Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seriously sneaky rootkit. Can't tell what it is, what to do, please help!


  • Please log in to reply
9 replies to this topic

#1 Onirwai

Onirwai

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 23 September 2013 - 06:51 PM

Hello there!

 

I am posting this from an infected machine as I have no more 100% un-compromised ones.

 

I had Windows 7 x64 (not up to date with patches) and AVG Free, Windows Firewall on but not really configured with care - henceforth referred to as Desktop. I ran some shady software and although in it's packed form it was detected as virus-free, when I fired it up AVG detected an executable "sniffer_gpu.exe" as infected. It didn't know with what, and it prompted me to restart. Since that restart, it's been infected and it has infected all other computers in the house. Even those that only connected to the net without any previously infected machines running at the same time! So from the outside somehow?!

 

My Internet goes like this: The ISP assigns Dynamic IP, you connect through PPPOE. It goes into an old wired router that's always on and then by cables to all the PCs in the house: The Desktop, 2 laptops + 1 netbook occasionally.

 

Initial symptoms on Desktop: 

  • Antivirus log of the infection event gone. No scans ever revealed anything
  • Wireshark revealed suspicious traffic. Initially the capture lit up like a Christmas tree, then it mellowed. The IPs turn out to be mostly home users, from around the globe: Russia (I know, stereotype), Ecuador, Italy, some proxies.93-39-6-42.ip73.fastwebnet.it, 40.48.11.37.dynamic.jazztel.es, host-2-60-220-94.pppoe.omsknet.ru, 37-146-226-142.broadband.corbina.ru, 163.242.205.77.rev.sfr.net, nsf02-1-78-215-232-190.fbx.proxad.netThe connections were mostly UDP, and the ports and details sounded even more worrisome: SEBEK: Kernel Data Capture, ndmp, peerwire, x2edisc, inst-descovery, dec-mbadmin, murray, sqlexec-ssl, pptp, bsquare-voip
  • Lost some data, all the files on the desktop (minus the folder structure). I've been able to Recuva the ones I know of since.

  • Can't run Rootkit Unhooker LE 3.8. It did work on a different machine, then that one got infected badly too.

Anyway, as I tried to investigate I moved the ethernet cable to a netbook and it got infected too. Same dubious traffic showed up in Wireshark, and the antivirus was gone completely.

 

Long story short, probably all of the computers got infected.

 

Then a sysadmin guy helped me out. I sent him the PC and system drive (a 60GB OCZ SSD) and after saving some stuff to a USB stick he formatted and installed Windows 7 again, plus put on a payed version of Kaspersky Internet Security 2013.

 

Cut to today, 2 days later, and it's obviously compromised again. Here are the symptoms

  • Kaspersky starts in Protection paused mode. Really now?! That's mighty helpful, expensive AV solution! A possible cause for the re-infection is that I had to connect compromised drives to scan & rescue data. Thinking they will either be clean/unable to infect me/easily detectable as dodgy by Kaspersky. N
  • GMER and OSHI Unhooker find stuff. Rootkit Unhooker crashes. Will post logs when asked to. win32k.sys, ntdll.dll, wow64cpu.dll and a lot of running programs are found with hooks.
  • Various quirks and slow-downs. Wireshark now hangs on startup and shows no dubious traffic. I even suspected tampering of an AVG Rescue CD .rar file (that I downloaded), as it took super-long to open the .rar file the first time. 2 other rescue disks haven't worked but it might not be the infection's fault, IDK.

 

I am prepared to format the system drive and reinstall everything (since I've already done that once), but I must understand some more about this malware. How do I reconnect to the possibly compromised hard drives to copy the data? How do I know I'm not copying the malware too, or infecting my machine as soon as I boot up with an infected HDD attached?

 

Here's a small part of the GMER log file. I will post more on request. ---------------------------

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-23 22:56:26
Windows 6.1.7600  x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-8 OCZ_VERTEX-PLUS rev.3.55 55,90GB
Running: eptm1ivh.exe; Driver: C:\Users\user1\AppData\Local\Temp\kwdiypog.sys
 
 
---- User code sections - GMER 2.1 ----
 
.text     C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                                                               000000007758fa48 5 bytes JMP 0000000173c9176e
.text     C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                        000000007758ffd8 5 bytes JMP 0000000173c91d67
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlSecondsSince1970ToTime + 451                                                                                   00000000773911d3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                                   00000000773911e5 8 bytes {JMP 0xd}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 422                                                                                                 0000000077391386 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                        000000007739142f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                                        000000007739157c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                000000007739190e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 727                                                                                                0000000077391b67 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                               0000000077391c3c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                  0000000077391dc5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 721                                                                                  0000000077391f21 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                      0000000077391f4f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 76                                                                                                     0000000077391fcc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                                    0000000077392025 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                            0000000077392037 8 bytes {JMP 0xb}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 572                                                                                        000000007739227c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 711                                                                                        0000000077392307 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 49                                                                                        0000000077392561 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 563                                                                                       0000000077392763 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 318                                                                             00000000773928ae 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67                                                                                 0000000077392903 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256                                                                              0000000077392a10 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroupMembers + 239                                                                                0000000077392b0f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 119                                                                                       0000000077392b97 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseCleanupGroup + 371                                                                                       0000000077392c93 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                    0000000077392cb0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                  0000000077392cd2 8 bytes {JMP 0x10}
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                   0000000077392d2f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3192] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                                  0000000077392d90 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text     ...

 

--------------------------------

 

EDIT 02:24 24.09.2013: When running in SafeMode there seems to be no more suspicious traffic and no more detections by GMER and OSHI Unhooker.

 

I await your suggestions.

Thanks very much!   :cowboy:



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:45 PM

Posted 23 September 2013 - 07:02 PM

Hello Onirwai
Sniffer is part of the graphic application Adobe Photoshop CS6 -

Lets' run these next.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.

ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
.
.
  • >>>
  • Last run ESET.
    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Onirwai

Onirwai
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 24 September 2013 - 08:51 AM

Thank you very much for helping me!

 

Here are the requested logs:

 

MiniToolBox Result.txt ---------------------------

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by user1 (administrator) on 24-09-2013 at 15:41:35
Running from "C:\Users\user1\Desktop"
Microsoft Windows 7 Ultimate   (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = ETHERNET (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : AFlowerPot
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter ETHERNET:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-25-22-B3-BF-A9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.2.100(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 24 septembrie 2013 15:35:06
   Lease Expires . . . . . . . . . . : 25 septembrie 2013 15:35:05
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{03707782-98A6-48FA-97BC-23519FD9DBA0}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1cf8:301c:3f57:fd9b(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1cf8:301c:3f57:fd9b%12(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.2.1
 
Name:    google.com
Addresses:  2a00:1450:4017:800::1002
 82.76.79.84
 82.76.79.88
 82.76.79.89
 82.76.79.93
 82.76.79.94
 82.76.79.98
 82.76.79.99
 82.76.79.103
 82.76.79.104
 82.76.79.108
 82.76.79.109
 82.76.79.113
 82.76.79.114
 82.76.79.118
 82.76.79.119
 82.76.79.123
 
 
Pinging google.com [82.76.79.84] with 32 bytes of data:
Reply from 82.76.79.84: bytes=32 time=3ms TTL=60
Reply from 82.76.79.84: bytes=32 time=3ms TTL=60
 
Ping statistics for 82.76.79.84:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 3ms, Average = 3ms
Server:  UnKnown
Address:  192.168.2.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=278ms TTL=42
Reply from 98.138.253.109: bytes=32 time=176ms TTL=42
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 176ms, Maximum = 278ms, Average = 227ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 25 22 b3 bf a9 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.100     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link     192.168.2.100    276
    192.168.2.100  255.255.255.255         On-link     192.168.2.100    276
    192.168.2.255  255.255.255.255         On-link     192.168.2.100    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.2.100    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.2.100    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:5ef5:79fd:1cf8:301c:3f57:fd9b/128
                                    On-link
 12    306 fe80::/64                On-link
 12    306 fe80::1cf8:301c:3f57:fd9b/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/24/2013 01:24:59 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (09/24/2013 01:24:59 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (09/24/2013 00:43:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 29.0.1547.76, time stamp: 0x5237a3c2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x773e0100
Faulting process id: 0xac0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (09/24/2013 00:43:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 29.0.1547.76, time stamp: 0x5237a3c2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x73d2c8cd
Faulting process id: 0x534
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (09/23/2013 11:10:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 29.0.1547.76, time stamp: 0x5237a3c2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x773e0100
Faulting process id: 0xc78
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (09/23/2013 11:09:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 29.0.1547.76, time stamp: 0x5237a3c2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x773e0100
Faulting process id: 0x700
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (09/23/2013 10:13:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: wireshark.exe, version: 1.10.2.51934, time stamp: 0x522f538a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x73eb2dd0
Faulting process id: 0xfc8
Faulting application start time: 0xwireshark.exe0
Faulting application path: wireshark.exe1
Faulting module path: wireshark.exe2
Report Id: wireshark.exe3
 
Error: (09/23/2013 10:09:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 29.0.1547.76, time stamp: 0x5237a3c2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x775e0100
Faulting process id: 0x3a4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (09/23/2013 10:09:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 29.0.1547.76, time stamp: 0x5237a3c2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7763b740
Faulting process id: 0x10c4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (09/23/2013 10:09:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 29.0.1547.76, time stamp: 0x5237a3c2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x775e0100
Faulting process id: 0x52c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
 
System errors:
=============
Error: (09/24/2013 03:32:06 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
6fdckbaw
cdrom
 
Error: (09/24/2013 03:23:16 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
6fdckbaw
cdrom
 
Error: (09/24/2013 01:27:03 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/24/2013 01:26:52 AM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (09/24/2013 01:26:10 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/24/2013 01:24:59 AM) (Source: DCOM) (User: )
Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (09/24/2013 01:15:19 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (09/24/2013 01:15:19 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (09/24/2013 01:15:18 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (09/24/2013 01:15:13 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-24 01:26:52.094
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-24 01:26:52.093
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-23 22:42:30.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-23 22:42:30.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-23 22:42:25.324
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-23 22:42:25.323
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-23 22:42:20.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-23 22:42:20.216
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-23 22:42:14.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-23 22:42:14.959
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
AC3Filter 2.5b (Version: 2.5b)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.4.7.0)
Asmedia ASM106x SATA Host Controller Driver (Version: 1.1.7.110)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.35)
CCleaner (Version: 4.05)
ffdshow (remove only)
Google Chrome (Version: 29.0.1547.76)
Google Update Helper (Version: 1.3.21.153)
HTC Home Apis (Version: 3.0.620.0)
Intel® OpenCL CPU Runtime
Intel® Processor Graphics (Version: 8.15.10.2618)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Kaspersky Internet Security (Version: 14.0.0.4651)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 24.0 (x86 en-GB) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6265)
Recuva (Version: 1.48)
VLC media player 2.0.8 (Version: 2.0.8)
WinPcap 4.1.3 (Version: 4.1.0.2980)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Xvid Video Codec (Version: 1.3.2)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 20%
Total physical RAM: 7911.6 MB
Available physical RAM: 6289.9 MB
Total Pagefile: 8933.75 MB
Available Pagefile: 7045.38 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.77 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:55.8 GB) (Free:17.97 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\AFLOWERPOT
 
Administrator            Guest                    user1                    
 
 
**** End of log ****
 

---------------------------------------------

 

TDSSKiller.2.9.2.0_24.09.2013_15.46.16_log -------------------------------------------------------------------------------

 

15:46:16.0125 0x0b24  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
15:46:16.0286 0x0b24  ============================================================
15:46:16.0286 0x0b24  Current date / time: 2013/09/24 15:46:16.0286
15:46:16.0286 0x0b24  SystemInfo:
15:46:16.0286 0x0b24  
15:46:16.0286 0x0b24  OS Version: 6.1.7600 ServicePack: 0.0
15:46:16.0286 0x0b24  Product type: Workstation
15:46:16.0287 0x0b24  ComputerName: AFLOWERPOT
15:46:16.0287 0x0b24  UserName: user1
15:46:16.0287 0x0b24  Windows directory: C:\Windows
15:46:16.0287 0x0b24  System windows directory: C:\Windows
15:46:16.0287 0x0b24  Running under WOW64
15:46:16.0287 0x0b24  Processor architecture: Intel x64
15:46:16.0287 0x0b24  Number of processors: 4
15:46:16.0287 0x0b24  Page size: 0x1000
15:46:16.0287 0x0b24  Boot type: Normal boot
15:46:16.0287 0x0b24  ============================================================
15:46:16.0737 0x0b24  Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:46:16.0740 0x0b24  ============================================================
15:46:16.0740 0x0b24  \Device\Harddisk0\DR0:
15:46:16.0740 0x0b24  MBR partitions:
15:46:16.0740 0x0b24  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:46:16.0740 0x0b24  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
15:46:16.0740 0x0b24  ============================================================
15:46:16.0741 0x0b24  C: <-> \Device\Harddisk0\DR0\Partition2
15:46:16.0741 0x0b24  ============================================================
15:46:16.0741 0x0b24  Initialize success
15:46:16.0741 0x0b24  ============================================================
15:46:19.0507 0x0e1c  ============================================================
15:46:19.0507 0x0e1c  Scan started
15:46:19.0507 0x0e1c  Mode: Manual; 
15:46:19.0508 0x0e1c  ============================================================
15:46:19.0678 0x0e1c  ================ Scan system memory ========================
15:46:19.0678 0x0e1c  System memory - ok
15:46:19.0678 0x0e1c  ================ Scan services =============================
15:46:19.0724 0x0e1c  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:46:19.0727 0x0e1c  1394ohci - ok
15:46:19.0731 0x0e1c  6fdckbaw - ok
15:46:19.0742 0x0e1c  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
15:46:19.0747 0x0e1c  ACPI - ok
15:46:19.0752 0x0e1c  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
15:46:19.0753 0x0e1c  AcpiPmi - ok
15:46:19.0765 0x0e1c  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:46:19.0771 0x0e1c  adp94xx - ok
15:46:19.0781 0x0e1c  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:46:19.0786 0x0e1c  adpahci - ok
15:46:19.0793 0x0e1c  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:46:19.0796 0x0e1c  adpu320 - ok
15:46:19.0804 0x0e1c  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:46:19.0805 0x0e1c  AeLookupSvc - ok
15:46:19.0818 0x0e1c  [ B9384E03479D2506BC924C16A3DB87BC ] AFD             C:\Windows\system32\drivers\afd.sys
15:46:19.0824 0x0e1c  AFD - ok
15:46:19.0829 0x0e1c  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
15:46:19.0831 0x0e1c  agp440 - ok
15:46:19.0834 0x0e1c  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:46:19.0836 0x0e1c  ALG - ok
15:46:19.0839 0x0e1c  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
15:46:19.0840 0x0e1c  aliide - ok
15:46:19.0843 0x0e1c  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
15:46:19.0844 0x0e1c  amdide - ok
15:46:19.0847 0x0e1c  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:46:19.0848 0x0e1c  AmdK8 - ok
15:46:19.0852 0x0e1c  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:46:19.0853 0x0e1c  AmdPPM - ok
15:46:19.0857 0x0e1c  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
15:46:19.0859 0x0e1c  amdsata - ok
15:46:19.0864 0x0e1c  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:46:19.0866 0x0e1c  amdsbs - ok
15:46:19.0869 0x0e1c  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
15:46:19.0869 0x0e1c  amdxata - ok
15:46:19.0873 0x0e1c  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
15:46:19.0874 0x0e1c  AppID - ok
15:46:19.0877 0x0e1c  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:46:19.0878 0x0e1c  AppIDSvc - ok
15:46:19.0881 0x0e1c  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
15:46:19.0882 0x0e1c  Appinfo - ok
15:46:19.0888 0x0e1c  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:46:19.0890 0x0e1c  AppMgmt - ok
15:46:19.0893 0x0e1c  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:46:19.0895 0x0e1c  arc - ok
15:46:19.0898 0x0e1c  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:46:19.0900 0x0e1c  arcsas - ok
15:46:19.0903 0x0e1c  [ 0A37D1CBE00A6C25CC6B8A48686D6773 ] asahci64        C:\Windows\system32\DRIVERS\asahci64.sys
15:46:19.0903 0x0e1c  asahci64 - ok
15:46:19.0907 0x0e1c  [ 7D64FF29CD50D422C27F4E72643C81FB ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
15:46:19.0908 0x0e1c  asmthub3 - ok
15:46:19.0915 0x0e1c  [ AA90B52EE66052543D76587508C1A627 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
15:46:19.0917 0x0e1c  asmtxhci - ok
15:46:19.0919 0x0e1c  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:46:19.0920 0x0e1c  AsyncMac - ok
15:46:19.0924 0x0e1c  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
15:46:19.0924 0x0e1c  atapi - ok
15:46:19.0936 0x0e1c  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:46:19.0942 0x0e1c  AudioEndpointBuilder - ok
15:46:19.0949 0x0e1c  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:46:19.0952 0x0e1c  AudioSrv - ok
15:46:19.0964 0x0e1c  [ E26D04CECD6C7C71CFBB3F335875BC31 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
15:46:19.0965 0x0e1c  AVP - ok
15:46:19.0969 0x0e1c  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:46:19.0970 0x0e1c  AxInstSV - ok
15:46:19.0980 0x0e1c  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:46:19.0984 0x0e1c  b06bdrv - ok
15:46:19.0990 0x0e1c  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:46:19.0993 0x0e1c  b57nd60a - ok
15:46:20.0000 0x0e1c  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:46:20.0001 0x0e1c  BDESVC - ok
15:46:20.0004 0x0e1c  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:46:20.0004 0x0e1c  Beep - ok
15:46:20.0017 0x0e1c  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
15:46:20.0023 0x0e1c  BFE - ok
15:46:20.0037 0x0e1c  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\system32\qmgr.dll
15:46:20.0045 0x0e1c  BITS - ok
15:46:20.0049 0x0e1c  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:46:20.0049 0x0e1c  blbdrive - ok
15:46:20.0053 0x0e1c  [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:46:20.0054 0x0e1c  bowser - ok
15:46:20.0057 0x0e1c  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:46:20.0058 0x0e1c  BrFiltLo - ok
15:46:20.0061 0x0e1c  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:46:20.0061 0x0e1c  BrFiltUp - ok
15:46:20.0065 0x0e1c  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:46:20.0074 0x0e1c  BridgeMP - ok
15:46:20.0079 0x0e1c  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
15:46:20.0080 0x0e1c  Browser - ok
15:46:20.0086 0x0e1c  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:46:20.0089 0x0e1c  Brserid - ok
15:46:20.0092 0x0e1c  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:46:20.0093 0x0e1c  BrSerWdm - ok
15:46:20.0096 0x0e1c  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:46:20.0097 0x0e1c  BrUsbMdm - ok
15:46:20.0100 0x0e1c  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:46:20.0100 0x0e1c  BrUsbSer - ok
15:46:20.0105 0x0e1c  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:46:20.0106 0x0e1c  BTHMODEM - ok
15:46:20.0111 0x0e1c  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:46:20.0112 0x0e1c  bthserv - ok
15:46:20.0114 0x0e1c  catchme - ok
15:46:20.0118 0x0e1c  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:46:20.0120 0x0e1c  cdfs - ok
15:46:20.0124 0x0e1c  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:46:20.0126 0x0e1c  cdrom - ok
15:46:20.0130 0x0e1c  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:46:20.0131 0x0e1c  CertPropSvc - ok
15:46:20.0134 0x0e1c  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:46:20.0135 0x0e1c  circlass - ok
15:46:20.0142 0x0e1c  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:46:20.0146 0x0e1c  CLFS - ok
15:46:20.0153 0x0e1c  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:46:20.0155 0x0e1c  clr_optimization_v2.0.50727_32 - ok
15:46:20.0161 0x0e1c  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:46:20.0163 0x0e1c  clr_optimization_v2.0.50727_64 - ok
15:46:20.0172 0x0e1c  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:46:20.0173 0x0e1c  clr_optimization_v4.0.30319_32 - ok
15:46:20.0181 0x0e1c  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:46:20.0182 0x0e1c  clr_optimization_v4.0.30319_64 - ok
15:46:20.0185 0x0e1c  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:46:20.0186 0x0e1c  CmBatt - ok
15:46:20.0189 0x0e1c  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
15:46:20.0190 0x0e1c  cmdide - ok
15:46:20.0199 0x0e1c  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:46:20.0205 0x0e1c  CNG - ok
15:46:20.0208 0x0e1c  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:46:20.0209 0x0e1c  Compbatt - ok
15:46:20.0212 0x0e1c  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:46:20.0213 0x0e1c  CompositeBus - ok
15:46:20.0215 0x0e1c  COMSysApp - ok
15:46:20.0242 0x0e1c  [ DB84D759193FDEDF82144E565108037E ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:46:20.0245 0x0e1c  cphs - ok
15:46:20.0249 0x0e1c  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:46:20.0249 0x0e1c  crcdisk - ok
15:46:20.0256 0x0e1c  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:46:20.0258 0x0e1c  CryptSvc - ok
15:46:20.0268 0x0e1c  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys
15:46:20.0273 0x0e1c  CSC - ok
15:46:20.0286 0x0e1c  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
15:46:20.0292 0x0e1c  CscService - ok
15:46:20.0302 0x0e1c  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:46:20.0310 0x0e1c  DcomLaunch - ok
15:46:20.0317 0x0e1c  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:46:20.0320 0x0e1c  defragsvc - ok
15:46:20.0324 0x0e1c  [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:46:20.0325 0x0e1c  DfsC - ok
15:46:20.0332 0x0e1c  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:46:20.0336 0x0e1c  Dhcp - ok
15:46:20.0339 0x0e1c  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:46:20.0340 0x0e1c  discache - ok
15:46:20.0344 0x0e1c  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:46:20.0345 0x0e1c  Disk - ok
15:46:20.0350 0x0e1c  [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:46:20.0352 0x0e1c  Dnscache - ok
15:46:20.0358 0x0e1c  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
15:46:20.0361 0x0e1c  dot3svc - ok
15:46:20.0366 0x0e1c  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
15:46:20.0368 0x0e1c  DPS - ok
15:46:20.0371 0x0e1c  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:46:20.0372 0x0e1c  drmkaud - ok
15:46:20.0387 0x0e1c  [ 7CB7D2B73813CE05C7BC0F5F95D27CEC ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:46:20.0395 0x0e1c  DXGKrnl - ok
15:46:20.0399 0x0e1c  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:46:20.0401 0x0e1c  EapHost - ok
15:46:20.0443 0x0e1c  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:46:20.0469 0x0e1c  ebdrv - ok
15:46:20.0473 0x0e1c  [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS             C:\Windows\System32\lsass.exe
15:46:20.0474 0x0e1c  EFS - ok
15:46:20.0487 0x0e1c  [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:46:20.0493 0x0e1c  ehRecvr - ok
15:46:20.0496 0x0e1c  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:46:20.0498 0x0e1c  ehSched - ok
15:46:20.0507 0x0e1c  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:46:20.0511 0x0e1c  elxstor - ok
15:46:20.0514 0x0e1c  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
15:46:20.0515 0x0e1c  ErrDev - ok
15:46:20.0526 0x0e1c  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:46:20.0531 0x0e1c  EventSystem - ok
15:46:20.0536 0x0e1c  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:46:20.0538 0x0e1c  exfat - ok
15:46:20.0543 0x0e1c  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:46:20.0545 0x0e1c  fastfat - ok
15:46:20.0557 0x0e1c  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
15:46:20.0563 0x0e1c  Fax - ok
15:46:20.0566 0x0e1c  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:46:20.0567 0x0e1c  fdc - ok
15:46:20.0570 0x0e1c  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:46:20.0571 0x0e1c  fdPHost - ok
15:46:20.0574 0x0e1c  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:46:20.0575 0x0e1c  FDResPub - ok
15:46:20.0579 0x0e1c  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:46:20.0579 0x0e1c  FileInfo - ok
15:46:20.0583 0x0e1c  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:46:20.0583 0x0e1c  Filetrace - ok
15:46:20.0586 0x0e1c  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:46:20.0587 0x0e1c  flpydisk - ok
15:46:20.0594 0x0e1c  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:46:20.0597 0x0e1c  FltMgr - ok
15:46:20.0613 0x0e1c  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache       C:\Windows\system32\FntCache.dll
15:46:20.0623 0x0e1c  FontCache - ok
15:46:20.0627 0x0e1c  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:46:20.0628 0x0e1c  FontCache3.0.0.0 - ok
15:46:20.0631 0x0e1c  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:46:20.0632 0x0e1c  FsDepends - ok
15:46:20.0635 0x0e1c  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:46:20.0635 0x0e1c  Fs_Rec - ok
15:46:20.0641 0x0e1c  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:46:20.0644 0x0e1c  fvevol - ok
15:46:20.0647 0x0e1c  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:46:20.0648 0x0e1c  gagp30kx - ok
15:46:20.0661 0x0e1c  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
15:46:20.0668 0x0e1c  gpsvc - ok
15:46:20.0672 0x0e1c  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:46:20.0673 0x0e1c  gupdate - ok
15:46:20.0676 0x0e1c  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:46:20.0676 0x0e1c  gupdatem - ok
15:46:20.0679 0x0e1c  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:46:20.0680 0x0e1c  hcw85cir - ok
15:46:20.0687 0x0e1c  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:46:20.0690 0x0e1c  HdAudAddService - ok
15:46:20.0694 0x0e1c  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:46:20.0695 0x0e1c  HDAudBus - ok
15:46:20.0698 0x0e1c  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:46:20.0699 0x0e1c  HidBatt - ok
15:46:20.0703 0x0e1c  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:46:20.0704 0x0e1c  HidBth - ok
15:46:20.0708 0x0e1c  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:46:20.0709 0x0e1c  HidIr - ok
15:46:20.0712 0x0e1c  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
15:46:20.0713 0x0e1c  hidserv - ok
15:46:20.0717 0x0e1c  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:46:20.0718 0x0e1c  HidUsb - ok
15:46:20.0722 0x0e1c  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:46:20.0723 0x0e1c  hkmsvc - ok
15:46:20.0729 0x0e1c  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:46:20.0731 0x0e1c  HomeGroupListener - ok
15:46:20.0737 0x0e1c  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:46:20.0739 0x0e1c  HomeGroupProvider - ok
15:46:20.0743 0x0e1c  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
15:46:20.0744 0x0e1c  HpSAMD - ok
15:46:20.0757 0x0e1c  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:46:20.0763 0x0e1c  HTTP - ok
15:46:20.0766 0x0e1c  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:46:20.0766 0x0e1c  hwpolicy - ok
15:46:20.0768 0x0e1c  hXber0QQ - ok
15:46:20.0773 0x0e1c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:46:20.0774 0x0e1c  i8042prt - ok
15:46:20.0783 0x0e1c  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
15:46:20.0786 0x0e1c  iaStorV - ok
15:46:20.0800 0x0e1c  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:46:20.0807 0x0e1c  idsvc - ok
15:46:20.0974 0x0e1c  [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:46:21.0134 0x0e1c  igfx - ok
15:46:21.0140 0x0e1c  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:46:21.0141 0x0e1c  iirsp - ok
15:46:21.0154 0x0e1c  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
15:46:21.0162 0x0e1c  IKEEXT - ok
15:46:21.0195 0x0e1c  [ 895C6DD2A3CAB8C2BAEDB201DD1A7D40 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:46:21.0205 0x0e1c  IntcAzAudAddService - ok
15:46:21.0212 0x0e1c  [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:46:21.0215 0x0e1c  IntcDAud - ok
15:46:21.0218 0x0e1c  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
15:46:21.0219 0x0e1c  intelide - ok
15:46:21.0223 0x0e1c  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:46:21.0223 0x0e1c  intelppm - ok
15:46:21.0227 0x0e1c  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:46:21.0229 0x0e1c  IPBusEnum - ok
15:46:21.0232 0x0e1c  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:46:21.0233 0x0e1c  IpFilterDriver - ok
15:46:21.0243 0x0e1c  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:46:21.0248 0x0e1c  iphlpsvc - ok
15:46:21.0252 0x0e1c  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:46:21.0253 0x0e1c  IPMIDRV - ok
15:46:21.0257 0x0e1c  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:46:21.0259 0x0e1c  IPNAT - ok
15:46:21.0261 0x0e1c  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:46:21.0262 0x0e1c  IRENUM - ok
15:46:21.0265 0x0e1c  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
15:46:21.0266 0x0e1c  isapnp - ok
15:46:21.0271 0x0e1c  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:46:21.0274 0x0e1c  iScsiPrt - ok
15:46:21.0277 0x0e1c  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:46:21.0278 0x0e1c  kbdclass - ok
15:46:21.0281 0x0e1c  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:46:21.0281 0x0e1c  kbdhid - ok
15:46:21.0284 0x0e1c  [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso          C:\Windows\system32\lsass.exe
15:46:21.0285 0x0e1c  KeyIso - ok
15:46:21.0295 0x0e1c  [ 343AE1FFF612F4A08868EF8F9FD5C8F8 ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
15:46:21.0398 0x0e1c  kl1 - ok
15:46:21.0414 0x0e1c  [ 94E7C55A508834682AA9AB5C06B2C556 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
15:46:21.0419 0x0e1c  KLIF - ok
15:46:21.0508 0x0e1c  [ 13C6F3394BFAD2A4E385FAEB72C5650D ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
15:46:21.0508 0x0e1c  KLIM6 - ok
15:46:21.0513 0x0e1c  [ A1A218CDE861792782E68E452A0A5664 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
15:46:21.0514 0x0e1c  klkbdflt - ok
15:46:21.0518 0x0e1c  [ FD90E850E16DBAAD903A3EDAA6121A9C ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
15:46:21.0519 0x0e1c  klmouflt - ok
15:46:21.0523 0x0e1c  [ 8C0EC95AD65A0DE3D6C040591D02BF02 ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
15:46:21.0524 0x0e1c  klpd - ok
15:46:21.0529 0x0e1c  [ 4828B3D2BC89B05E07101C6E60CE0A6A ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
15:46:21.0529 0x0e1c  kltdi - ok
15:46:21.0536 0x0e1c  [ 2AF60665EA74C45F458C39C34B2D7D59 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
15:46:21.0538 0x0e1c  kneps - ok
15:46:21.0542 0x0e1c  [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:46:21.0543 0x0e1c  KSecDD - ok
15:46:21.0548 0x0e1c  [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:46:21.0550 0x0e1c  KSecPkg - ok
15:46:21.0553 0x0e1c  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:46:21.0553 0x0e1c  ksthunk - ok
15:46:21.0561 0x0e1c  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:46:21.0565 0x0e1c  KtmRm - ok
15:46:21.0568 0x0e1c  [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
15:46:21.0569 0x0e1c  L1C - ok
15:46:21.0574 0x0e1c  [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:46:21.0577 0x0e1c  LanmanServer - ok
15:46:21.0582 0x0e1c  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:46:21.0584 0x0e1c  LanmanWorkstation - ok
15:46:21.0588 0x0e1c  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:46:21.0589 0x0e1c  lltdio - ok
15:46:21.0596 0x0e1c  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:46:21.0599 0x0e1c  lltdsvc - ok
15:46:21.0602 0x0e1c  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:46:21.0603 0x0e1c  lmhosts - ok
15:46:21.0608 0x0e1c  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:46:21.0609 0x0e1c  LSI_FC - ok
15:46:21.0614 0x0e1c  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:46:21.0615 0x0e1c  LSI_SAS - ok
15:46:21.0619 0x0e1c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:46:21.0620 0x0e1c  LSI_SAS2 - ok
15:46:21.0624 0x0e1c  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:46:21.0625 0x0e1c  LSI_SCSI - ok
15:46:21.0629 0x0e1c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:46:21.0630 0x0e1c  luafv - ok
15:46:21.0634 0x0e1c  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:46:21.0635 0x0e1c  Mcx2Svc - ok
15:46:21.0639 0x0e1c  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:46:21.0640 0x0e1c  megasas - ok
15:46:21.0646 0x0e1c  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:46:21.0649 0x0e1c  MegaSR - ok
15:46:21.0656 0x0e1c  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:46:21.0657 0x0e1c  Microsoft Office Groove Audit Service - ok
15:46:21.0660 0x0e1c  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:46:21.0662 0x0e1c  MMCSS - ok
15:46:21.0665 0x0e1c  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:46:21.0666 0x0e1c  Modem - ok
15:46:21.0669 0x0e1c  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:46:21.0669 0x0e1c  monitor - ok
15:46:21.0672 0x0e1c  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:46:21.0673 0x0e1c  mouclass - ok
15:46:21.0677 0x0e1c  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:46:21.0677 0x0e1c  mouhid - ok
15:46:21.0681 0x0e1c  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:46:21.0682 0x0e1c  mountmgr - ok
15:46:21.0685 0x0e1c  [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:46:21.0687 0x0e1c  MozillaMaintenance - ok
15:46:21.0692 0x0e1c  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
15:46:21.0694 0x0e1c  mpio - ok
15:46:21.0697 0x0e1c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:46:21.0698 0x0e1c  mpsdrv - ok
15:46:21.0711 0x0e1c  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:46:21.0719 0x0e1c  MpsSvc - ok
15:46:21.0723 0x0e1c  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:46:21.0725 0x0e1c  MRxDAV - ok
15:46:21.0730 0x0e1c  [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:46:21.0731 0x0e1c  mrxsmb - ok
15:46:21.0738 0x0e1c  [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:46:21.0741 0x0e1c  mrxsmb10 - ok
15:46:21.0745 0x0e1c  [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:46:21.0746 0x0e1c  mrxsmb20 - ok
15:46:21.0750 0x0e1c  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
15:46:21.0751 0x0e1c  msahci - ok
15:46:21.0755 0x0e1c  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
15:46:21.0757 0x0e1c  msdsm - ok
15:46:21.0761 0x0e1c  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:46:21.0763 0x0e1c  MSDTC - ok
15:46:21.0769 0x0e1c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:46:21.0770 0x0e1c  Msfs - ok
15:46:21.0772 0x0e1c  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:46:21.0773 0x0e1c  mshidkmdf - ok
15:46:21.0775 0x0e1c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
15:46:21.0776 0x0e1c  msisadrv - ok
15:46:21.0780 0x0e1c  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:46:21.0783 0x0e1c  MSiSCSI - ok
15:46:21.0785 0x0e1c  msiserver - ok
15:46:21.0788 0x0e1c  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:46:21.0789 0x0e1c  MSKSSRV - ok
15:46:21.0792 0x0e1c  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:46:21.0792 0x0e1c  MSPCLOCK - ok
15:46:21.0795 0x0e1c  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:46:21.0796 0x0e1c  MSPQM - ok
15:46:21.0803 0x0e1c  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:46:21.0807 0x0e1c  MsRPC - ok
15:46:21.0811 0x0e1c  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:46:21.0812 0x0e1c  mssmbios - ok
15:46:21.0814 0x0e1c  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:46:21.0815 0x0e1c  MSTEE - ok
15:46:21.0818 0x0e1c  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:46:21.0819 0x0e1c  MTConfig - ok
15:46:21.0822 0x0e1c  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:46:21.0823 0x0e1c  Mup - ok
15:46:21.0831 0x0e1c  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
15:46:21.0836 0x0e1c  napagent - ok
15:46:21.0842 0x0e1c  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:46:21.0845 0x0e1c  NativeWifiP - ok
15:46:21.0860 0x0e1c  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:46:21.0872 0x0e1c  NDIS - ok
15:46:21.0875 0x0e1c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:46:21.0876 0x0e1c  NdisCap - ok
15:46:21.0879 0x0e1c  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:46:21.0879 0x0e1c  NdisTapi - ok
15:46:21.0883 0x0e1c  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:46:21.0884 0x0e1c  Ndisuio - ok
15:46:21.0889 0x0e1c  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:46:21.0890 0x0e1c  NdisWan - ok
15:46:21.0894 0x0e1c  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:46:21.0894 0x0e1c  NDProxy - ok
15:46:21.0898 0x0e1c  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:46:21.0898 0x0e1c  NetBIOS - ok
15:46:21.0904 0x0e1c  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:46:21.0906 0x0e1c  NetBT - ok
15:46:21.0909 0x0e1c  [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon        C:\Windows\system32\lsass.exe
15:46:21.0910 0x0e1c  Netlogon - ok
15:46:21.0917 0x0e1c  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:46:21.0920 0x0e1c  Netman - ok
15:46:21.0929 0x0e1c  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:46:21.0933 0x0e1c  netprofm - ok
15:46:21.0937 0x0e1c  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:46:21.0939 0x0e1c  NetTcpPortSharing - ok
15:46:21.0942 0x0e1c  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:46:21.0943 0x0e1c  nfrd960 - ok
15:46:21.0950 0x0e1c  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:46:21.0953 0x0e1c  NlaSvc - ok
15:46:21.0957 0x0e1c  [ DE7FCC77F4A503AF4CA6A47D49B3713D ] NPF             C:\Windows\system32\drivers\npf.sys
15:46:21.0957 0x0e1c  NPF - ok
15:46:21.0960 0x0e1c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:46:21.0961 0x0e1c  Npfs - ok
15:46:21.0964 0x0e1c  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:46:21.0965 0x0e1c  nsi - ok
15:46:21.0968 0x0e1c  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:46:21.0968 0x0e1c  nsiproxy - ok
15:46:21.0992 0x0e1c  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:46:22.0011 0x0e1c  Ntfs - ok
15:46:22.0014 0x0e1c  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:46:22.0014 0x0e1c  Null - ok
15:46:22.0019 0x0e1c  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
15:46:22.0021 0x0e1c  nvraid - ok
15:46:22.0025 0x0e1c  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
15:46:22.0027 0x0e1c  nvstor - ok
15:46:22.0031 0x0e1c  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
15:46:22.0032 0x0e1c  nv_agp - ok
15:46:22.0042 0x0e1c  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:46:22.0046 0x0e1c  odserv - ok
15:46:22.0049 0x0e1c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:46:22.0050 0x0e1c  ohci1394 - ok
15:46:22.0054 0x0e1c  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:46:22.0056 0x0e1c  ose - ok
15:46:22.0062 0x0e1c  OSHI_Unhooker - ok
15:46:22.0070 0x0e1c  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:46:22.0073 0x0e1c  p2pimsvc - ok
15:46:22.0081 0x0e1c  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:46:22.0086 0x0e1c  p2psvc - ok
15:46:22.0090 0x0e1c  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:46:22.0091 0x0e1c  Parport - ok
15:46:22.0095 0x0e1c  [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:46:22.0095 0x0e1c  partmgr - ok
15:46:22.0101 0x0e1c  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:46:22.0103 0x0e1c  PcaSvc - ok
15:46:22.0108 0x0e1c  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
15:46:22.0110 0x0e1c  pci - ok
15:46:22.0113 0x0e1c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
15:46:22.0113 0x0e1c  pciide - ok
15:46:22.0119 0x0e1c  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:46:22.0121 0x0e1c  pcmcia - ok
15:46:22.0124 0x0e1c  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:46:22.0125 0x0e1c  pcw - ok
15:46:22.0135 0x0e1c  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:46:22.0140 0x0e1c  PEAUTH - ok
15:46:22.0160 0x0e1c  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:46:22.0171 0x0e1c  PeerDistSvc - ok
15:46:22.0176 0x0e1c  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:46:22.0177 0x0e1c  PerfHost - ok
15:46:22.0200 0x0e1c  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
15:46:22.0211 0x0e1c  pla - ok
15:46:22.0220 0x0e1c  [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:46:22.0226 0x0e1c  PlugPlay - ok
15:46:22.0229 0x0e1c  PmucmA68 - ok
15:46:22.0233 0x0e1c  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:46:22.0235 0x0e1c  PNRPAutoReg - ok
15:46:22.0241 0x0e1c  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:46:22.0243 0x0e1c  PNRPsvc - ok
15:46:22.0252 0x0e1c  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:46:22.0257 0x0e1c  PolicyAgent - ok
15:46:22.0264 0x0e1c  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:46:22.0267 0x0e1c  Power - ok
15:46:22.0270 0x0e1c  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:46:22.0272 0x0e1c  PptpMiniport - ok
15:46:22.0277 0x0e1c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:46:22.0278 0x0e1c  Processor - ok
15:46:22.0285 0x0e1c  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
15:46:22.0289 0x0e1c  ProfSvc - ok
15:46:22.0291 0x0e1c  [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
15:46:22.0292 0x0e1c  ProtectedStorage - ok
15:46:22.0296 0x0e1c  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:46:22.0298 0x0e1c  Psched - ok
15:46:22.0319 0x0e1c  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:46:22.0331 0x0e1c  ql2300 - ok
15:46:22.0335 0x0e1c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:46:22.0337 0x0e1c  ql40xx - ok
15:46:22.0342 0x0e1c  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:46:22.0345 0x0e1c  QWAVE - ok
15:46:22.0348 0x0e1c  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:46:22.0349 0x0e1c  QWAVEdrv - ok
15:46:22.0352 0x0e1c  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:46:22.0353 0x0e1c  RasAcd - ok
15:46:22.0356 0x0e1c  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:46:22.0357 0x0e1c  RasAgileVpn - ok
15:46:22.0361 0x0e1c  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:46:22.0363 0x0e1c  RasAuto - ok
15:46:22.0367 0x0e1c  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:46:22.0368 0x0e1c  Rasl2tp - ok
15:46:22.0375 0x0e1c  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
15:46:22.0379 0x0e1c  RasMan - ok
15:46:22.0383 0x0e1c  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:46:22.0384 0x0e1c  RasPppoe - ok
15:46:22.0388 0x0e1c  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:46:22.0389 0x0e1c  RasSstp - ok
15:46:22.0395 0x0e1c  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:46:22.0398 0x0e1c  rdbss - ok
15:46:22.0401 0x0e1c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:46:22.0402 0x0e1c  rdpbus - ok
15:46:22.0405 0x0e1c  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:46:22.0405 0x0e1c  RDPCDD - ok
15:46:22.0411 0x0e1c  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:46:22.0413 0x0e1c  RDPDR - ok
15:46:22.0415 0x0e1c  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:46:22.0416 0x0e1c  RDPENCDD - ok
15:46:22.0420 0x0e1c  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:46:22.0421 0x0e1c  RDPREFMP - ok
15:46:22.0426 0x0e1c  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:46:22.0428 0x0e1c  RDPWD - ok
15:46:22.0433 0x0e1c  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:46:22.0435 0x0e1c  rdyboost - ok
15:46:22.0439 0x0e1c  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:46:22.0441 0x0e1c  RemoteAccess - ok
15:46:22.0445 0x0e1c  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:46:22.0448 0x0e1c  RemoteRegistry - ok
15:46:22.0450 0x0e1c  rkhdrv40 - ok
15:46:22.0456 0x0e1c  [ 83A6C2CAFE236652D1559640594A0EA8 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
15:46:22.0457 0x0e1c  rpcapd - ok
15:46:22.0461 0x0e1c  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:46:22.0463 0x0e1c  RpcEptMapper - ok
15:46:22.0465 0x0e1c  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:46:22.0466 0x0e1c  RpcLocator - ok
15:46:22.0475 0x0e1c  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
15:46:22.0478 0x0e1c  RpcSs - ok
15:46:22.0481 0x0e1c  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:46:22.0482 0x0e1c  rspndr - ok
15:46:22.0485 0x0e1c  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
15:46:22.0486 0x0e1c  s3cap - ok
15:46:22.0489 0x0e1c  [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs           C:\Windows\system32\lsass.exe
15:46:22.0490 0x0e1c  SamSs - ok
15:46:22.0493 0x0e1c  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
15:46:22.0494 0x0e1c  sbp2port - ok
15:46:22.0499 0x0e1c  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:46:22.0502 0x0e1c  SCardSvr - ok
15:46:22.0505 0x0e1c  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:46:22.0506 0x0e1c  scfilter - ok
15:46:22.0521 0x0e1c  [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule        C:\Windows\system32\schedsvc.dll
15:46:22.0531 0x0e1c  Schedule - ok
15:46:22.0534 0x0e1c  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:46:22.0535 0x0e1c  SCPolicySvc - ok
15:46:22.0541 0x0e1c  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:46:22.0543 0x0e1c  SDRSVC - ok
15:46:22.0546 0x0e1c  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:46:22.0546 0x0e1c  secdrv - ok
15:46:22.0550 0x0e1c  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
15:46:22.0551 0x0e1c  seclogon - ok
15:46:22.0554 0x0e1c  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
15:46:22.0556 0x0e1c  SENS - ok
15:46:22.0559 0x0e1c  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:46:22.0561 0x0e1c  SensrSvc - ok
15:46:22.0563 0x0e1c  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:46:22.0564 0x0e1c  Serenum - ok
15:46:22.0567 0x0e1c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:46:22.0568 0x0e1c  Serial - ok
15:46:22.0571 0x0e1c  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:46:22.0572 0x0e1c  sermouse - ok
15:46:22.0580 0x0e1c  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
15:46:22.0582 0x0e1c  SessionEnv - ok
15:46:22.0585 0x0e1c  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
15:46:22.0585 0x0e1c  sffdisk - ok
15:46:22.0588 0x0e1c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:46:22.0589 0x0e1c  sffp_mmc - ok
15:46:22.0592 0x0e1c  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
15:46:22.0593 0x0e1c  sffp_sd - ok
15:46:22.0596 0x0e1c  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:46:22.0596 0x0e1c  sfloppy - ok
15:46:22.0603 0x0e1c  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:46:22.0607 0x0e1c  SharedAccess - ok
15:46:22.0614 0x0e1c  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:46:22.0618 0x0e1c  ShellHWDetection - ok
15:46:22.0621 0x0e1c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:46:22.0622 0x0e1c  SiSRaid2 - ok
15:46:22.0626 0x0e1c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:46:22.0627 0x0e1c  SiSRaid4 - ok
15:46:22.0630 0x0e1c  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:46:22.0631 0x0e1c  Smb - ok
15:46:22.0637 0x0e1c  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:46:22.0638 0x0e1c  SNMPTRAP - ok
15:46:22.0641 0x0e1c  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:46:22.0642 0x0e1c  spldr - ok
15:46:22.0651 0x0e1c  [ 89E8550C5862999FCF482EA562B0E98E ] Spooler         C:\Windows\System32\spoolsv.exe
15:46:22.0655 0x0e1c  Spooler - ok
15:46:22.0694 0x0e1c  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:46:22.0709 0x0e1c  sppsvc - ok
15:46:22.0713 0x0e1c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:46:22.0714 0x0e1c  sppuinotify - ok
15:46:22.0723 0x0e1c  [ EC8F67289105BF270498095F14963464 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:46:22.0727 0x0e1c  srv - ok
15:46:22.0735 0x0e1c  [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:46:22.0738 0x0e1c  srv2 - ok
15:46:22.0743 0x0e1c  [ 26E84D3649019C3244622E654DFCD75B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:46:22.0744 0x0e1c  srvnet - ok
15:46:22.0750 0x0e1c  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:46:22.0752 0x0e1c  SSDPSRV - ok
15:46:22.0756 0x0e1c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:46:22.0758 0x0e1c  SstpSvc - ok
15:46:22.0762 0x0e1c  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:46:22.0763 0x0e1c  stexstor - ok
15:46:22.0772 0x0e1c  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
15:46:22.0778 0x0e1c  stisvc - ok
15:46:22.0781 0x0e1c  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
15:46:22.0782 0x0e1c  storflt - ok
15:46:22.0785 0x0e1c  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
15:46:22.0786 0x0e1c  storvsc - ok
15:46:22.0788 0x0e1c  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:46:22.0789 0x0e1c  swenum - ok
15:46:22.0798 0x0e1c  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:46:22.0804 0x0e1c  swprv - ok
15:46:22.0826 0x0e1c  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
15:46:22.0841 0x0e1c  SysMain - ok
15:46:22.0846 0x0e1c  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:46:22.0848 0x0e1c  TabletInputService - ok
15:46:22.0855 0x0e1c  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:46:22.0858 0x0e1c  TapiSrv - ok
15:46:22.0862 0x0e1c  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:46:22.0863 0x0e1c  TBS - ok
15:46:22.0886 0x0e1c  [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:46:22.0906 0x0e1c  Tcpip - ok
15:46:22.0924 0x0e1c  [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:46:22.0932 0x0e1c  TCPIP6 - ok
15:46:22.0937 0x0e1c  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:46:22.0938 0x0e1c  tcpipreg - ok
15:46:22.0942 0x0e1c  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:46:22.0943 0x0e1c  TDPIPE - ok
15:46:22.0946 0x0e1c  [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:46:22.0947 0x0e1c  TDTCP - ok
15:46:22.0950 0x0e1c  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:46:22.0951 0x0e1c  tdx - ok
15:46:22.0955 0x0e1c  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:46:22.0955 0x0e1c  TermDD - ok
15:46:22.0968 0x0e1c  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
15:46:22.0974 0x0e1c  TermService - ok
15:46:22.0978 0x0e1c  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:46:22.0979 0x0e1c  Themes - ok
15:46:22.0983 0x0e1c  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:46:22.0984 0x0e1c  THREADORDER - ok
15:46:22.0988 0x0e1c  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:46:22.0990 0x0e1c  TrkWks - ok
15:46:22.0995 0x0e1c  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:46:22.0997 0x0e1c  TrustedInstaller - ok
15:46:23.0001 0x0e1c  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:46:23.0002 0x0e1c  tssecsrv - ok
15:46:23.0006 0x0e1c  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:46:23.0007 0x0e1c  tunnel - ok
15:46:23.0011 0x0e1c  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:46:23.0012 0x0e1c  uagp35 - ok
15:46:23.0019 0x0e1c  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:46:23.0022 0x0e1c  udfs - ok
15:46:23.0028 0x0e1c  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:46:23.0029 0x0e1c  UI0Detect - ok
15:46:23.0033 0x0e1c  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
15:46:23.0034 0x0e1c  uliagpkx - ok
15:46:23.0037 0x0e1c  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:46:23.0038 0x0e1c  umbus - ok
15:46:23.0041 0x0e1c  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:46:23.0042 0x0e1c  UmPass - ok
15:46:23.0046 0x0e1c  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:46:23.0049 0x0e1c  UmRdpService - ok
15:46:23.0056 0x0e1c  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:46:23.0060 0x0e1c  upnphost - ok
15:46:23.0064 0x0e1c  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:46:23.0065 0x0e1c  usbccgp - ok
15:46:23.0069 0x0e1c  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
15:46:23.0070 0x0e1c  usbcir - ok
15:46:23.0074 0x0e1c  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:46:23.0074 0x0e1c  usbehci - ok
15:46:23.0081 0x0e1c  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:46:23.0084 0x0e1c  usbhub - ok
15:46:23.0087 0x0e1c  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:46:23.0088 0x0e1c  usbohci - ok
15:46:23.0091 0x0e1c  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:46:23.0092 0x0e1c  usbprint - ok
15:46:23.0095 0x0e1c  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:46:23.0097 0x0e1c  USBSTOR - ok
15:46:23.0099 0x0e1c  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:46:23.0100 0x0e1c  usbuhci - ok
15:46:23.0104 0x0e1c  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:46:23.0105 0x0e1c  UxSms - ok
15:46:23.0108 0x0e1c  [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc        C:\Windows\system32\lsass.exe
15:46:23.0109 0x0e1c  VaultSvc - ok
15:46:23.0117 0x0e1c  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
15:46:23.0117 0x0e1c  vdrvroot - ok
15:46:23.0126 0x0e1c  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
15:46:23.0132 0x0e1c  vds - ok
15:46:23.0135 0x0e1c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:46:23.0136 0x0e1c  vga - ok
15:46:23.0139 0x0e1c  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:46:23.0140 0x0e1c  VgaSave - ok
15:46:23.0145 0x0e1c  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
15:46:23.0147 0x0e1c  vhdmp - ok
15:46:23.0150 0x0e1c  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
15:46:23.0150 0x0e1c  viaide - ok
15:46:23.0156 0x0e1c  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
15:46:23.0158 0x0e1c  vmbus - ok
15:46:23.0161 0x0e1c  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
15:46:23.0162 0x0e1c  VMBusHID - ok
15:46:23.0165 0x0e1c  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
15:46:23.0166 0x0e1c  volmgr - ok
15:46:23.0173 0x0e1c  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:46:23.0178 0x0e1c  volmgrx - ok
15:46:23.0184 0x0e1c  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
15:46:23.0188 0x0e1c  volsnap - ok
15:46:23.0193 0x0e1c  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:46:23.0195 0x0e1c  vsmraid - ok
15:46:23.0216 0x0e1c  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
15:46:23.0234 0x0e1c  VSS - ok
15:46:23.0237 0x0e1c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:46:23.0238 0x0e1c  vwifibus - ok
15:46:23.0246 0x0e1c  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:46:23.0250 0x0e1c  W32Time - ok
15:46:23.0255 0x0e1c  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:46:23.0256 0x0e1c  WacomPen - ok
15:46:23.0260 0x0e1c  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:46:23.0261 0x0e1c  WANARP - ok
15:46:23.0263 0x0e1c  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:46:23.0264 0x0e1c  Wanarpv6 - ok
15:46:23.0284 0x0e1c  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
15:46:23.0297 0x0e1c  wbengine - ok
15:46:23.0303 0x0e1c  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:46:23.0306 0x0e1c  WbioSrvc - ok
15:46:23.0313 0x0e1c  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:46:23.0317 0x0e1c  wcncsvc - ok
15:46:23.0320 0x0e1c  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:46:23.0322 0x0e1c  WcsPlugInService - ok
15:46:23.0325 0x0e1c  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:46:23.0326 0x0e1c  Wd - ok
15:46:23.0336 0x0e1c  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:46:23.0344 0x0e1c  Wdf01000 - ok
15:46:23.0348 0x0e1c  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:46:23.0350 0x0e1c  WdiServiceHost - ok
15:46:23.0352 0x0e1c  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:46:23.0354 0x0e1c  WdiSystemHost - ok
15:46:23.0360 0x0e1c  [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient       C:\Windows\System32\webclnt.dll
15:46:23.0363 0x0e1c  WebClient - ok
15:46:23.0368 0x0e1c  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:46:23.0371 0x0e1c  Wecsvc - ok
15:46:23.0376 0x0e1c  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:46:23.0377 0x0e1c  wercplsupport - ok
15:46:23.0381 0x0e1c  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:46:23.0383 0x0e1c  WerSvc - ok
15:46:23.0386 0x0e1c  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:46:23.0386 0x0e1c  WfpLwf - ok
15:46:23.0389 0x0e1c  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:46:23.0390 0x0e1c  WIMMount - ok
15:46:23.0392 0x0e1c  WinDefend - ok
15:46:23.0396 0x0e1c  WinHttpAutoProxySvc - ok
15:46:23.0405 0x0e1c  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:46:23.0408 0x0e1c  Winmgmt - ok
15:46:23.0433 0x0e1c  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:46:23.0449 0x0e1c  WinRM - ok
15:46:23.0466 0x0e1c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:46:23.0474 0x0e1c  Wlansvc - ok
15:46:23.0477 0x0e1c  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:46:23.0478 0x0e1c  WmiAcpi - ok
15:46:23.0484 0x0e1c  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:46:23.0486 0x0e1c  wmiApSrv - ok
15:46:23.0488 0x0e1c  WMPNetworkSvc - ok
15:46:23.0492 0x0e1c  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:46:23.0494 0x0e1c  WPCSvc - ok
15:46:23.0497 0x0e1c  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:46:23.0499 0x0e1c  WPDBusEnum - ok
15:46:23.0502 0x0e1c  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:46:23.0503 0x0e1c  ws2ifsl - ok
15:46:23.0506 0x0e1c  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
15:46:23.0508 0x0e1c  wscsvc - ok
15:46:23.0511 0x0e1c  WSearch - ok
15:46:23.0541 0x0e1c  [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:46:23.0566 0x0e1c  wuauserv - ok
15:46:23.0570 0x0e1c  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:46:23.0571 0x0e1c  WudfPf - ok
15:46:23.0576 0x0e1c  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:46:23.0578 0x0e1c  WUDFRd - ok
15:46:23.0582 0x0e1c  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:46:23.0584 0x0e1c  wudfsvc - ok
15:46:23.0590 0x0e1c  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:46:23.0593 0x0e1c  WwanSvc - ok
15:46:23.0596 0x0e1c  ================ Scan global ===============================
15:46:23.0599 0x0e1c  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:46:23.0604 0x0e1c  [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
15:46:23.0610 0x0e1c  [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
15:46:23.0614 0x0e1c  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:46:23.0621 0x0e1c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:46:23.0623 0x0e1c  [Global] - ok
15:46:23.0623 0x0e1c  ================ Scan MBR ==================================
15:46:23.0625 0x0e1c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:46:23.0668 0x0e1c  \Device\Harddisk0\DR0 - ok
15:46:23.0668 0x0e1c  ================ Scan VBR ==================================
15:46:23.0670 0x0e1c  [ D8EF81263D5BDDB09D3A39CF98075026 ] \Device\Harddisk0\DR0\Partition1
15:46:23.0671 0x0e1c  \Device\Harddisk0\DR0\Partition1 - ok
15:46:23.0674 0x0e1c  [ 362A2FB10D8DD29F66EC4B4115EF5540 ] \Device\Harddisk0\DR0\Partition2
15:46:23.0675 0x0e1c  \Device\Harddisk0\DR0\Partition2 - ok
15:46:23.0676 0x0e1c  ============================================================
15:46:23.0676 0x0e1c  Scan finished
15:46:23.0676 0x0e1c  ============================================================
15:46:23.0683 0x06f4  Detected object count: 0
15:46:23.0683 0x06f4  Actual detected object count: 0
15:47:19.0460 0x0ebc  Deinitialize success
 
--------------------------------------------------------------------------------------------------------------------------------------
 
AdwCleaner[S0].txt -----------------------------------------------------------------------------------------------------------
 
# AdwCleaner v3.005 - Report created 24/09/2013 at 15:54:07
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : user1 - AFLOWERPOT
# Running from : C:\Users\user1\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\BI
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
 
-\\ Mozilla Firefox v24.0 (en-GB)
 
[ File : C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\dfw567l4.default\prefs.js ]
 
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1053 octets] - [24/09/2013 15:52:40]
AdwCleaner[S0].txt - [944 octets] - [24/09/2013 15:54:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1003 octets] ##########
 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

ESET Online Scanner - no threats found, no log to post.

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Here are some details about what I did.

I booted normally into the infected machine, no SafeMode, no Kaspersky Rescue Disc. So all the results may be dodgy.

I only attached the system drive (OCZ 60GB SSD), leaving aside my other drives which have most likely been compromised too (250GB Seagate, 640GB WD). The scans would have taken too long. If no A/V can scan and disinfect them as is, I shall have to connect them while inside a more trustworthy environment (like the Kaspersky Rescue Disc which is Linux-based), back them up one at a time and then format everything. I scanned one inside Kaspersky Rescue Disc and it found nothing though, so I don't know if the drive is really clean or the Kaspersky Rescue Disc has been compromised when it was created on an infected machine, or the infection is simply undetectable when not active.

On the last step after the AdwCleaner reboot I started up Chrome again and installed esetsmartinstaller_enu.exe, which scanned my system drive and found nothing.

 

Thanks!



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:45 PM

Posted 24 September 2013 - 09:42 AM

Did you successfully run ComboFix or did it fail? If so how long ago?
 
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Onirwai

Onirwai
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 24 September 2013 - 10:27 AM

I did run ComboFix last night for me (23rd September 2013 at 18:27 UTC-5) but in SafeMode with Networking
 
Here is the log -------------------------------------------------------------------------------------------------------------------
Removed unrequested CF log 
 
I ran aswMBR.exe and it produced the following log:
 
 
aswMBR.txt -------------------------------------------------------------------------------------
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-24 18:14:03
-----------------------------
18:14:03.503    OS Version: Windows x64 6.1.7600 
18:14:03.503    Number of processors: 4 586 0x2A07
18:14:03.503    ComputerName: AFLOWERPOT  UserName: user1
18:14:03.880    Initialize success
18:17:35.402    AVAST engine defs: 13092400
18:17:53.102    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-8
18:17:53.103    Disk 0 Vendor: OCZ_VERTEX-PLUS 3.55 Size: 57241MB BusType: 11
18:17:53.108    Disk 0 MBR read successfully
18:17:53.109    Disk 0 MBR scan
18:17:53.112    Disk 0 Windows 7 default MBR code
18:17:53.116    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:17:53.119    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        57139 MB offset 206848
18:17:53.127    Disk 0 scanning C:\Windows\system32\drivers
18:17:56.672    Service scanning
18:18:02.893    Modules scanning
18:18:02.897    Disk 0 trace - called modules:
18:18:02.900    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll asahci64.sys 
18:18:02.902    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007250060]
18:18:02.904    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-8[0xfffffa8007033060]
18:18:03.233    AVAST engine scan C:\Windows
18:18:03.774    AVAST engine scan C:\Windows\system32
18:19:52.345    AVAST engine scan C:\Windows\system32\drivers
18:20:01.406    AVAST engine scan C:\Users\user1
18:21:08.426    AVAST engine scan C:\ProgramData
18:22:01.715    Scan finished successfully
18:23:35.607    Disk 0 MBR has been saved successfully to "C:\Users\user1\Desktop\MBR.dat"
18:23:35.610    The log file has been saved successfully to "C:\Users\user1\Desktop\aswMBR.txt"
 
------------------------------------------------------------------------------

Edited by boopme, 24 September 2013 - 10:35 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:45 PM

Posted 24 September 2013 - 10:37 AM

How is it running now? I had remove the CF log. Forum rules state they have to be pasted elsewhere.
I also do not recommend you run CF like any other tool, as it is not.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Onirwai

Onirwai
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 24 September 2013 - 11:09 AM

Well it's running badly. Sorry about the ComboFix log, I didn't know.

 

I ran ComboFix again under normal conditions, booting fully into Windows, closing all programs and pausing Kaspersky. During its running it rebooted my machine, then finished successfully, producing the following logs, which I will not paste here anymore.

 

The only thing I was able to read in the ComboFix logs was that on this run it decided to quarantine the MBR (I guess).

 

ComboFix-quarantined-files.txt -----------------------------------------------------------------------

 

2013-09-23 22:29:28 . 2013-09-24 15:35:14          114,583 ----a-w-  C:\Qoobox\Quarantine\C\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Preferences.vir
2013-09-23 22:27:56 . 2013-09-23 22:27:56              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-09-23 22:26:26 . 2013-09-24 15:36:04            3,754 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-09-23 22:24:57 . 2013-09-24 15:34:20              102 ----a-w-  C:\Qoobox\Quarantine\catchme.log
 
-----------------------------------------------------------------------------------------------------------------------
 
After reboot Kaspersky broke down completely, it couldn't emerge from Paused protection mode, found corrupted databases and a problem with the license.

 

Because I am pressed for time, I would like to ask if you can advise for/against the following actions. I have an infected laptop that I must fix quickly. I have backed up all the user data and a few settings (like the Bookmarks file from Google Chrome). I plan to load the Windows DVD, format all the drives and install Windows from scratch. I will probably have to connect to the Internet afterwards to get an antivirus.

 

What should I do? Will Quick Format rid me of the infection? Is the rootkit simply going to reinfect the laptop as soon as I plug the ethernet cable back in? (Even though I will reset the router, reconnect and get a different dynamic IP, as well as have no other PCs plugged into the router)

 

Thanks for your help!



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:45 PM

Posted 24 September 2013 - 11:16 AM

It appear the master boot record is infected. A full format and reinstall will fix it. Or you ned to post those CF logs with a DDS log by doing steps 6,7 and 8 here.
Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Onirwai

Onirwai
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 24 September 2013 - 11:26 AM

What should I do to be able to tell how the malware propagates?

 

I HAD my system drive formatted, got Kaspersky installed on it from a 100% uncompromised machine (a friend), then when I wanted to re-connect my other hard drives, or connect to the Internet, I somehow got infected again, in spite of the good antivirus.

 

Am I targeted from the Internet, is it from the other hard drives? Has it spread to USB sticks even though I see no suspicious file on them whatsoever?



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:45 PM

Posted 24 September 2013 - 01:16 PM

Possibly something "autorun." We need the DDS.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users