
07:52:34.0906 0x0448 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:52:34.0906 0x0448 lanmanworkstation - ok
07:52:34.0921 0x0448 lbrtfdc - ok
07:52:34.0968 0x0448 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:52:34.0968 0x0448 LmHosts - ok
07:52:35.0031 0x0448 [ E2C45D8E17B7599AD665146B1E19CA57, 7B3B6379E21130D5259691968B5B8D71E215F73F2775494A69D87CAA76D91297 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
07:52:35.0031 0x0448 mbamchameleon - ok
07:52:35.0062 0x0448 [ EEAEA6514BA7C9D273B5E87C4E1AAB30, 3B724C6A8867B1B7A45D832150E0CFAC1004D3B972A2A7BFDD2ADDDB2488BB1E ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:52:35.0062 0x0448 mdmxsdk - ok
07:52:35.0109 0x0448 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:52:35.0109 0x0448 Messenger - ok
07:52:35.0140 0x0448 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:52:35.0140 0x0448 mnmdd - ok
07:52:35.0171 0x0448 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:52:35.0171 0x0448 mnmsrvc - ok
07:52:35.0218 0x0448 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:52:35.0234 0x0448 Modem - ok
07:52:35.0265 0x0448 [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
07:52:35.0281 0x0448 MODEMCSA - ok
07:52:35.0281 0x0448 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:52:35.0296 0x0448 Mouclass - ok
07:52:35.0328 0x0448 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:52:35.0328 0x0448 mouhid - ok
07:52:35.0359 0x0448 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:52:35.0359 0x0448 MountMgr - ok
07:52:35.0437 0x0448 [ C34AB4280614658903BE848CE79ACDB5, 9A943D9B3CF941DAE4EA4E2771B5EC5DA37AB16AD43095EF092B4259D62FF810 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:52:35.0437 0x0448 MozillaMaintenance - ok
07:52:35.0468 0x0448 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:52:35.0484 0x0448 mraid35x - ok
07:52:35.0515 0x0448 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:52:35.0515 0x0448 MRxDAV - ok
07:52:35.0593 0x0448 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:52:35.0593 0x0448 MRxSmb - ok
07:52:35.0625 0x0448 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:52:35.0625 0x0448 MSDTC - ok
07:52:35.0671 0x0448 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:52:35.0671 0x0448 Msfs - ok
07:52:35.0687 0x0448 MSIServer - ok
07:52:35.0718 0x0448 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:52:35.0718 0x0448 MSKSSRV - ok
07:52:35.0750 0x0448 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:52:35.0750 0x0448 MSPCLOCK - ok
07:52:35.0765 0x0448 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:52:35.0765 0x0448 MSPQM - ok
07:52:35.0796 0x0448 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:52:35.0812 0x0448 mssmbios - ok
07:52:35.0859 0x0448 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:52:35.0859 0x0448 Mup - ok
07:52:35.0921 0x0448 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:52:35.0921 0x0448 napagent - ok
07:52:35.0968 0x0448 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:52:35.0984 0x0448 NDIS - ok
07:52:36.0015 0x0448 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:52:36.0031 0x0448 NdisTapi - ok
07:52:36.0062 0x0448 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:52:36.0062 0x0448 Ndisuio - ok
07:52:36.0093 0x0448 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:52:36.0093 0x0448 NdisWan - ok
07:52:36.0140 0x0448 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:52:36.0140 0x0448 NDProxy - ok
07:52:36.0187 0x0448 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:52:36.0187 0x0448 NetBIOS - ok
07:52:36.0203 0x0448 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:52:36.0218 0x0448 NetBT - ok
07:52:36.0250 0x0448 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
07:52:36.0265 0x0448 NetDDE - ok
07:52:36.0281 0x0448 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:52:36.0296 0x0448 NetDDEdsdm - ok


That is the first half.
Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Thu 29 Oct 2015, 11:50 pm

Her is the second half

--->

07:52:36.0328 0x0448 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:52:36.0328 0x0448 Netlogon - ok
07:52:36.0359 0x0448 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
07:52:36.0375 0x0448 Netman - ok
07:52:36.0468 0x0448 [ 02D0798F376FCBD0210EDA58476D0B1B, 7658BFBF216FC92C27A60D7E6FF105E89AF2C125519174F27AC73D2E9F397E4C ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
07:52:36.0484 0x0448 NetSvc - ok
07:52:36.0515 0x0448 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:52:36.0515 0x0448 NetTcpPortSharing - ok
07:52:36.0562 0x0448 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
07:52:36.0578 0x0448 Nla - ok
07:52:36.0593 0x0498 Object send P2P result: true
07:52:36.0625 0x0448 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:52:36.0640 0x0448 Npfs - ok
07:52:36.0671 0x0448 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:52:36.0703 0x0448 Ntfs - ok
07:52:36.0718 0x0448 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:52:36.0718 0x0448 NtLmSsp - ok
07:52:36.0781 0x0448 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:52:36.0796 0x0448 NtmsSvc - ok
07:52:36.0828 0x0448 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
07:52:36.0828 0x0448 Null - ok
07:52:36.0953 0x0448 [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:52:37.0015 0x0448 nv - ok
07:52:37.0046 0x0448 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:52:37.0046 0x0448 NwlnkFlt - ok
07:52:37.0078 0x0448 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:52:37.0078 0x0448 NwlnkFwd - ok
07:52:37.0140 0x0448 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:52:37.0156 0x0448 ose - ok
07:52:37.0203 0x0448 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
07:52:37.0203 0x0448 Parport - ok
07:52:37.0218 0x0448 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:52:37.0218 0x0448 PartMgr - ok
07:52:37.0250 0x0448 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:52:37.0250 0x0448 ParVdm - ok
07:52:37.0265 0x0448 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:52:37.0265 0x0448 PCI - ok
07:52:37.0281 0x0448 PCIDump - ok
07:52:37.0312 0x0448 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:52:37.0328 0x0448 PCIIde - ok
07:52:37.0343 0x0448 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:52:37.0359 0x0448 Pcmcia - ok
07:52:37.0375 0x0448 PDCOMP - ok
07:52:37.0390 0x0448 PDFRAME - ok
07:52:37.0406 0x0448 PDRELI - ok
07:52:37.0421 0x0448 PDRFRAME - ok
07:52:37.0437 0x0448 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
07:52:37.0437 0x0448 perc2 - ok
07:52:37.0468 0x0448 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:52:37.0468 0x0448 perc2hib - ok
07:52:37.0531 0x0448 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
07:52:37.0531 0x0448 PlugPlay - ok
07:52:37.0578 0x0448 [ 364E30F27BE1E6DED83E81C4DE93E808, 4C66D8B0654E87306291249CC95876F930AC490C77365B0A7FBACD1D6376A514 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
07:52:37.0593 0x0448 Pml Driver HPZ12 - ok
07:52:37.0609 0x0448 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:52:37.0609 0x0448 PolicyAgent - ok
07:52:37.0656 0x0448 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:52:37.0671 0x0448 PptpMiniport - ok
07:52:37.0671 0x0448 Profos - ok
07:52:37.0687 0x0448 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:52:37.0703 0x0448 ProtectedStorage - ok
07:52:37.0718 0x0448 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:52:37.0718 0x0448 PSched - ok
07:52:37.0750 0x0448 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:52:37.0750 0x0448 Ptilink - ok
07:52:37.0796 0x0448 [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:52:37.0796 0x0448 PxHelp20 - ok
07:52:37.0812 0x0448 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:52:37.0812 0x0448 ql1080 - ok
07:52:37.0843 0x0448 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:52:37.0843 0x0448 Ql10wnt - ok
07:52:37.0875 0x0448 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:52:37.0875 0x0448 ql12160 - ok
07:52:37.0906 0x0448 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:52:37.0906 0x0448 ql1240 - ok
07:52:37.0937 0x0448 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:52:37.0937 0x0448 ql1280 - ok
07:52:37.0984 0x0448 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:52:37.0984 0x0448 RasAcd - ok
07:52:38.0015 0x0448 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:52:38.0031 0x0448 RasAuto - ok
07:52:38.0062 0x0448 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:52:38.0062 0x0448 Rasl2tp - ok
07:52:38.0109 0x0448 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:52:38.0125 0x0448 RasMan - ok
07:52:38.0171 0x0448 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:52:38.0171 0x0448 RasPppoe - ok
07:52:38.0187 0x0448 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:52:38.0187 0x0448 Raspti - ok
07:52:38.0218 0x0448 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:52:38.0234 0x0448 Rdbss - ok
07:52:38.0250 0x0448 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:52:38.0250 0x0448 RDPCDD - ok
07:52:38.0296 0x0448 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:52:38.0312 0x0448 rdpdr - ok
07:52:38.0343 0x0448 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:52:38.0359 0x0448 RDPWD - ok
07:52:38.0390 0x0448 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:52:38.0390 0x0448 RDSessMgr - ok
07:52:38.0421 0x0448 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:52:38.0437 0x0448 redbook - ok
07:52:38.0468 0x0448 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:52:38.0468 0x0448 RemoteAccess - ok
07:52:38.0515 0x0448 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
07:52:38.0531 0x0448 RpcLocator - ok
07:52:38.0562 0x0448 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
07:52:38.0578 0x0448 RpcSs - ok
07:52:38.0625 0x0448 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:52:38.0640 0x0448 RSVP - ok
07:52:38.0671 0x0448 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
07:52:38.0671 0x0448 SamSs - ok
07:52:38.0718 0x0448 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:52:38.0718 0x0448 SCardSvr - ok
07:52:38.0765 0x0448 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:52:38.0765 0x0448 Schedule - ok
07:52:38.0812 0x0448 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:52:38.0812 0x0448 Secdrv - ok
07:52:38.0859 0x0448 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:52:38.0859 0x0448 seclogon - ok
07:52:38.0937 0x0448 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8, E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
07:52:38.0968 0x0448 senfilt - ok
07:52:39.0015 0x0448 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
07:52:39.0015 0x0448 SENS - ok
07:52:39.0078 0x0448 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
07:52:39.0078 0x0448 serenum - ok
07:52:39.0093 0x0448 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
07:52:39.0093 0x0448 Serial - ok
07:52:39.0156 0x0448 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:52:39.0156 0x0448 Sfloppy - ok
07:52:39.0203 0x0448 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:52:39.0218 0x0448 SharedAccess - ok
07:52:39.0250 0x0448 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:52:39.0265 0x0448 ShellHWDetection - ok
07:52:39.0281 0x0448 Simbad - ok
07:52:39.0312 0x0448 [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:52:39.0312 0x0448 sisagp - ok
07:52:39.0375 0x0448 [ 0066FF77AEB4AE70066F7E94D5A6D866, 5067FC7F71FD3D1AFF4173D6379EF85DCB2B6B5588897430F3B440F3BB85D967 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
07:52:39.0390 0x0448 smwdm - ok
07:52:39.0421 0x0448 [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:52:39.0421 0x0448 Sparrow - ok
07:52:39.0453 0x0448 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:52:39.0453 0x0448 splitter - ok
07:52:39.0500 0x0448 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:52:39.0515 0x0448 Spooler - ok
07:52:39.0546 0x0448 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:52:39.0562 0x0448 sr - ok
07:52:39.0609 0x0448 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
07:52:39.0609 0x0448 srservice - ok
07:52:39.0671 0x0448 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:52:39.0687 0x0448 Srv - ok
07:52:39.0718 0x0448 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:52:39.0718 0x0448 SSDPSRV - ok
07:52:39.0781 0x0448 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:52:39.0781 0x0448 stisvc - ok
07:52:39.0828 0x0448 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:52:39.0828 0x0448 swenum - ok
07:52:39.0859 0x0448 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:52:39.0859 0x0448 swmidi - ok
07:52:39.0875 0x0448 SwPrv - ok
07:52:39.0906 0x0448 [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
07:52:39.0906 0x0448 symc810 - ok
07:52:39.0921 0x0448 [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:52:39.0921 0x0448 symc8xx - ok
07:52:39.0953 0x0448 [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:52:39.0953 0x0448 sym_hi - ok
07:52:39.0984 0x0448 [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:52:39.0984 0x0448 sym_u3 - ok
07:52:40.0015 0x0448 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:52:40.0015 0x0448 sysaudio - ok
07:52:40.0062 0x0448 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:52:40.0062 0x0448 SysmonLog - ok
07:52:40.0093 0x0448 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:52:40.0109 0x0448 TapiSrv - ok
07:52:40.0171 0x0448 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:52:40.0171 0x0448 Tcpip - ok
07:52:40.0218 0x0448 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:52:40.0218 0x0448 TDPIPE - ok
07:52:40.0250 0x0448 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:52:40.0250 0x0448 TDTCP - ok
07:52:40.0281 0x0448 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:52:40.0296 0x0448 TermDD - ok
07:52:40.0343 0x0448 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
07:52:40.0359 0x0448 TermService - ok
07:52:40.0390 0x0448 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
07:52:40.0390 0x0448 Themes - ok
07:52:40.0421 0x0448 [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
07:52:40.0421 0x0448 TosIde - ok
07:52:40.0484 0x0448 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:52:40.0484 0x0448 TrkWks - ok
07:52:40.0500 0x0448 Trufos - ok
07:52:40.0531 0x0448 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:52:40.0531 0x0448 Udfs - ok
07:52:40.0562 0x0448 [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
07:52:40.0562 0x0448 ultra - ok
07:52:40.0625 0x0448 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:52:40.0640 0x0448 Update - ok
07:52:40.0687 0x0448 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
07:52:40.0687 0x0448 upnphost - ok
07:52:40.0718 0x0448 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
07:52:40.0718 0x0448 UPS - ok
07:52:40.0750 0x0448 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:52:40.0750 0x0448 usbccgp - ok
07:52:40.0781 0x0448 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:52:40.0781 0x0448 usbehci - ok
07:52:40.0828 0x0448 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:52:40.0828 0x0448 usbhub - ok
07:52:40.0859 0x0448 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:52:40.0859 0x0448 usbprint - ok
07:52:40.0906 0x0448 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:52:40.0906 0x0448 usbscan - ok
07:52:40.0921 0x0448 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:52:40.0937 0x0448 USBSTOR - ok
07:52:40.0953 0x0448 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:52:40.0953 0x0448 usbuhci - ok
07:52:41.0000 0x0448 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:52:41.0000 0x0448 VgaSave - ok
07:52:41.0031 0x0448 [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:52:41.0046 0x0448 viaagp - ok
07:52:41.0062 0x0448 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
07:52:41.0062 0x0448 ViaIde - ok
07:52:41.0109 0x0448 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:52:41.0109 0x0448 VolSnap - ok
07:52:41.0171 0x0448 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
07:52:41.0171 0x0448 VSS - ok
07:52:41.0234 0x0448 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time C:\WINDOWS\system32\w32time.dll
07:52:41.0234 0x0448 w32time - ok
07:52:41.0265 0x0448 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:52:41.0265 0x0448 Wanarp - ok
07:52:41.0312 0x0448 [ 0A716C08CB13C3A8F4F51E882DBF7416, 66FFDC9151CB3676B5DF073431DE055E7F2CDA5722F7EAAC6EC45F2CF9910882 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
07:52:41.0312 0x0448 wanatw - ok
07:52:41.0328 0x0448 WDICA - ok
07:52:41.0375 0x0448 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:52:41.0375 0x0448 wdmaud - ok
07:52:41.0421 0x0448 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
07:52:41.0421 0x0448 WebClient - ok
07:52:41.0468 0x0448 [ F59ED5A43B988A18EF582BB07B2327A7, E870821C9C4E31D3B05049FBA5D81358F9C30E6A67F600D4EA3A5736CA344028 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:52:41.0500 0x0448 winachsf - ok
07:52:41.0609 0x0448 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:52:41.0609 0x0448 winmgmt - ok
07:52:41.0687 0x0448 [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM C:\WINDOWS\system32\WsmSvc.dll
07:52:41.0734 0x0448 WinRM - ok
07:52:41.0812 0x0448 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
07:52:41.0812 0x0448 WmdmPmSN - ok
07:52:41.0875 0x0448 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:52:41.0875 0x0448 WmiApSrv - ok
07:52:41.0968 0x0448 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
07:52:42.0015 0x0448 WMPNetworkSvc - ok
07:52:42.0093 0x0448 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:52:42.0125 0x0448 WPFFontCache_v0400 - ok
07:52:42.0156 0x0448 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:52:42.0156 0x0448 WS2IFSL - ok
07:52:42.0203 0x0448 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:52:42.0203 0x0448 wscsvc - ok
07:52:42.0218 0x0448 WSearch - ok
07:52:42.0250 0x0448 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:52:42.0250 0x0448 wuauserv - ok
07:52:42.0296 0x0448 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:52:42.0296 0x0448 WudfPf - ok
07:52:42.0312 0x0448 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:52:42.0312 0x0448 WudfRd - ok
07:52:42.0343 0x0448 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
07:52:42.0343 0x0448 WudfSvc - ok
07:52:42.0406 0x0448 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:52:42.0421 0x0448 WZCSVC - ok
07:52:42.0468 0x0448 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:52:42.0484 0x0448 xmlprov - ok
07:52:42.0500 0x0448 ================ Scan global ===============================
07:52:42.0546 0x0448 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
07:52:42.0593 0x0448 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
07:52:42.0640 0x0448 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
07:52:42.0671 0x0448 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
07:52:42.0671 0x0448 [ Global ] - ok
07:52:42.0671 0x0448 ================ Scan MBR ==================================
07:52:42.0703 0x0448 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
07:52:42.0937 0x0448 \Device\Harddisk0\DR0 - ok
07:52:42.0937 0x0448 ================ Scan VBR ==================================
07:52:42.0937 0x0448 [ 28F3B8167AB8A1E39B6D0439A28D2719 ] \Device\Harddisk0\DR0\Partition1
07:52:42.0953 0x0448 \Device\Harddisk0\DR0\Partition1 - ok
07:52:42.0953 0x0448 ================ Scan generic autorun ======================
07:52:43.0046 0x0448 [ 10247C15D999CC116C87DA36BD0AD64D, C2F0EE62505690DD7A11E08B555C522843B9A0902E05A6A75EB6FFFF3654606A ] C:\Program Files\Analog Devices\Core\smax4pnp.exe
07:52:43.0093 0x0448 SoundMAXPnP - ok
07:52:43.0140 0x0448 [ B3E3C57FD22E71CE20389372D972C6DC, 846996C47292E8AFA553C4792F2C3DC4ABBB2396E4EB71499408DAE1C72F682A ] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
07:52:43.0140 0x0448 DVDLauncher - ok
07:52:43.0187 0x0448 [ C341CCFBE98BC7DF6E0B856BB9FC265A, 7EA0A5407591EC8D97A9658DBEB7CB57550E143C526C3502E73F12FEF46F778C ] C:\Program Files\QuickTime\qttask.exe
07:52:43.0187 0x0448 QuickTime Task - ok
07:52:43.0250 0x0448 [ 9E109B03018763FDCB075CE74547BE22, 7321873E646F24B63B7C88B6BC9F4BE5D4DAB60284A9C2E9F0EB895A9E90231B ] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
07:52:43.0265 0x0448 ISUSPM Startup - ok
07:52:43.0296 0x0448 [ 583B7D111304BE63D7D9CB65482D2187, BD9618C9EFED73BC0EB1029502FE0AE0AECD8B0ABA506797C78327E71FF0FC0F ] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
07:52:43.0296 0x0448 ISUSScheduler - ok
07:52:43.0359 0x0448 [ 526874EFE8D1F0EC1B7BBB87D5C433E6, 1F4EA90C74EAEABA632F3528884D670AAA1D58F0B14F5A30C7D5BDCE4E76422C ] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
07:52:43.0359 0x0448 DMXLauncher - ok
07:52:43.0390 0x0448 [ 3F2C8DD08549BB3419CDA372F5999FFA, D2AF3C3BD950A027094034B40C6F81BE966A557F9BD403D3D10E3D0D31CF8A76 ] C:\WINDOWS\system32\igfxtray.exe
07:52:43.0406 0x0448 igfxtray - ok
07:52:43.0421 0x0448 [ 01018F75F3F18CE629FAC9689954A2AE, F10802A5DEE4527B34939A5FF77B6B3184F7A2FF2963DE6C872C85C25233C7CF ] C:\WINDOWS\system32\hkcmd.exe
07:52:43.0421 0x0448 igfxhkcmd - ok
07:52:43.0453 0x0448 [ 996ABAC2332DE28F3B6A179C6DA20205, D9E7D690400FA5816555A1030BB39CC9DC3C5EF195A44085B072BEF5EDA7A67A ] C:\WINDOWS\system32\igfxpers.exe
07:52:43.0453 0x0448 igfxpers - ok
07:52:43.0531 0x0448 [ 01CA06B4A25EE7832D8959667D4FD42D, C6F288677575085C623F70020B1908AD164A05698DCFA724E8C143791483CE1C ] C:\Program Files\Common Files\AOL\1150313312\ee\AOLSoftware.exe
07:52:43.0531 0x0448 HostManager - ok
07:52:43.0625 0x0448 [ 1AC2C58B587C70DE64582AD41EE79FBA, 6CCA4B7A839E75AB7C5C8ACD20DF66A9570FD9EEDC5F24C537D1C269E22E22B8 ] C:\Program Files\Common Files\Real\Update_OB\realsched.exe
07:52:43.0625 0x0448 TkBellExe - ok
07:52:43.0687 0x0448 [ B361E86404522CEFFEBFB9D24ED4E7B5, D2FBE9D04059EB7497773D4D333D86B9543ECAC05348A1A0B7D01ECC571F1FC1 ] C:\Program Files\Mouse Driver\MouseDrv.exe
07:52:43.0703 0x0448 CreativeMouse - ok
07:52:43.0796 0x0448 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
07:52:43.0828 0x0448 Adobe ARM - ok
07:52:43.0921 0x0448 [ 2D9CE5DDE52CEEA539E0DD20735A0797, 258D81DE33DD37FC044E56D50BB8DD338AB9534A736C9A41640B038C65DE213D ] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
07:52:43.0921 0x0448 HPDJ Taskbar Utility - ok
07:52:43.0953 0x0448 KernelFaultCheck - ok
07:52:44.0000 0x0448 [ FCEC6F664FA7E5FE323165FBC9314470, 4E5AB1E6C3D2881D95E74F2F28649A7DBC4919CA249829A0E4CD9804E401A025 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
07:52:44.0031 0x0448 SunJavaUpdateSched - ok
07:52:44.0171 0x0448 [ 69E6AA230410AF75DE5C81B77C63BBDF, 56D6B2823695EA116FBEB3F3F49FC1023359528BF6377069D7E320EC28AE6561 ] C:\Program Files\AVG\Framework\Common\avguix.exe
07:52:44.0203 0x0448 AvgUi - ok
07:52:44.0484 0x0448 [ 2C2B353AF7F1EFC451988E14E2380B48, 5F4B98C1CFFFF8E334B48080E2A25C69F69CC3FBFA5F339E9C359BE1EEFD6CB5 ] C:\Program Files\AVG\Av\avgui.exe
07:52:44.0593 0x0448 AVG_UI - ok
07:52:44.0671 0x0448 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
07:52:44.0671 0x0448 ctfmon.exe - ok
07:52:44.0984 0x0448 [ 2E4EE47FBD9BB663A5220DBC38579986, 264A48ADA13FEC6F49F34C3118ABFFEEB569B631E9EE35168FE19DE78AF9C7C8 ] C:\Program Files\CCleaner\CCleaner.exe
07:52:45.0125 0x0448 CCleaner Monitoring - ok
07:52:45.0187 0x0448 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
07:52:45.0187 0x0448 ctfmon.exe - ok
07:52:45.0187 0x0448 Waiting for KSN requests completion. In queue: 251
07:52:46.0187 0x0448 Waiting for KSN requests completion. In queue: 251
07:52:47.0187 0x0448 Waiting for KSN requests completion. In queue: 251
07:52:47.0718 0x0b90 Object required for P2P: [ 2C2B353AF7F1EFC451988E14E2380B48 ] C:\Program Files\AVG\Av\avgui.exe
07:52:48.0187 0x0448 Waiting for KSN requests completion. In queue: 4
07:52:49.0187 0x0448 Waiting for KSN requests completion. In queue: 4
07:52:50.0187 0x0448 Waiting for KSN requests completion. In queue: 4
07:52:50.0453 0x0b90 Object send P2P result: true
07:52:51.0234 0x0448 AV detected via SS1: Defender Pro Antivirus, 12.0, disabled, updated
07:52:51.0234 0x0448 AV detected via SS1: AVG AntiVirus Free Edition, 2016.0, enabled, updated
07:52:51.0234 0x0448 FW detected via SS1: AVG Internet Security 2015, 2015.0, disabled
07:52:51.0234 0x0448 FW detected via SS1: Defender Pro Firewall, 12.0, enabled
07:52:53.0703 0x0448 ============================================================
07:52:53.0703 0x0448 Scan finished
07:52:53.0703 0x0448 ============================================================
07:52:53.0718 0x0468 Detected object count: 0
07:52:53.0718 0x0468 Actual detected object count: 0
07:53:18.0890 0x0fb4 Deinitialize success


Thanks, Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Fri 30 Oct 2015, 5:26 am

I don't know what "MCU" stands for, so I can not answer that.
You can find out by going to Start, All Programs and see if you can start MCU from there. If you didn't install it or want it you should uninstall it.
It keeps telling me that the post is to large to post, when I try to post the results of the "Kdsskiller"
Any large logs may have to be split into two or more posts.
Please let me know if there is any change?

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Sat 31 Oct 2015, 10:33 pm

I went to Start, All Programs, I looked through everything, and I don't see anything MCU, or anything with the initials MCU.

My pc seems to be running good again. Thank you!!!

I will go and try to reinstall the AVG, and see if I can get the whole thing this time. I will let you know how it goes.

Thanks again! Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Fri 06 Nov 2015, 11:53 pm

Since doing all this work on my PC, I have lost the volume to my speakers. I have checked everything I can think of, but no luck. I also don't have the speaker icon on my task bar anymore. When I turn on my speakers, they make the normal pop sound when I turn them on, but nothing else.

Any idea's how to get them back?

Thanks, Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Sat 07 Nov 2015, 3:47 am

Go into Device Manager and see if there are any yellow warnings anywhere. Did you check all your connections.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Mon 16 Nov 2015, 3:03 am

Sorry, I have been busy with my wife in and out of the hospital.
I went into the sounds and audio devices, in the control panel. I do not see any yellow warnings any where.

I have removed my desk top speakers, and replaced them with another set, and still no sounds. I have been trying to watch some you tube video's to repair something, but I get no sound.

I keep getting the same 28 virus's every time I run my AVG. My pc is slow to open a site, and I get "Not responding" all the time again. It's constant stop, and go when on any internet site.

Thanks, Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Mon 16 Nov 2015, 5:18 am

You need to get into the Device Manager to see if there is anything not correct on your computer. Right-click on My Computer, select Manage and click on Device Manager.
What browser are you using?
Please download, install and run a scan with MSE (below) to see if it finds anything.


MicroSoft Security Essentials All versions and all languages.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Tue 17 Nov 2015, 2:10 am

I found the "Device Manager" you wanted me to check. I see no yellow warnings any where in there.

I am running XP Home, it won't down load any of the "MSE" on to XP.

Thanks, Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Tue 17 Nov 2015, 6:10 am

Ok, Please try this one.

Avira AntiVir Personal

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Sat 21 Nov 2015, 10:45 pm

I down loaded Avira  antivirus, and ran it.

Here's the report --->

Free Antivirus
Report file date: Thursday, November 19, 2015  11:17


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Antivirus Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Microsoft Windows XP
Windows version : (Service Pack 3)  [5.1.2600]
Boot mode       : Normally booted
Username        : ann summers
Computer name   : DFSVF091

Version information:
BUILD.DAT       : 15.0.13.210    92152 Bytes   10/5/2015 15:51:00
AVSCAN.EXE      : 15.0.13.202  1183208 Bytes  11/19/2015 14:33:57
AVSCANRC.DLL    : 15.0.13.158    57912 Bytes  11/19/2015 14:33:57
LUKE.DLL        : 15.0.13.190    69248 Bytes  11/19/2015 14:34:27
AVSCPLR.DLL     : 15.0.13.202   106352 Bytes  11/19/2015 14:33:57
REPAIR.DLL      : 15.0.13.193   517328 Bytes  11/19/2015 14:33:55
REPAIR.RDF      : 1.0.12.16    1329930 Bytes  11/19/2015 14:36:05
AVREG.DLL       : 15.0.13.193   339632 Bytes  11/19/2015 14:33:55
AVLODE.DLL      : 15.0.13.193   633688 Bytes  11/19/2015 14:33:53
AVLODE.RDF      : 14.0.5.6       84211 Bytes  11/19/2015 14:33:38
XBV00029.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00030.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00031.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00032.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00033.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00034.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00035.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00036.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00037.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00038.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00039.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00040.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00041.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 20:05:46
XBV00068.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:05
XBV00069.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:05
XBV00070.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:05
XBV00071.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00072.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00073.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00074.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00075.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00076.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00077.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00078.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00079.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00080.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:06
XBV00081.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:07
XBV00082.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:07
XBV00083.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:07
XBV00084.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:07
XBV00085.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:07
XBV00086.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:07
XBV00087.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:07
XBV00088.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:08
XBV00089.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:08
XBV00090.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:08
XBV00091.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:08
XBV00092.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:08
XBV00093.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:08
XBV00094.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:08
XBV00095.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00096.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00097.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00098.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00099.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00100.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00101.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00102.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00103.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00104.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00105.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:09
XBV00106.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00107.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00108.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00109.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00110.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00111.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00112.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00113.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00114.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:10
XBV00115.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00116.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00117.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00118.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00119.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00120.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00121.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00122.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00123.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00124.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:11
XBV00125.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:12
XBV00126.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:12
XBV00127.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:12
XBV00128.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:12
XBV00129.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:12
XBV00130.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:13
XBV00131.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:13
XBV00132.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:13
XBV00133.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:13
XBV00134.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:13
XBV00135.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:13
XBV00136.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:14
XBV00137.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:14
XBV00138.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:14
XBV00139.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:14
XBV00140.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:14
XBV00141.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:14
XBV00142.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:15
XBV00143.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:15
XBV00144.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:15
XBV00145.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:15
XBV00146.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:15
XBV00147.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:15
XBV00148.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:15
XBV00149.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00150.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00151.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00152.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00153.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00154.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00155.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00156.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00157.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:16
XBV00158.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00159.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00160.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00161.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00162.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00163.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00164.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00165.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00166.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:17
XBV00167.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00168.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00169.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00170.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00171.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00172.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00173.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00174.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00175.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:18
XBV00176.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00177.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00178.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00179.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00180.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00181.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00182.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00183.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00184.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:19
XBV00185.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00186.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00187.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00188.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00189.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00190.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00191.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00192.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00193.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00194.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00195.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:20
XBV00196.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00197.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00198.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00199.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00200.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00201.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00202.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00203.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00204.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00205.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00206.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00207.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:21
XBV00208.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:22
XBV00209.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:22
XBV00210.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:22
XBV00211.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:22
XBV00212.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:22
XBV00213.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:22
XBV00214.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00215.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00216.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00217.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00218.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00219.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00220.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00221.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00222.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00223.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00224.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:23
XBV00225.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00226.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00227.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00228.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00229.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00230.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00231.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00232.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00233.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00234.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:24
XBV00235.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00236.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00237.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00238.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00239.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00240.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00241.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00242.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00243.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:25
XBV00244.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00245.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00246.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00247.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00248.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00249.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00250.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00251.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:26
XBV00252.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:27
XBV00253.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:27
XBV00254.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:27
XBV00255.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 14:35:27
XBV00000.VDF    : 7.11.70.0   66736640 Bytes    4/4/2013 20:05:46
XBV00001.VDF    : 7.11.74.226  2201600 Bytes   4/30/2013 20:05:46
XBV00002.VDF    : 7.11.80.60   2751488 Bytes   5/28/2013 20:05:46
XBV00003.VDF    : 7.11.85.214  2162688 Bytes   6/21/2013 20:05:46
XBV00004.VDF    : 7.11.91.176  3903488 Bytes   7/23/2013 20:05:46
XBV00005.VDF    : 7.11.98.186  6822912 Bytes   8/29/2013 20:05:46
XBV00006.VDF    : 7.11.139.38 15708672 Bytes   3/27/2014 20:05:46
XBV00007.VDF    : 7.11.152.100  4193792 Bytes    6/2/2014 20:05:46
XBV00008.VDF    : 8.11.165.192  4251136 Bytes    8/7/2014 20:05:46
XBV00009.VDF    : 8.11.172.30  2094080 Bytes   9/15/2014 20:05:46
XBV00010.VDF    : 8.11.178.32  1581056 Bytes  10/14/2014 20:05:46
XBV00011.VDF    : 8.11.184.50  2178560 Bytes  11/11/2014 20:05:46
XBV00012.VDF    : 8.11.190.32  1876992 Bytes   12/3/2014 20:05:46
XBV00013.VDF    : 8.11.201.28  2973696 Bytes   1/14/2015 20:05:46
XBV00014.VDF    : 8.11.206.252  2695680 Bytes    2/4/2015 20:05:46
XBV00015.VDF    : 8.11.213.84  3175936 Bytes    3/3/2015 20:05:46
XBV00016.VDF    : 8.11.213.176   212480 Bytes    3/5/2015 20:05:46
XBV00017.VDF    : 8.11.219.166  2033664 Bytes   3/25/2015 20:05:46
XBV00018.VDF    : 8.11.225.88  2367488 Bytes   4/22/2015 14:34:38
XBV00019.VDF    : 8.11.230.186  1674752 Bytes   5/13/2015 14:34:39
XBV00020.VDF    : 8.11.237.30  4711936 Bytes    6/2/2015 14:34:44
XBV00021.VDF    : 8.11.243.12  2747904 Bytes   6/26/2015 14:34:46
XBV00022.VDF    : 8.11.248.172  2350592 Bytes   7/17/2015 14:34:49
XBV00023.VDF    : 8.11.254.112  2570752 Bytes    8/7/2015 14:34:51
XBV00024.VDF    : 8.12.3.6     2196480 Bytes   8/27/2015 14:34:53
XBV00025.VDF    : 8.12.8.238   1951232 Bytes   9/16/2015 14:34:55
XBV00026.VDF    : 8.12.16.180  2211328 Bytes   10/7/2015 14:34:58
XBV00027.VDF    : 8.12.21.126  2252288 Bytes  10/27/2015 14:35:00
XBV00028.VDF    : 8.12.28.114  2935296 Bytes  11/17/2015 14:35:03
XBV00042.VDF    : 8.12.28.118    33792 Bytes  11/17/2015 14:35:03
XBV00043.VDF    : 8.12.28.122    39424 Bytes  11/17/2015 14:35:03
XBV00044.VDF    : 8.12.28.124     2048 Bytes  11/18/2015 14:35:03
XBV00045.VDF    : 8.12.28.128    51712 Bytes  11/18/2015 14:35:03
XBV00046.VDF    : 8.12.28.130     2048 Bytes  11/18/2015 14:35:04
XBV00047.VDF    : 8.12.28.132    14336 Bytes  11/18/2015 14:35:04
XBV00048.VDF    : 8.12.28.158    10752 Bytes  11/18/2015 14:35:04
XBV00049.VDF    : 8.12.28.184     5632 Bytes  11/18/2015 14:35:04
XBV00050.VDF    : 8.12.28.210     3584 Bytes  11/18/2015 14:35:04
XBV00051.VDF    : 8.12.28.236    10240 Bytes  11/18/2015 14:35:04
XBV00052.VDF    : 8.12.29.6      27136 Bytes  11/18/2015 14:35:04
XBV00053.VDF    : 8.12.29.8       3072 Bytes  11/18/2015 14:35:04
XBV00054.VDF    : 8.12.29.10     15360 Bytes  11/18/2015 14:35:04
XBV00055.VDF    : 8.12.29.12      2048 Bytes  11/18/2015 14:35:04
XBV00056.VDF    : 8.12.29.14      2048 Bytes  11/18/2015 14:35:04
XBV00057.VDF    : 8.12.29.16     13312 Bytes  11/18/2015 14:35:04
XBV00058.VDF    : 8.12.29.18      2048 Bytes  11/18/2015 14:35:04
XBV00059.VDF    : 8.12.29.20     15360 Bytes  11/18/2015 14:35:04
XBV00060.VDF    : 8.12.29.22      6144 Bytes  11/18/2015 14:35:05
XBV00061.VDF    : 8.12.29.24      6144 Bytes  11/18/2015 14:35:05
XBV00062.VDF    : 8.12.29.26     13312 Bytes  11/18/2015 14:35:05
XBV00063.VDF    : 8.12.29.28     15872 Bytes  11/18/2015 14:35:05
XBV00064.VDF    : 8.12.29.52     39424 Bytes  11/19/2015 14:35:05
XBV00065.VDF    : 8.12.29.72      8192 Bytes  11/19/2015 14:35:05
XBV00066.VDF    : 8.12.29.92     13824 Bytes  11/19/2015 14:35:05
XBV00067.VDF    : 8.12.29.112     2048 Bytes  11/19/2015 14:35:05
LOCAL000.VDF    : 8.12.29.112 145051136 Bytes  11/19/2015 14:41:05
Engine version  : 8.3.34.76
AEBB.DLL        : 8.1.3.0        59296 Bytes  11/19/2015 14:33:27
AECORE.DLL      : 8.3.9.0       249920 Bytes  11/19/2015 14:33:27
AEDROID.DLL     : 8.4.3.348    1800104 Bytes  11/19/2015 14:33:37
AEEMU.DLL       : 8.1.3.6       404328 Bytes  11/19/2015 14:33:28
AEEXP.DLL       : 8.4.2.134     277360 Bytes  11/19/2015 14:33:36
AEGEN.DLL       : 8.1.8.2       482424 Bytes  11/19/2015 14:33:28
AEHELP.DLL      : 8.3.2.6       284584 Bytes  11/19/2015 14:33:28
AEHEUR.DLL      : 8.1.4.2050   9894768 Bytes  11/19/2015 14:33:33
AEMOBILE.DLL    : 8.1.8.8       300968 Bytes  11/19/2015 14:33:37
AEOFFICE.DLL    : 8.3.1.56      408432 Bytes  11/19/2015 14:33:33
AEPACK.DLL      : 8.4.1.18      802880 Bytes  11/19/2015 14:33:34
AERDL.DLL       : 8.2.1.38      813928 Bytes  11/19/2015 14:33:34
AESBX.DLL       : 8.2.21.2     1629032 Bytes  11/19/2015 14:33:36
AESCN.DLL       : 8.3.4.0       141216 Bytes  11/19/2015 14:33:34
AESCRIPT.DLL    : 8.3.0.4       542632 Bytes  11/19/2015 14:33:35
AEVDF.DLL       : 8.3.2.4       141216 Bytes  11/19/2015 14:33:35
AVWINLL.DLL     : 15.0.13.158    29600 Bytes  11/19/2015 14:33:24
AVPREF.DLL      : 15.0.13.158    55864 Bytes  11/19/2015 14:33:55
AVREP.DLL       : 15.0.13.158   225320 Bytes  11/19/2015 14:33:55
AVARKT.DLL      : 15.0.13.158   232000 Bytes  11/19/2015 14:33:40
AVEVTLOG.DLL    : 15.0.13.190   202112 Bytes  11/19/2015 14:33:45
SQLITE3.DLL     : 15.0.13.158   461672 Bytes  11/19/2015 14:34:32
AVSMTP.DLL      : 15.0.13.158    82120 Bytes  11/19/2015 14:33:58
NETNT.DLL       : 15.0.13.158    18792 Bytes  11/19/2015 14:34:28
CommonImageRc.dll: 15.0.13.190  4308216 Bytes  11/19/2015 14:33:25
CommonTextRc.dll: 15.0.13.158    69760 Bytes  11/19/2015 14:33:25

Configuration settings for the scan:
Jobname.............................: Full scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Thursday, November 19, 2015  11:17

Start scanning boot sectors:
Boot sector 'HDD0(C:)'
   [INFO]      No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'rsmsink.exe' - '31' Module(s) have been scanned
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '62' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '101' Module(s) have been scanned
Scan process 'avcenter.exe' - '115' Module(s) have been scanned
Scan process 'firefox.exe' - '105' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'WPFFontCache_v0400.exe' - '15' Module(s) have been scanned
Scan process 'svchost.exe' - '93' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'mbam.exe' - '92' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'mbamservice.exe' - '46' Module(s) have been scanned
Scan process 'mbamscheduler.exe' - '33' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '66' Module(s) have been scanned
Scan process 'DLG.exe' - '23' Module(s) have been scanned
Scan process 'CCleaner.exe' - '40' Module(s) have been scanned
Scan process 'ctfmon.exe' - '27' Module(s) have been scanned
Scan process 'Avira.OE.Systray.exe' - '130' Module(s) have been scanned
Scan process 'avgnt.exe' - '102' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'hpztsb07.exe' - '20' Module(s) have been scanned
Scan process 'MouseDrv.exe' - '38' Module(s) have been scanned
Scan process 'AOLSoftware.exe' - '62' Module(s) have been scanned
Scan process 'igfxpers.exe' - '23' Module(s) have been scanned
Scan process 'hkcmd.exe' - '22' Module(s) have been scanned
Scan process 'DMXLauncher.exe' - '18' Module(s) have been scanned
Scan process 'issch.exe' - '11' Module(s) have been scanned
Scan process 'avguard.exe' - '89' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '20' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'AVG-Secure-Search-Update_0615piz.exe' - '44' Module(s) have been scanned
Scan process 'Explorer.EXE' - '112' Module(s) have been scanned
Scan process 'sched.exe' - '71' Module(s) have been scanned
Scan process 'spoolsv.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '167' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'lsass.exe' - '61' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'winlogon.exe' - '69' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '1720' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Mcam9\nhasp9.exe
 [DETECTION] Is the TR/Agent.126976.381 Trojan
C:\Mcam9\Common\testhasp.exe
 [DETECTION] Is the TR/Dropper.Gen Trojan

Beginning disinfection:
C:\Mcam9\Common\testhasp.exe
 [DETECTION] Is the TR/Dropper.Gen Trojan
 [NOTE]      The file was moved to the quarantine directory under the name '3b1090a1.qua'!
C:\Mcam9\nhasp9.exe
 [DETECTION] Is the TR/Agent.126976.381 Trojan
 [NOTE]      The file was moved to the quarantine directory under the name '4465a53f.qua'!


End of the scan: Thursday, November 19, 2015  14:31
Used time:  2:11:29 Hour(s)

The scan has been done completely.

  6794 Scanned directories
451683 Files were scanned
     2 Viruses and/or unwanted programs were found
     0 Files were classified as suspicious
     0 Files were deleted
     0 Viruses and unwanted programs were repaired
     2 Files were moved to quarantine
     0 Files were renamed
     0 Files cannot be scanned
451681 Files not concerned
 13455 Archives were scanned
     0 Warnings
     2 Notes
347354 Objects were scanned with rootkit scan
     0 Hidden objects were found


Thanks, Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Sat 21 Nov 2015, 10:52 pm

My computer seems to run good, but it still at times gives me "not responding".  It locked I have had to shut it off, and restart it twice, since I've run  Avira. But if I am not online doing something, it seems to run real good.

But still no sound.

Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Sun 22 Nov 2015, 5:34 am

Click on Start, Control Panel and double-click on Sounds and Audio devices. Click on the box for "place volume icon in the taskbar." Make sure your control is not muted and the volume control is up as far as it will go.
The other problem with page not loading could be an intermittent problem with your modem. Make sure all your cables are secure.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Tue 01 Dec 2015, 2:01 am

I have check the "Audio Devices" many times through out this, and it is has not, is not muted,and all volumes are to full. The "place volume in the task bar" has been check all along. It say's my desk stereo speakers are working, but they are not. When I do sound test on them, there is nothing.

I have stopped having the same 28 virus's, and it now shows the volume control in the task bar, but still no sound.

I checked all my connections, they are good. They also are new, I had fiber optic's installed in the spring and they replaced everything. But I still checked them.

Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Tue 01 Dec 2015, 5:53 am

Can you get sound with earphones?

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Wed 09 Dec 2015, 10:45 am

Sorry for the delay, I had to get some earphones. No there is no sound with them.

Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Wed 09 Dec 2015, 11:18 am

Go to Device Manager and check if there are any yellow icons.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Thu 10 Dec 2015, 3:32 am

I went to "Device Manager" and I see no yellow icons.

Here is a screen shot of it.

Thanks, Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Thu 10 Dec 2015, 3:40 am


It keeps telling me the picture is to big, it has to be 1.5mb or smaller, and mine is 1.12mb

 Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Thu 10 Dec 2015, 3:48 am

My PC has twice in the last 4 days gone into CHKDSK, and said it "The type of the file system is NTFS. The volume is dirty"
It then went though files deleting them (to many to count), and then, said "Recovering orphaned file 4352", and then went back to working normal again.

I don't remember which file it did last night, when it did it again.

Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Thu 10 Dec 2015, 4:00 am

Please run the SFC I posted earlier and tell me if it asks for the OS disk.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Wed 16 Dec 2015, 1:16 am

I just ran the SFC, and when I came back in the room, it was done, and closed itself. So I guessing it didn't want me to install the OS disc.

I am getting the "not responding" quit often again, and it seems to stop, and go most the time when loading info. I thought it could be a busy internet, but after the PC sits awhile, it takes awhile before it does anything, when I tell it to open anything.

I fixed the sound, I think, for now any ways. I updated the software for it, and it worked again. I left my PC on all day, as I usually do, and when I tried it again later in the day, it didn't work again. I then told it to go back to the original software, it now works again, and this mourning, I tried it, and it still is working.

Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Superdave on Wed 16 Dec 2015, 2:20 am

Please try running MiniToolbox I provided earlier and tell me if the internet connection is any better.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Thu 17 Dec 2015, 12:17 am

I just ran the Minitoolbox again. I'll give the internet a try and get back to you later today.

One thing that I have been getting lately is a box that opens, it say's.

"Unresponsive Script"
A script on the page may be busy, or it may have stopped responding.
Then I need to check one of these box's
"Continue", "Debug Script", "Stop Script"

I just thought I'd let you know that.

I'll see how it work today.

Thanks, Pat
Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Wingnut on Thu 17 Dec 2015, 12:19 am

I didn't know if you wanted me to post the results of the MiniToolBox, but here they are in case you did.

MiniToolBox by Farbar Version: 02-11-2015
Ran by ann summers (administrator) on 16-12-2015 at 08:06:49
Running from "C:\Documents and Settings\ann summers\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Model: Dell DE051 Manufacturer: Dell Computer Corporation
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================

Intel(R) PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : DFSVF091

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-C6-5A-68

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Wednesday, December 16, 2015 5:11:42 AM

Lease Expires . . . . . . . . . . : Thursday, December 17, 2015 5:11:42 AM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 69.8.160.109, 69.8.160.117, 69.8.160.93, 69.8.160.102
69.8.160.87, 69.8.160.123, 69.8.160.91, 69.8.160.83, 69.8.160.98
69.8.160.113, 69.8.160.108, 69.8.160.79, 69.8.160.121, 69.8.160.106
69.8.160.94



Pinging google.com [69.8.160.117] with 32 bytes of data:



Reply from 69.8.160.117: bytes=32 time=9ms TTL=60

Reply from 69.8.160.117: bytes=32 time=5ms TTL=60



Ping statistics for 69.8.160.117:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 5ms, Maximum = 9ms, Average = 7ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 206.190.36.45



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=49ms TTL=49

Reply from 98.139.183.24: bytes=32 time=44ms TTL=49



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 44ms, Maximum = 49ms, Average = 46ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 c6 5a 68 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/16/2015 05:21:09 AM) (Source: .NET Runtime) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/16/2015 05:20:48 AM) (Source: .NET Runtime 4.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 avira.oe.servicehost.exe, P2 1.1.30.21727, P3 54bce4af, P4 mscorlib, P5 4.0.0.0, P6 52ccf750, P7 3fde, P8 13c, P9 clr20r30, P10 clr20r31.

Error: (12/16/2015 05:20:34 AM) (Source: .NET Runtime) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/16/2015 05:20:16 AM) (Source: .NET Runtime 4.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 avira.oe.servicehost.exe, P2 1.1.30.21727, P3 54bce4af, P4 mscorlib, P5 4.0.0.0, P6 52ccf750, P7 3fde, P8 13c, P9 clr20r30, P10 clr20r31.

Error: (12/16/2015 05:19:58 AM) (Source: .NET Runtime) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/16/2015 05:17:53 AM) (Source: .NET Runtime 4.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 avira.oe.servicehost.exe, P2 1.1.30.21727, P3 54bce4af, P4 mscorlib, P5 4.0.0.0, P6 52ccf750, P7 3fde, P8 13c, P9 clr20r30, P10 clr20r31.

Error: (12/16/2015 05:17:07 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800700ea.

Error: (12/16/2015 05:12:00 AM) (Source: ESENT) (User: )
Description: avguard (856) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01).

Error: (12/15/2015 03:15:20 PM) (Source: .NET Runtime) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/15/2015 03:14:30 PM) (Source: .NET Runtime) (User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (12/16/2015 05:21:09 AM) (Source: Service Control Manager) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s).

Error: (12/16/2015 05:20:35 AM) (Source: Service Control Manager) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/16/2015 05:19:59 AM) (Source: Service Control Manager) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/15/2015 03:15:20 PM) (Source: Service Control Manager) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s).

Error: (12/15/2015 03:14:31 PM) (Source: Service Control Manager) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/15/2015 03:12:40 PM) (Source: Service Control Manager) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (12/16/2015 05:21:09 AM) (Source: .NET Runtime)(User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/16/2015 05:20:48 AM) (Source: .NET Runtime 4.0 Error Reporting)(User: )
Description: clr20r3avira.oe.servicehost.exe1.1.30.2172754bce4afmscorlib4.0.0.052ccf7503fde13csystem.unauthorizedaccessNIL

Error: (12/16/2015 05:20:34 AM) (Source: .NET Runtime)(User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/16/2015 05:20:16 AM) (Source: .NET Runtime 4.0 Error Reporting)(User: )
Description: clr20r3avira.oe.servicehost.exe1.1.30.2172754bce4afmscorlib4.0.0.052ccf7503fde13csystem.unauthorizedaccessNIL

Error: (12/16/2015 05:19:58 AM) (Source: .NET Runtime)(User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/16/2015 05:17:53 AM) (Source: .NET Runtime 4.0 Error Reporting)(User: )
Description: clr20r3avira.oe.servicehost.exe1.1.30.2172754bce4afmscorlib4.0.0.052ccf7503fde13csystem.unauthorizedaccessNIL

Error: (12/16/2015 05:17:07 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800700ea.

Error: (12/16/2015 05:12:00 AM) (Source: ESENT)(User: )
Description: avguard856C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (12/15/2015 03:15:20 PM) (Source: .NET Runtime)(User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/15/2015 03:14:30 PM) (Source: .NET Runtime)(User: )
Description: Application: Avira.OE.ServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
at System.Xml.XmlWriterSettings.CreateWriter(System.String)
at System.Xml.XmlWriter.Create(System.String, System.Xml.XmlWriterSettings)
at System.Xml.Linq.XDocument.Save(System.String, System.Xml.Linq.SaveOptions)
at Avira.OE.WinCore.SettingsDocument.SaveToFile()
at Avira.OE.WinCore.SettingsDocument.Dispose()
at Avira.OE.WinCore.DataStorage.SetApplicationProperty(System.String, System.String)
at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 1021.98 MB
Available physical RAM: 472.31 MB
Total Virtual: 1695.86 MB
Available Virtual: 694.14 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:71.46 GB) (Free:44.79 GB) NTFS

========================= Users: ========================================

User accounts for \\DFSVF091

Administrator ann summers Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****


Pat

Wingnut

Rookie Surfer
Rookie Surfer

Posts : 74
Joined : 2012-10-07
Operating System : XP home

View user profile

Back to top Go down

Re: ActivityMonitoring malware?

Post by Sponsored content Today at 2:58 am


Sponsored content


Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum