Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD BlueScreenView Log attached!


  • Please log in to reply
14 replies to this topic

#1 1080stunts

1080stunts

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 06 October 2013 - 06:44 PM

I was referred to this page by a moderator.  Please help! I've been having a BSOD every time that I log onto my Comp.

 

==================================================

Dump File         : Mini091513-01.dmp
Crash Time        : 9/15/2013 11:24:10 AM
Bug Check String  : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000008e
Parameter 1       : 0xc0000005
Parameter 2       : 0xb9dff71d
Parameter 3       : 0x971655bc
Parameter 4       : 0x00000000
Caused By Driver  : atapi.sys
Caused By Address : atapi.sys+a71d
File Description  : IDE/ATAPI Port Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5512 (xpsp.080413-2108)
Processor         : 32-bit
Crash Address     : atapi.sys+a71d
Stack Address 1   : ntoskrnl.exe+1819f
Stack Address 2   : MpFilter.sys+d4a2
Stack Address 3   : MpFilter.sys+d061
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini091513-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 9/15/2013 11:31:03 AM
==================================================
 
==================================================
Dump File         : Mini080813-02.dmp
Crash Time        : 8/8/2013 9:42:22 PM
Bug Check String  : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000008e
Parameter 1       : 0xc0000005
Parameter 2       : 0xb9dff71d
Parameter 3       : 0x946f65bc
Parameter 4       : 0x00000000
Caused By Driver  : atapi.sys
Caused By Address : atapi.sys+a71d
File Description  : IDE/ATAPI Port Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5512 (xpsp.080413-2108)
Processor         : 32-bit
Crash Address     : atapi.sys+a71d
Stack Address 1   : ntoskrnl.exe+1819f
Stack Address 2   : MpFilter.sys+d4a2
Stack Address 3   : MpFilter.sys+d061
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini080813-02.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 8/8/2013 9:43:22 PM
==================================================
 
==================================================
Dump File         : Mini080813-01.dmp
Crash Time        : 7/28/2013 2:51:27 PM
Bug Check String  : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000008e
Parameter 1       : 0xc0000005
Parameter 2       : 0xb9dff71d
Parameter 3       : 0x9500f5bc
Parameter 4       : 0x00000000
Caused By Driver  : atapi.sys
Caused By Address : atapi.sys+a71d
File Description  : IDE/ATAPI Port Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5512 (xpsp.080413-2108)
Processor         : 32-bit
Crash Address     : atapi.sys+a71d
Stack Address 1   : ntoskrnl.exe+1819f
Stack Address 2   : MpFilter.sys+d4a2
Stack Address 3   : MpFilter.sys+d061
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini080813-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 8/8/2013 9:40:14 PM
==================================================
 
==================================================
Dump File         : Mini072813-05.dmp
Crash Time        : 7/28/2013 2:10:53 PM
Bug Check String  : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000008e
Parameter 1       : 0xc0000005
Parameter 2       : 0xb9dff71d
Parameter 3       : 0x958245bc
Parameter 4       : 0x00000000
Caused By Driver  : atapi.sys
Caused By Address : atapi.sys+a71d
File Description  : IDE/ATAPI Port Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5512 (xpsp.080413-2108)
Processor         : 32-bit
Crash Address     : atapi.sys+a71d
Stack Address 1   : ntoskrnl.exe+1819f
Stack Address 2   : MpFilter.sys+d4a2
Stack Address 3   : MpFilter.sys+d061
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini072813-05.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 7/28/2013 2:38:59 PM
==================================================
 
==================================================
Dump File         : Mini072813-04.dmp
Crash Time        : 7/28/2013 2:06:00 PM
Bug Check String  : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000008e
Parameter 1       : 0xc0000005
Parameter 2       : 0xb9dff71d
Parameter 3       : 0x95c4b5bc
Parameter 4       : 0x00000000
Caused By Driver  : atapi.sys
Caused By Address : atapi.sys+a71d
File Description  : IDE/ATAPI Port Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5512 (xpsp.080413-2108)
Processor         : 32-bit
Crash Address     : atapi.sys+a71d
Stack Address 1   : ntoskrnl.exe+1819f
Stack Address 2   : MpFilter.sys+d4a2
Stack Address 3   : MpFilter.sys+d061
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini072813-04.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 7/28/2013 2:08:47 PM
==================================================
 
==================================================
Dump File         : Mini072813-03.dmp
Crash Time        : 7/28/2013 1:59:57 PM
Bug Check String  : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000008e
Parameter 1       : 0xc0000005
Parameter 2       : 0xb9dff71d
Parameter 3       : 0x951725bc
Parameter 4       : 0x00000000
Caused By Driver  : atapi.sys
Caused By Address : atapi.sys+a71d
File Description  : IDE/ATAPI Port Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5512 (xpsp.080413-2108)
Processor         : 32-bit
Crash Address     : atapi.sys+a71d
Stack Address 1   : ntoskrnl.exe+1819f
Stack Address 2   : MpFilter.sys+d4a2
Stack Address 3   : MpFilter.sys+d061
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini072813-03.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 7/28/2013 2:03:57 PM
==================================================
 
==================================================
Dump File         : Mini072813-02.dmp
Crash Time        : 7/28/2013 1:55:09 PM
Bug Check String  : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000008e
Parameter 1       : 0xc0000005
Parameter 2       : 0xb9dff71d
Parameter 3       : 0x976ad5bc
Parameter 4       : 0x00000000
Caused By Driver  : atapi.sys
Caused By Address : atapi.sys+a71d
File Description  : IDE/ATAPI Port Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5512 (xpsp.080413-2108)
Processor         : 32-bit
Crash Address     : atapi.sys+a71d
Stack Address 1   : ntoskrnl.exe+1819f
Stack Address 2   : MpFilter.sys+d4a2
Stack Address 3   : MpFilter.sys+d061
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini072813-02.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 7/28/2013 1:57:37 PM
==================================================
 
==================================================
Dump File         : Mini072813-01.dmp
Crash Time        : 7/28/2013 1:52:23 PM
Bug Check String  : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000008e
Parameter 1       : 0xc0000005
Parameter 2       : 0xb9dff71d
Parameter 3       : 0x98cba674
Parameter 4       : 0x00000000
Caused By Driver  : atapi.sys
Caused By Address : atapi.sys+a71d
File Description  : IDE/ATAPI Port Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5512 (xpsp.080413-2108)
Processor         : 32-bit
Crash Address     : atapi.sys+a71d
Stack Address 1   : ntoskrnl.exe+1819f
Stack Address 2   : MpFilter.sys+d4a2
Stack Address 3   : MpFilter.sys+d061
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini072813-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 7/28/2013 1:53:54 PM
==================================================
 
==================================================
Dump File         : Mini042613-01.dmp
Crash Time        : 4/26/2013 12:02:12 AM
Bug Check String  : INVALID_WORK_QUEUE_ITEM
Bug Check Code    : 0x00000096
Parameter 1       : 0xba50fd24
Parameter 2       : 0x80564820
Parameter 3       : 0x80564820
Parameter 4       : 0x8b0926ba
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f43
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5938 (xpsp_sp3_gdr.100216-1514)
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+22f43
Stack Address 1   : ntoskrnl.exe+25d80
Stack Address 2   : ntoskrnl.exe+61766
Stack Address 3   : ntoskrnl.exe+f8f62
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini042613-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 4/26/2013 12:04:41 AM
==================================================
 
==================================================
Dump File         : Mini011711-01.dmp
Crash Time        : 1/17/2011 11:12:58 AM
Bug Check String  : KERNEL_STACK_INPAGE_ERROR
Bug Check Code    : 0x00000077
Parameter 1       : 0x00000001
Parameter 2       : 0xfff7f7f7
Parameter 3       : 0x00000000
Parameter 4       : 0xa816f960
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f43
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5938 (xpsp_sp3_gdr.100216-1514)
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+22f43
Stack Address 1   : ntoskrnl.exe+3be34
Stack Address 2   : ntoskrnl.exe+68d96
Stack Address 3   : ntoskrnl.exe+69266
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini011711-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 1/17/2011 11:14:27 AM
==================================================
 
==================================================
Dump File         : Mini091909-01.dmp
Crash Time        : 9/19/2009 6:25:18 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x10000050
Parameter 1       : 0xbcacd000
Parameter 2       : 0x00000001
Parameter 3       : 0x805462d0
Parameter 4       : 0x00000000
Caused By Driver  : win32k.sys
Caused By Address : win32k.sys+2dece
File Description  : Multi-User Win32 Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5976 (xpsp_sp3_gdr.100501-1623)
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+6f2d0
Stack Address 1   : win32k.sys+2dd45
Stack Address 2   : win32k.sys+2bd23
Stack Address 3   : win32k.sys+50ae
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini091909-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 9/19/2009 6:26:42 PM
==================================================
 
==================================================
Dump File         : Mini070609-01.dmp
Crash Time        : 7/6/2009 3:42:49 AM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x1000000a
Parameter 1       : 0x7f887010
Parameter 2       : 0x00000002
Parameter 3       : 0x00000000
Parameter 4       : 0x804f4a13
Caused By Driver  : sysaudio.sys
Caused By Address : sysaudio.sys+1a8c
File Description  : System Audio WDM Filter
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5512 (xpsp.080413-2108)
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+1da13
Stack Address 1   : ntoskrnl.exe+187b4
Stack Address 2   : ks.sys+9b31
Stack Address 3   : sysaudio.sys+2b33
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini070609-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 7/6/2009 9:04:38 AM
==================================================
 
==================================================
Dump File         : Mini060709-01.dmp
Crash Time        : 6/7/2009 3:14:17 PM
Bug Check String  : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000008e
Parameter 1       : 0x80000004
Parameter 2       : 0x806ecae1
Parameter 3       : 0xa6a8a708
Parameter 4       : 0x00000000
Caused By Driver  : hal.dll
Caused By Address : hal.dll+8ae1
File Description  : Hardware Abstraction Layer DLL
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5512 (xpsp.080413-2111)
Processor         : 32-bit
Crash Address     : hal.dll+8ae1
Stack Address 1   : hal.dll+5f0f
Stack Address 2   : hal.dll+6337
Stack Address 3   : hal.dll+714d
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini060709-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 6/7/2009 3:15:23 PM
==================================================
 
==================================================
Dump File         : Mini060909-01.dmp
Crash Time        : 6/7/2009 3:14:17 PM
Bug Check String  : THREAD_STUCK_IN_DEVICE_DRIVER
Bug Check Code    : 0x000000ea
Parameter 1       : 0x88e67328
Parameter 2       : 0x8ab7c008
Parameter 3       : 0x8ab449e0
Parameter 4       : 0x00000001
Caused By Driver  : igxpdx32.DLL
Caused By Address : igxpdx32.DLL+223f37
File Description  : DirectDraw® Driver for Intel® Graphics Technology
Product Name      : Intel Graphics Accelerator Drivers for Windows NT®
Company           : Intel Corporation
File Version      : 6.14.10.4814
Processor         : 32-bit
Crash Address     : igxpdv32.DLL+aa5
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini060909-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 65,536
Dump File Time    : 6/7/2009 3:14:17 PM
==================================================
 
==================================================
Dump File         : Mini031609-01.dmp
Crash Time        : 3/16/2009 12:59:57 AM
Bug Check String  : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000008e
Parameter 1       : 0x80000004
Parameter 2       : 0x806ecae1
Parameter 3       : 0xa583f774
Parameter 4       : 0x00000000
Caused By Driver  : hal.dll
Caused By Address : hal.dll+8ae1
File Description  : Hardware Abstraction Layer DLL
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5512 (xpsp.080413-2111)
Processor         : 32-bit
Crash Address     : hal.dll+8ae1
Stack Address 1   : hal.dll+5f0f
Stack Address 2   : hal.dll+6337
Stack Address 3   : hal.dll+714d
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini031609-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 3/16/2009 1:00:59 AM
==================================================
 
==================================================
Dump File         : Mini031709-01.dmp
Crash Time        : 3/16/2009 12:59:56 AM
Bug Check String  : THREAD_STUCK_IN_DEVICE_DRIVER
Bug Check Code    : 0x000000ea
Parameter 1       : 0x86bfcd08
Parameter 2       : 0x844ae008
Parameter 3       : 0x86c72700
Parameter 4       : 0x00000001
Caused By Driver  : igxpdx32.DLL
Caused By Address : igxpdx32.DLL+223f37
File Description  : DirectDraw® Driver for Intel® Graphics Technology
Product Name      : Intel Graphics Accelerator Drivers for Windows NT®
Company           : Intel Corporation
File Version      : 6.14.10.4814
Processor         : 32-bit
Crash Address     : igxpdv32.DLL+ac1
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini031709-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 65,536
Dump File Time    : 3/16/2009 12:59:57 AM
==================================================
 
==================================================
Dump File         : Mini011609-01.dmp
Crash Time        : 1/16/2009 9:33:10 AM
Bug Check String  : KERNEL_STACK_INPAGE_ERROR
Bug Check Code    : 0x00000077
Parameter 1       : 0x00000001
Parameter 2       : 0x33706d2e
Parameter 3       : 0x00000000
Parameter 4       : 0x87f42c4c
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f43
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5938 (xpsp_sp3_gdr.100216-1514)
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+22f43
Stack Address 1   : ntoskrnl.exe+3be28
Stack Address 2   : ntoskrnl.exe+68d86
Stack Address 3   : ntoskrnl.exe+69256
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini011609-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 1/16/2009 9:34:09 AM
==================================================
 
==================================================
Dump File         : Mini122008-01.dmp
Crash Time        : 12/20/2008 11:02:09 AM
Bug Check String  : KERNEL_STACK_INPAGE_ERROR
Bug Check Code    : 0x00000077
Parameter 1       : 0x00000001
Parameter 2       : 0x7750d234
Parameter 3       : 0x00000000
Parameter 4       : 0xa4cd4c4c
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22f43
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 5.1.2600.5938 (xpsp_sp3_gdr.100216-1514)
Processor         : 32-bit
Crash Address     : ntoskrnl.exe+22f43
Stack Address 1   : ntoskrnl.exe+3be28
Stack Address 2   : ntoskrnl.exe+68d86
Stack Address 3   : ntoskrnl.exe+69256
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini122008-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 12/20/2008 11:03:23 AM
==================================================
 
==================================================
Dump File         : Mini110608-01.dmp
Crash Time        : 11/6/2008 3:11:48 AM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x10000050
Parameter 1       : 0xe8274104
Parameter 2       : 0x00000000
Parameter 3       : 0xbf385265
Parameter 4       : 0x00000001
Caused By Driver  : igxpdx32.DLL
Caused By Address : igxpdx32.DLL+1ad265
File Description  : DirectDraw® Driver for Intel® Graphics Technology
Product Name      : Intel Graphics Accelerator Drivers for Windows NT®
Company           : Intel Corporation
File Version      : 6.14.10.4814
Processor         : 32-bit
Crash Address     : igxpdx32.DLL+1ad265
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\Mini110608-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 2600
Dump File Size    : 98,304
Dump File Time    : 11/6/2008 3:13:51 AM
==================================================
 
 


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:10 AM

Posted 06 October 2013 - 07:20 PM

Is the computer operable at all?


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 1080stunts

1080stunts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 06 October 2013 - 07:34 PM

Yeah.  I'm on it in safe mode right now.  The backlight died so i hooked it up to a monitor.



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:10 AM

Posted 06 October 2013 - 07:41 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 1080stunts

1080stunts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 12 October 2013 - 01:59 PM

First off, thanks for taking time out to help.  I followed your directions to the letter, however, when I tried to scan with this  Malwarebytes Anti-Rootkit, I got a BSOD within safe mode.  So attached are the first 3 logs.  I'm afraid to use Rkill, unless you tell me otherwise.  Once I restarted back into safe-mode it took many attempts before I was able to get back onto safe mode.  The start-up would stop at mus.sys.  Thanks again.

Checkup:
 

 Results of screen317's Security Check version 0.99.74  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Please wait while WMIC compiles updated MOF files.d 
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Ad-Aware 
 Spybot - Search & Destroy 
 Java™ 6 Update 20  
 Java™ SE Runtime Environment 6 Update 1 
 Java™ 6 Update 3  
 Java™ 6 Update 5  
 Java™ 6 Update 7  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 8 Adobe Reader out of Date! 
 Mozilla Firefox 12.0 Firefox out of Date!  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled! 
 Ad-Aware AAWTray.exe is disabled! 
 Ad-Aware Antivirus SBAMSvc.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
 
 
FSS----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Farbar Service Scanner Version: 13-09-2013
Ran by Administrator (administrator) on 12-10-2013 at 12:18:52
Running from "C:\Documents and Settings\Administrator\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Network
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".
 
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".
 
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
 
Extra List:
=======
AegisP(12) fssfltr(13) Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(10) Tcpip(3) 
0x0D000000040000000100000002000000030000000A00000005000000060000000700000008000000090000000B0000000C0000000D000000
IpSec Tag value is correct.
 
**** End of log ****
 
 
RESULT************************************************************************************************************


MiniToolBox by Farbar  Version: 13-07-2013
Ran by Administrator (administrator) on 12-10-2013 at 12:20:31
Running from "C:\Documents and Settings\Administrator\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 1001-search.info
127.0.0.1 www.1001-search.info
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
 
There are 7273 more lines starting with "127.0.0.1"
 
========================= IP Configuration: ================================
 
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set address name="Local Area Connection" gateway=192.168.0.1 gwmetric=0
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
# Interface IP Configuration for "Wireless Network Connection"
 
set address name="Wireless Network Connection" source=dhcp 
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : D830J0C1
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Hybrid
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
 
        Physical Address. . . . . . . . . : 00-15-C5-5A-09-BB
 
 
 
Ethernet adapter Wireless Network Connection:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
 
        Physical Address. . . . . . . . . : 00-18-DE-3C-CE-0B
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.0.195
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.0.1
 
        DHCP Server . . . . . . . . . . . : 192.168.0.1
 
        DNS Servers . . . . . . . . . . . : 192.168.0.1
 
        Lease Obtained. . . . . . . . . . : Saturday, October 12, 2013 12:08:44 PM
 
        Lease Expires . . . . . . . . . . : Sunday, October 13, 2013 12:08:44 PM
 
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  173.194.43.32, 173.194.43.41, 173.194.43.35, 173.194.43.39
 173.194.43.34, 173.194.43.46, 173.194.43.37, 173.194.43.38, 173.194.43.40
 173.194.43.33, 173.194.43.36
 
 
 
Pinging google.com [173.194.43.32] with 32 bytes of data:
 
 
 
Reply from 173.194.43.32: bytes=32 time=13ms TTL=56
 
Reply from 173.194.43.32: bytes=32 time=13ms TTL=56
 
 
 
Ping statistics for 173.194.43.32:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 13ms, Maximum = 13ms, Average = 13ms
 
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45
 
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
 
 
 
Reply from 98.139.183.24: bytes=32 time=29ms TTL=53
 
Reply from 98.139.183.24: bytes=32 time=93ms TTL=53
 
 
 
Ping statistics for 98.139.183.24:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 29ms, Maximum = 93ms, Average = 61ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 c5 5a 09 bb ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 18 de 3c ce 0b ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.195  25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.0.0    255.255.255.0    192.168.0.195   192.168.0.195  25
    192.168.0.195  255.255.255.255        127.0.0.1       127.0.0.1  25
    192.168.0.255  255.255.255.255    192.168.0.195   192.168.0.195  25
        224.0.0.0        240.0.0.0    192.168.0.195   192.168.0.195  25
  255.255.255.255  255.255.255.255    192.168.0.195               2  1
  255.255.255.255  255.255.255.255    192.168.0.195   192.168.0.195  1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/06/2013 07:41:52 PM) (Source: MsiInstaller) (User: D830J0C1)
Description: Product: Symantec AntiVirus -- Error 1706.No valid source could be found for product Symantec AntiVirus.  The Windows Installer cannot continue.
 
Error: (10/06/2013 07:38:15 PM) (Source: MsiInstaller) (User: D830J0C1)
Description: The installation of C:\Documents and Settings\marianne\My Documents\Downloads\MicrosoftFixit50535 (1).msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
 
Error: (10/06/2013 03:26:12 PM) (Source: MsiInstaller) (User: D830J0C1)
Description: Product: Symantec AntiVirus -- Error 1706.No valid source could be found for product Symantec AntiVirus.  The Windows Installer cannot continue.
 
Error: (10/06/2013 03:23:00 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.1.522.00x8004ff11common client setup outcomesetresultdatapoints0security essentialsNILNILNIL
 
Error: (10/06/2013 03:23:00 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x8004FF11
Description:.  0x8004FF11.
 
Error: (10/06/2013 03:19:35 PM) (Source: MsiInstaller) (User: D830J0C1)
Description: The installation of F:\MicrosoftFixit50535.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
 
Error: (10/06/2013 03:09:35 PM) (Source: MsiInstaller) (User: D830J0C1)
Description: The installation of F:\MicrosoftFixit50535.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
 
Error: (10/06/2013 03:06:22 PM) (Source: MsiInstaller) (User: D830J0C1)
Description: The installation of F:\MicrosoftFixit50535.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
 
Error: (10/06/2013 03:06:18 PM) (Source: MsiInstaller) (User: D830J0C1)
Description: The installation of F:\MicrosoftFixit50535.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
 
Error: (10/06/2013 03:01:37 PM) (Source: MsiInstaller) (User: D830J0C1)
Description: Product: Symantec AntiVirus -- Error 1706.No valid source could be found for product Symantec AntiVirus.  The Windows Installer cannot continue.
 
 
System errors:
=============
Error: (10/12/2013 00:10:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (10/12/2013 00:10:14 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (10/12/2013 00:09:51 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
APPDRV
eeCtrl
Fips
intelppm
Lbd
MpFilter
OMCI
SAVRT
SAVRTPEL
SPBBCDrv
SYMTDI
 
Error: (10/12/2013 00:09:41 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (10/12/2013 00:06:06 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error: 
%%2
 
Error: (10/06/2013 10:05:21 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (10/06/2013 07:41:55 PM) (Source: DCOM) (User: D830J0C1)
Description: DCOM got error "%%1058" attempting to start the service Ad-Aware Service with arguments ""
in order to run the server:
{706FFEF5-7E90-4149-B038-B39106ECDB99}
 
Error: (10/06/2013 07:41:28 PM) (Source: DCOM) (User: D830J0C1)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (10/06/2013 07:41:26 PM) (Source: DCOM) (User: D830J0C1)
Description: DCOM got error "%%1058" attempting to start the service Ad-Aware Service with arguments ""
in order to run the server:
{706FFEF5-7E90-4149-B038-B39106ECDB99}
 
Error: (10/06/2013 07:38:27 PM) (Source: DCOM) (User: D830J0C1)
Description: DCOM got error "%%1058" attempting to start the service Ad-Aware Service with arguments ""
in order to run the server:
{706FFEF5-7E90-4149-B038-B39106ECDB99}
 
 
Microsoft Office Sessions:
=========================
Error: (05/09/2009 09:36:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: , Microsoft Office Version: 12.0.6425.1000. This session lasted 6831 seconds with 1140 seconds of active time.  This session ended with a crash.
 
Error: (06/03/2008 11:52:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
=========================== Installed Programs ============================
 
Ad-Aware Antivirus (Version: 10.5.3.4405)
Ad-Aware Browsing Protection (Version: 1.0.1.106)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe Digital Editions
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader 8.3.1 (Version: 8.3.1)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
AGEIA PhysX v7.11.13 (Version: 7.11.13)
AIM 7
AIM MusicLink 2.0.0.1 (Version: 2.0.0.1)
AIM MusicLink 2.2.0.0 (Version: 2.2.0.0)
AIM MusicLink 4.0.0.0 (Version: 4.0.0.0)
Andrea VoiceCenter
AOL Uninstaller (Choose which Products to Remove)
AOLIcon (Version: 1.00.0000)
Apple Application Support (Version: 1.2.0)
Apple Mobile Device Support (Version: 1.1.4.7)
Apple Software Update (Version: 2.1.1.116)
AVS Image Converter 1.1.3.71
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
BitComet 1.26 (Version: 1.26)
Blaze Media Pro
Blaze Media Pro (Version: 8.0)
Broadcom 440x 10/100 Integrated Controller (Version: 10.04.01)
Broadcom Management Programs (Version: 10.15.03)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Call of Duty - United Offensive (Version: 1.00.0000)
Canon MP Drivers
CDisplay 1.8
CEDP Stealer 6.0 for Messenger
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant HDA D110 MDC V.92 Modem
Counter-Strike
Creative Audio Pack
Creative MediaSource 5 (Version: 5.00)
Critical Update for Windows Media Player 11 (KB959772)
Debut Video Capture Software
Dell Digital Jukebox Driver
Dell ResourceCD
Dell Support 3.2 (Version: 5.5.2038)
Dell Support Center (Version: 3.0.5744.02)
Dell System Restore (Version: 2.00.0000)
Dev-C++ 5 beta 9 release (4.9.9.2)
Digital Content Portal (Version: 1.00.0000)
Digital Line Detect (Version: 1.15)
DivX Converter (Version: 6.6.1)
DivX Setup (Version: 2.6.1.28)
Documentation & Support Launcher (Version: 1.00.0000)
Download Updater (AOL LLC)
EASE RM Converter 3.00
EducateU (Version: 1.00.0000)
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) (Version: 9.3.4053)
Google Chrome (Version: 30.0.1599.69)
Hamachi 1.0.2.1
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
IGZ Lobby System (Version: IGZones)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software (Version: 11.5.0000)
Internet Service Offers Launcher (Version: 1.00.0000)
iTunes (Version: 7.6.1.9)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Jeyo Remote 2.0 for Smartphone (Version: 2.0)
Junk Mail filter update (Version: 14.0.8117.416)
Learn2 Player (Uninstall Only)
Linksys EasyLink Advisor 1.5 (1010)
LiveUpdate 3.1 (Symantec Corporation) (Version: 3.1.0.99)
Logger Pro 3.5.0 (Version: 3.5.0)
mCore (Version: 11.02.0000)
mDriver (Version: 11.02.0000)
mDrWiFi (Version: 11.02.0000)
MediaDirect (Version: 4.7)
Mendeley Desktop 1.8.3 (Version: 1.8.3)
Messenger Plus! 5 (Version: 1.0.1.102)
Messenger Plus! Live (Version: 4.90.0.392)
MGTEK dopisp (Version: 6.0.3128)
mHlpDell (Version: 11.02.0000)
Microsoft .NET Compact Framework 1.0 SP3 Developer (Version: 1.0.4292)
Microsoft .NET Compact Framework 2.0 (Version: 2.0.5238)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework SDK (English) 1.1 (Version: 1.1.4322)
Microsoft ActiveSync (Version: 4.5.5096.0)
Microsoft Age of Empires Gold
Microsoft Age of Empires II
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Device Emulator version 1.0 - ENU (Version: 1.0.50727.42)
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005 (Version: 8.0.50727.42)
Microsoft Expression Web (Version: 12.0.6215.1000)
Microsoft Expression Web MUI (English) (Version: 12.0.6425.1000)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Game Studios Common Redistributables Pack 1 (Version: 1.0.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies (Version: 11.0.6553.0)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Basic Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint 2003 (Version: 11.0.8173.0)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6425.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.3.4035.00)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools (Version: 3.0.0.0)
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (Version: 8.00.761)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU (Version: 8.0.50727.42)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Word 2002 (Version: 10.0.6626.0)
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0 (Version: 06.00.0000)
Microsoft Works Suite Add-in for Microsoft Word (Version: 2.0.0.0000)
Microsoft XML Parser (Version: 8.20.8730.4)
mIWA (Version: 11.02.0000)
Mixer
mLogView (Version: 11.02.0000)
mMHouse (Version: 11.02.0000)
Modem Helper (Version: 3.01)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
mPfMgr (Version: 11.02.0000)
mPfWiz (Version: 11.02.0000)
mProSafe (Version: 9.00.0000)
mSCfg (Version: 11.02.0000)
MSDN Library for Visual Studio 2005 (Version: 8.0.50727.137)
mSSO (Version: 11.02.0000)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
MSXML4 Parser (Version: 1.0.0)
mWlsSafe (Version: 9.00.0000)
mWMI (Version: 11.02.0000)
mZConfig (Version: 11.02.0000)
National Instruments Software (Version: )
NetWaiting (Version: 2.5.23)
NI PXI Resource Manager 1.0.0 (Version: 1.00.49155)
NI Uninstaller 1.1.1f1 (Version: 1.11.20)
NI-DIM 1.0.0 (Version: 1.00.49153)
NI-ORB 1.0.1 (Version: 1.01.49153)
NI-PAL 1.6.3f0 Engine (Version: 1.1539.3.0)
NI-RPC 3.0.1f1 Engine (Version: 3.1.3.1)
NirSoft BlueScreenView
Nitro PDF Professional (Version: 6.0.3.1)
NI-VISA Runtime 3.0.1f3 (Version: 3.01.771)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenAL
OpenOffice.org 3.1 (Version: 3.1.9420)
OutlookAddinSetup (Version: 1.0.0)
Pando Media Booster (Version: 2.3.4.0)
PicViewer 3.0.2 (Version: 3.0.2)
Presto! ImageFolio 4.2
Presto! Mr.Photo 3
Presto! VideoWorks 4.5
Prism Video File Converter
PuTTY 0.59
QuickBooks (Version: 20.0.4001.807)
QuickBooks Simple Start 2010 Free Edition (Version: 20.0.4001.807)
QuickSet (Version: 8.1.12)
QuickTime (Version: 7.4.1.14)
RadLight 4.0 FINAL (Version: FINAL)
RealPlayer
Revo Uninstaller 1.85 (Version: 1.85)
Roxio DLA (Version: 5.2.0)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
SearchAssist
SecureW2 EAP Suite 1.0.6 for Windows
Security Task Manager 1.8c (Version: 1.8c)
Segoe UI (Version: 14.0.4327.805)
SigmaTel Audio (Version: 5.10.5210.0)
Softonic-Eng7 Toolbar (Version: )
Sonic Advanced Decoder
Sonic Update Manager (Version: 3.0.0)
Sony Media Manager 2.2 (Version: 2.2.93)
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB (Version: 1.0)
Sound Blaster Audigy ADVANCED MB Demo
Sound Blaster Audigy ADVANCED MB Product Registration
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
StuffPlug 3 (Version: 3.5.590)
swMSM (Version: 12.0.0.1)
Symantec AntiVirus (Version: 10.1.5000.5)
Synaptics Pointing Device Driver (Version: 8.2.4.6)
TBS WMP Plug-in (Version: 1.00.676)
Trend Micro SafeSync (Version: 3.3.0.1091)
Ulead Photo Explorer 6.0
ULTIMATE UNIVERSE 1.0 FULL VERSION
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Windows Internet Explorer 8 (KB969497) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
URL Assistant
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Ventrilo Client (Version: 3.0.5)
VideoLAN VLC media player 0.8.6d (Version: 0.8.6d)
Viewpoint Media Player
Virtual DJ - Atomix Productions
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VobSub v2.23 (Remove Only)
Web Cam 320 (Version: 1.00.000)
WebFldrs XP (Version: 9.50.7523)
WildTangent Web Driver
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04) (Version: 11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Mobile® Device Handbook (Version: 1.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinSCP 3.8.2
WinVDIG 0.99
Works Suite OS Pack (Version: 1.0.0.0000)
Works Synchronization (Version: 1.0.0.0000)
Xfire (remove only)
Yahoo! Messenger
 
========================= Devices: ================================
 
Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 19%
Total physical RAM: 3318.12 MB
Available physical RAM: 2665.85 MB
Total Pagefile: 5205.89 MB
Available Pagefile: 4659.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.52 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:106.35 GB) (Free:23.9 GB) NTFS
2 Drive d: (Warcraft III) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
User accounts for \\D830J0C1
 
Administrator            Guest                    HelpAssistant            
marianne                 SUPPORT_388945a0         
 
 
**** End of log ****
 


#6 1080stunts

1080stunts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 12 October 2013 - 02:06 PM

I tried the Rkill prog- here's the result:
 
Rkill 2.6.1 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/12/2013 03:02:35 PM in x86 mode. (Safe Mode)
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\.exe\shell found and deleted!
 
 
Performing miscellaneous checks:
 
 * Reparse Point/Junctions Found (Most likely legitimate)!
 
     * C:\WINDOWS\assembly\GAC_MSIL\Intuit.QuickBooks.FCS\1.3.0.0__5b3f47ba29970ccb => C:\WINDOWS\WinSxS\MSIL_Intuit.QuickBooks.FCS_5b3f47ba29970ccb_1.3.0.0_x-ww_d936dcb9 [Dir]
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Manual
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled
 
 * Automatic Updates (wuauserv) is not Running.
   Startup Type set to: Disabled
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  127.0.0.1 007guard.com
  127.0.0.1 www.007guard.com
  127.0.0.1 008i.com
  127.0.0.1 008k.com
  127.0.0.1 www.008k.com
  127.0.0.1 00hq.com
  127.0.0.1 www.00hq.com
  127.0.0.1 010402.com
  127.0.0.1 032439.com
  127.0.0.1 www.032439.com
  127.0.0.1 1001-search.info
  127.0.0.1 www.1001-search.info
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 100sexlinks.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 10sek.com
  127.0.0.1 www.10sek.com
  127.0.0.1 123topsearch.com
 
  20 out of 7293 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 10/12/2013 03:03:59 PM
Execution time: 0 hours(s), 1 minute(s), and 23 seconds(s)


#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:10 AM

Posted 12 October 2013 - 02:24 PM

Try MBAR from safe mode.

I also need MBAM log


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 1080stunts

1080stunts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 12 October 2013 - 03:20 PM

safe mode crashed when I tried MBAR but I will try it again.  Here is MBAM


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.12.05
 
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: D830J0C1 [administrator]
 
Protection: Disabled
 
10/12/2013 12:35:19 PM
mbam-log-2013-10-12 (12-35-19).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 302302
Time elapsed: 12 minute(s), 37 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
 
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|bProtectTabs (PUP.Optional.BrowserProtect.A) -> Data: http://www1.delta-search.com/?babsrc=NT_ss&mntrId=C8A20018DE3CCE0B&affID=119351&tsp=4957 -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 9
C:\Documents and Settings\marianne\Application Data\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Application Data\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\chrome (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\components (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\lib (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\META-INF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\searchplugin (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
Files Detected: 42
C:\Documents and Settings\marianne\Application Data\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Application Data\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Application Data\DigitalSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSite.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\020000001afa8c891270C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\020000001afa8c891270O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\020000001afa8c891270P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\020000001afa8c891270S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\020000001afa8c891270C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\020000001afa8c891270O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\020000001afa8c891270P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\020000001afa8c891270S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Application Data\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\chrome.manifest (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\chrome\imvu_inc.jar (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\components\ConduitAutoCompleteSearch.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\components\ConduitAutoCompleteSearch.xpt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\components\ConduitToolbar.idl (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\components\ConduitToolbar.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\components\ConduitToolbar.xpt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\components\RadioWMPCore.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\components\RadioWMPCore.xpt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\components\RadioWMPCoreGecko19.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\defaults\alertSettingsComponent.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\defaults\appContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\defaults\engineContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\defaults\engineSettings.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\defaults\fbAlert.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\defaults\getAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\defaults\postAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\defaults\toolbarContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\defaults\unsharedAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\lib\xpcom.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\META-INF\manifest.mf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\META-INF\zigbert.rsa (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\META-INF\zigbert.sf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\searchplugin\conduit.gif (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\searchplugin\conduit.ico (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\searchplugin\conduit.PNG (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\searchplugin\conduit.src (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\marianne\Local Settings\Temp\ct2612669\searchplugin\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
(end)


#9 1080stunts

1080stunts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 12 October 2013 - 04:33 PM

I tried MBAR again and again it gave me the BSOD in safe mode...



#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:10 AM

Posted 12 October 2013 - 05:39 PM

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 1080stunts

1080stunts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 12 October 2013 - 11:09 PM

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-13 00:07:09
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0 SAMSUNG_HM120JI rev.YF100-15 111.79GB
Running: bt4sr1yp.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\axtyapog.sys
 
 
---- System - GMER 2.1 ----
 
SSDT            spig.sys                                                                                                             ZwCreateKey [0xF74D90E0]
SSDT            spig.sys                                                                                                             ZwEnumerateKey [0xF74F6CA2]
SSDT            spig.sys                                                                                                             ZwEnumerateValueKey [0xF74F7030]
SSDT            spig.sys                                                                                                             ZwOpenKey [0xF74D90C0]
SSDT            spig.sys                                                                                                             ZwQueryKey [0xF74F7108]
SSDT            spig.sys                                                                                                             ZwQueryValueKey [0xF74F6F88]
SSDT            spig.sys                                                                                                             ZwSetValueKey [0xF74F719A]
 
INT 0x62        ?                                                                                                                    8AF88BF8
INT 0x82        ?                                                                                                                    8AF88BF8
INT 0x84        ?                                                                                                                    8AE4FF00
INT 0x94        ?                                                                                                                    8AE4FF00
INT 0xA4        ?                                                                                                                    8AE4FF00
 
---- Devices - GMER 2.1 ----
 
Device          \FileSystem\Ntfs \Ntfs                                                                                               8AF871F8
 
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                              SynTP.sys
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                              SynTP.sys
 
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                     KDCOM.DLL
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                     KDCOM.DLL
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                            8AFF91F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                              8AFF91F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                 8AFF91F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                8AFF91F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                     KDCOM.DLL
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                     KDCOM.DLL
Device          \Driver\usbehci \Device\USBPDO-4                                                                                     8AE471F8
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                               8AF891F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                               8AF891F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                         8AE11500
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0                                                                  8AF0031B
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                   [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3                                                         8AF0031B
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1                                                                  8AF0031B
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                   [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e                                                         8AF0031B
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                          [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\Cdrom \Device\CdRom1                                                                                         8AE11500
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                               8AF891F8
Device          \Driver\Ftdisk \Device\HarddiskVolume4                                                                               8AF891F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{67A9E6C8-6867-466E-98B1-2E40822B863C}                                             897B3500
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              897B3500
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                     897B3500
Device          \Driver\PCI_PNP1198 \Device\0000005e                                                                                 spig.sys
Device          \Driver\PCI_PNP1198 \Device\0000005e                                                                                 spig.sys
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                     KDCOM.DLL
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                     KDCOM.DLL
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    8978F500
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                     KDCOM.DLL
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          8978F500
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                     KDCOM.DLL
Device          \Driver\usbehci \Device\USBFDO-4                                                                                     8AE471F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                     8AF891F8
Device          \Driver\sptd \Device\2821519948                                                                                      spig.sys
Device          \Driver\NetBT \Device\NetBT_Tcpip_{2D7E55CC-B914-4489-9C94-08CB9CCE2028}                                             897B3500
Device          \Driver\acxx7q3l \Device\Scsi\acxx7q3l1Port2Path0Target0Lun0                                                         8ADBD1F8
Device          \Driver\acxx7q3l \Device\Scsi\acxx7q3l1                                                                              8ADBD1F8
Device          \FileSystem\Fastfat \Fat                                                                                             897261F8
Device          \FileSystem\Fastfat \Fat                                                                                             B9162297
 
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                             fltmgr.sys
 
Device          \FileSystem\Cdfs \Cdfs                                                                                               8992E500
 
---- Trace I/O - GMER 2.1 ----
 
Trace           ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8af004d0]<<                                         8af004d0
Trace           1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af10ab8]                                                              8af10ab8
Trace           3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000080[0x8af3e9e8]                                         8af3e9e8
Trace           5 ACPI.sys[f7498620] -> nt!IofCallDriver -> [0x8af5d940]                                                             8af5d940
Trace           \Driver\atapi[0x8aecfaf0] -> IRP_MJ_CREATE -> 0x8af004d0                                                             8af004d0
 
---- Registry - GMER 2.1 ----
 
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0xF5 0x87 0x6E 0x95 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xB4 0x6E 0xA1 0x61 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x97 0xA4 0x89 0x29 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0x36 0xC9 0x08 0x82 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                0x36 0xC9 0x08 0x82 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                0x36 0xC9 0x08 0x82 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xF5 0x87 0x6E 0x95 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xB4 0x6E 0xA1 0x61 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x97 0xA4 0x89 0x29 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x36 0xC9 0x08 0x82 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0x36 0xC9 0x08 0x82 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                    0x36 0xC9 0x08 0x82 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xF5 0x87 0x6E 0x95 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x54 0xB1 0x5C 0x45 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x44 0x09 0x0F 0x0B ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x36 0xC9 0x08 0x82 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0x36 0xC9 0x08 0x82 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                    0x36 0xC9 0x08 0x82 ...
 
---- Disk sectors - GMER 2.1 ----
 
Disk            \Device\Harddisk0\DR0                                                                                                Device \Driver\atapi -> DriverStartIo 8af0031b
Disk            \Device\Harddisk0\DR0                                                                                                TDL4@MBR code has been found                                                                                       <-- ROOTKIT !!!
Disk            \Device\Harddisk0\DR0                                                                                                sector 0: rootkit-like behavior
 
---- EOF - GMER 2.1 ----


#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:10 AM

Posted 13 October 2013 - 08:26 AM

Download TDSSKiller and save it to your desktop.

  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 1080stunts

1080stunts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 13 October 2013 - 09:45 AM

I ran the scan. Removed one infected file and had to restart.  I searched C: and the only log I found was called TDSSKiller.3.0.0.12_13.10.2013_10.24.35_log  .  The following is the log's contents:

 

10:24:40.0156 0x07a0  TDSS rootkit removing tool 3.0.0.12 Oct  9 2013 14:59:22
10:24:40.0562 0x07a0  ============================================================
10:24:40.0562 0x07a0  Current date / time: 2013/10/13 10:24:40.0562
10:24:40.0562 0x07a0  SystemInfo:
10:24:40.0562 0x07a0  
10:24:40.0562 0x07a0  OS Version: 5.1.2600 ServicePack: 3.0
10:24:40.0562 0x07a0  Product type: Workstation
10:24:40.0562 0x07a0  ComputerName: D830J0C1
10:24:40.0562 0x07a0  UserName: Administrator
10:24:40.0562 0x07a0  Windows directory: C:\WINDOWS
10:24:40.0562 0x07a0  System windows directory: C:\WINDOWS
10:24:40.0562 0x07a0  Processor architecture: Intel x86
10:24:40.0562 0x07a0  Number of processors: 2
10:24:40.0562 0x07a0  Page size: 0x1000
10:24:40.0562 0x07a0  Boot type: Safe boot with network
10:24:40.0562 0x07a0  ============================================================
10:25:01.0906 0x07a0  System UUID: {BA2C543F-EF4B-7F17-F08D-9E18B12453A0}
10:25:05.0109 0x07a0  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:25:05.0109 0x07a0  ============================================================
10:25:05.0109 0x07a0  \Device\Harddisk0\DR0:
10:25:05.0109 0x07a0  MBR partitions:
10:25:05.0109 0x07a0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0xD4B2C7B
10:25:05.0156 0x07a0  ============================================================
10:25:05.0250 0x07a0  C: <-> \Device\Harddisk0\DR0\Partition1
10:25:05.0250 0x07a0  ============================================================
10:25:05.0250 0x07a0  Initialize success
10:25:05.0250 0x07a0  ============================================================
10:25:57.0812 0x00cc  ============================================================
10:25:57.0812 0x00cc  Scan started
10:25:57.0812 0x00cc  Mode: Manual; 
10:25:57.0812 0x00cc  ============================================================
10:25:57.0812 0x00cc  KSN ping started
10:26:00.0437 0x00cc  KSN ping finished: true
10:26:02.0109 0x00cc  ================ Scan system memory ========================
10:26:02.0109 0x00cc  System memory - ok
10:26:02.0109 0x00cc  ================ Scan services =============================
10:26:02.0687 0x00cc  Abiosdsk - ok
10:26:02.0718 0x00cc  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:26:02.0734 0x00cc  abp480n5 - ok
10:26:03.0187 0x00cc  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:26:03.0281 0x00cc  ACPI - ok
10:26:03.0312 0x00cc  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
10:26:03.0328 0x00cc  ACPIEC - ok
10:26:04.0328 0x00cc  [ AE1671A3C798A3467DE5E7DD12179803, 102DCD7552F27AB8B55C61601208705538F60AFDB81F8C3D0A82F575DDCF808A ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
10:26:04.0984 0x00cc  Ad-Aware Service - ok
10:26:05.0062 0x00cc  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:26:05.0109 0x00cc  adpu160m - ok
10:26:05.0218 0x00cc  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:26:05.0312 0x00cc  aec - ok
10:26:05.0390 0x00cc  [ 023867B6606FBABCDD52E089C4A507DA, 30BE26F63B7EC6C9607AB46A97ACE83DD8140191D28BAB9E6292DA835A922289 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:26:05.0406 0x00cc  AegisP - ok
10:26:05.0531 0x00cc  [ 7E775010EF291DA96AD17CA4B17137D7, E2B746D5839715432FA073378149545D51C8BEFF8621411E0FF184DE8AA83414 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:26:05.0609 0x00cc  AFD - ok
10:26:05.0671 0x00cc  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
10:26:05.0687 0x00cc  agp440 - ok
10:26:05.0750 0x00cc  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:26:05.0765 0x00cc  agpCPQ - ok
10:26:05.0781 0x00cc  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:26:05.0781 0x00cc  Aha154x - ok
10:26:05.0937 0x00cc  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:26:05.0968 0x00cc  aic78u2 - ok
10:26:06.0093 0x00cc  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:26:06.0109 0x00cc  aic78xx - ok
10:26:06.0156 0x00cc  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:26:06.0234 0x00cc  Alerter - ok
10:26:06.0265 0x00cc  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
10:26:06.0296 0x00cc  ALG - ok
10:26:06.0312 0x00cc  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
10:26:06.0312 0x00cc  AliIde - ok
10:26:06.0343 0x00cc  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:26:06.0359 0x00cc  alim1541 - ok
10:26:06.0406 0x00cc  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:26:06.0421 0x00cc  amdagp - ok
10:26:06.0437 0x00cc  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
10:26:06.0453 0x00cc  amsint - ok
10:26:06.0500 0x00cc  [ EC94E05B76D033B74394E7B2175103CF, 4F0993951B72478D87AD15A6FC33D3D18FEFAF2A08698CFC63BBD1EDB784B0FE ] APPDRV          C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
10:26:06.0500 0x00cc  APPDRV - ok
10:26:06.0656 0x00cc  [ 1961CB10BB48EB4D97E37DB6373E9E63, D752CF51EDBF29612A9ABF557467BB39FBA3612A35F39560E70784C8AE1D1E53 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
10:26:06.0734 0x00cc  Apple Mobile Device - ok
10:26:06.0843 0x00cc  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
10:26:06.0937 0x00cc  AppMgmt - ok
10:26:07.0000 0x00cc  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:26:07.0031 0x00cc  Arp1394 - ok
10:26:07.0093 0x00cc  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
10:26:07.0109 0x00cc  asc - ok
10:26:07.0140 0x00cc  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:26:07.0156 0x00cc  asc3350p - ok
10:26:07.0187 0x00cc  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:26:07.0234 0x00cc  asc3550 - ok
10:26:07.0421 0x00cc  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:26:07.0484 0x00cc  aspnet_state - ok
10:26:07.0515 0x00cc  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:26:07.0515 0x00cc  AsyncMac - ok
10:26:07.0593 0x00cc  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
10:26:07.0593 0x00cc  atapi - ok
10:26:07.0609 0x00cc  Atdisk - ok
10:26:07.0656 0x00cc  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:26:07.0687 0x00cc  Atmarpc - ok
10:26:07.0750 0x00cc  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:26:07.0765 0x00cc  AudioSrv - ok
10:26:07.0796 0x00cc  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:26:07.0796 0x00cc  audstub - ok
10:26:07.0890 0x00cc  [ CD4646067CC7DCBA1907FA0ACF7E3966, 705DF801ACB8719213E95D6214E6C30F7A217663305DBB718F7ECD40F0084340 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
10:26:07.0890 0x00cc  bcm4sbxp - ok
10:26:08.0000 0x00cc  [ 6163664C7E9CD110AF70180C126C3FDC, 9A801295CDE2BDE4EE0E96C610E4C01F6915DBDA2104D0E8873AFF1BC34A0FA1 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
10:26:08.0046 0x00cc  BcmSqlStartupSvc - ok
10:26:08.0078 0x00cc  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:26:08.0078 0x00cc  Beep - ok
10:26:08.0312 0x00cc  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
10:26:08.0687 0x00cc  BITS - ok
10:26:08.0750 0x00cc  [ A06CE3399D16DB864F55FAEB1F1927A9, 3430FA8552D91670D9FB0A921C735ADBE2DA7FF108C199DDEEF2FB2E50713AF3 ] Browser         C:\WINDOWS\System32\browser.dll
10:26:08.0781 0x00cc  Browser - ok
10:26:08.0812 0x00cc  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:26:08.0812 0x00cc  cbidf - ok
10:26:08.0828 0x00cc  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:26:08.0828 0x00cc  cbidf2k - ok
10:26:08.0875 0x00cc  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:26:08.0875 0x00cc  CCDECODE - ok
10:26:09.0015 0x00cc  [ 0A6786C95A6F8715AA4285E3C27F201F, 0605EC75D67229BAD150C11C529FD6FADF3EF21CC1A67D728B901F4D4459F658 ] ccEvtMgr        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
10:26:09.0125 0x00cc  ccEvtMgr - ok
10:26:09.0234 0x00cc  [ 3B4898CF051BB04FB76E94361E336A83, 93AEE5E738C457DAF856B54F8CAD3AE07F14D1E661A6D64D6E05735BAAC7A0B4 ] ccSetMgr        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
10:26:09.0312 0x00cc  ccSetMgr - ok
10:26:09.0343 0x00cc  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:26:09.0343 0x00cc  cd20xrnt - ok
10:26:09.0375 0x00cc  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:26:09.0390 0x00cc  Cdaudio - ok
10:26:09.0453 0x00cc  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:26:09.0484 0x00cc  Cdfs - ok
10:26:09.0531 0x00cc  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:26:09.0562 0x00cc  Cdrom - ok
10:26:09.0562 0x00cc  Changer - ok
10:26:09.0578 0x00cc  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
10:26:09.0593 0x00cc  CiSvc - ok
10:26:09.0625 0x00cc  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:26:09.0640 0x00cc  ClipSrv - ok
10:26:09.0703 0x00cc  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:26:09.0937 0x00cc  clr_optimization_v2.0.50727_32 - ok
10:26:09.0984 0x00cc  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:26:10.0000 0x00cc  CmBatt - ok
10:26:10.0015 0x00cc  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:26:10.0031 0x00cc  CmdIde - ok
10:26:10.0062 0x00cc  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:26:10.0062 0x00cc  Compbatt - ok
10:26:10.0062 0x00cc  COMSysApp - ok
10:26:10.0093 0x00cc  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:26:10.0109 0x00cc  Cpqarray - ok
10:26:10.0156 0x00cc  [ 7DB5E3F44D797BD38B8E336CCC2E49D5, C04F2EA8147FAA1646B15886D911D6656DA961F0F9C3515C62BDF8E63666F794 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
10:26:10.0203 0x00cc  Creative Labs Licensing Service - ok
10:26:10.0234 0x00cc  [ 3C8B6609712F4FF78E521F6DCFC4032B, DFCFD5F2D35DDA25DD91B4D732BDF84D1526AB11084E22523D51ABB2A8608402 ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
10:26:10.0265 0x00cc  Creative Service for CDROM Access - ok
10:26:10.0312 0x00cc  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:26:10.0328 0x00cc  CryptSvc - ok
10:26:10.0421 0x00cc  [ 8DB84DE3AAB34A8B4C2F644EFF41CD76, 02154E064651269EEF51BA6D68285A05E1552D3FFDCA97ED810EAEB26EAF4573 ] ctsfm2k         C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
10:26:10.0515 0x00cc  ctsfm2k - ok
10:26:10.0625 0x00cc  [ 4EE8822ADB764EDD28CE44E808097995, 0BCAFE9DD6B8ED9600C3C8D35AF01524B31B3061E8BE4513854CED2CED006A41 ] CTUSFSYN        C:\WINDOWS\system32\drivers\ctusfsyn.sys
10:26:10.0718 0x00cc  CTUSFSYN - ok
10:26:10.0750 0x00cc  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:26:10.0781 0x00cc  dac2w2k - ok
10:26:10.0812 0x00cc  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:26:10.0812 0x00cc  dac960nt - ok
10:26:11.0078 0x00cc  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:26:11.0281 0x00cc  DcomLaunch - ok
10:26:11.0359 0x00cc  [ 1F709C66D8AADFF35530C56EE261C462, FCC4F98CA901898D0211E39734B06CBE9317ACF23B4672739A2A5FBECD917685 ] DefWatch        C:\Program Files\Symantec AntiVirus\DefWatch.exe
10:26:11.0375 0x00cc  DefWatch - ok
10:26:11.0484 0x00cc  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:26:11.0531 0x00cc  Dhcp - ok
10:26:11.0562 0x00cc  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:26:11.0578 0x00cc  Disk - ok
10:26:11.0625 0x00cc  [ E2D0DE31442390C35E3163C87CB6A9EB, 399B4678C18DB92AC186128CE8AC2784FFCD76FDE9DBD4615D47586E3493914E ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:26:11.0640 0x00cc  DLABOIOM - ok
10:26:11.0656 0x00cc  [ D979BEBCF7EDCC9C9EE1857D1A68C67B, 936450704E4F2ADA6FB87F827C042FEC67F67C83D361F858F5F41AA6E8B7256D ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:26:11.0656 0x00cc  DLACDBHM - ok
10:26:11.0671 0x00cc  [ 83545593E297F50A8E2524B4C071A153, 25B18FEF62395ABB1EB4C17D81D9EB31759F6C5DBAA5CDB192949055D69E3071 ] DLADResN        C:\WINDOWS\system32\DLA\DLADResN.SYS
10:26:11.0671 0x00cc  DLADResN - ok
10:26:11.0734 0x00cc  [ 96E01D901CDC98C7817155CC057001BF, 77F78754230D9235255F6F4907ACB03D9750E12B9D92B8250DD1DFF605DD2E5B ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:26:11.0781 0x00cc  DLAIFS_M - ok
10:26:11.0796 0x00cc  [ 0A60A39CC5E767980A31CA5D7238DFA9, 09826251C384F2E62ABFAA2097007D75B51DB29EAEF13D46174FBE5A3FE3E433 ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:26:11.0812 0x00cc  DLAOPIOM - ok
10:26:11.0812 0x00cc  [ 9FE2B72558FC808357F427FD83314375, 37CCBC46ADCFD3B165A383589786C715006767EEFC8D6559C621745B72F9E59F ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:26:11.0828 0x00cc  DLAPoolM - ok
10:26:11.0843 0x00cc  [ 7EE0852AE8907689DF25049DCD2342E8, A5F08D78200F5CB02539C87EA574EB34F0C330C290D7BE5D21ED42B0E04E5CF4 ] DLARTL_N        C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
10:26:11.0843 0x00cc  DLARTL_N - ok
10:26:11.0906 0x00cc  [ F08E1DAFAC457893399E03430A6A1397, 0784ACE7CA81313A5A8E7B7CCCAFF21E607251FEF604574FDCC81A3AFC6FD127 ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:26:11.0953 0x00cc  DLAUDFAM - ok
10:26:12.0015 0x00cc  [ E7D105ED1E694449D444A9933DF8E060, DA66408DF44AB7099BEEED82C21A93F65A04C6FCDBA1D2F5791852EF9FE74D0D ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:26:12.0062 0x00cc  DLAUDF_M - ok
10:26:12.0062 0x00cc  dmadmin - ok
10:26:12.0218 0x00cc  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:26:12.0328 0x00cc  dmboot - ok
10:26:12.0437 0x00cc  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:26:12.0515 0x00cc  dmio - ok
10:26:12.0546 0x00cc  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:26:12.0546 0x00cc  dmload - ok
10:26:12.0609 0x00cc  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:26:12.0625 0x00cc  dmserver - ok
10:26:12.0656 0x00cc  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:26:12.0687 0x00cc  DMusic - ok
10:26:12.0718 0x00cc  [ 474B4DC3983173E4B4C9740B0DAC98A6, C0B1B5B3A87529FFA93BCFCC2BC013A96CAD7F5049ED4D999E8D5D9AC91F95B7 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:26:12.0734 0x00cc  Dnscache - ok
10:26:12.0843 0x00cc  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:26:12.0890 0x00cc  Dot3svc - ok
10:26:12.0921 0x00cc  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:26:12.0921 0x00cc  dpti2o - ok
10:26:12.0968 0x00cc  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:26:12.0968 0x00cc  drmkaud - ok
10:26:13.0015 0x00cc  [ FD0F95981FEF9073659D8EC58E40AA3C, 9EF2D538A90276DFF72BCE0E9A3AF50E607F2FD17B9EE46506156FBF3FC9E970 ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
10:26:13.0062 0x00cc  DRVMCDB - ok
10:26:13.0125 0x00cc  [ B4869D320428CDC5EC4D7F5E808E99B5, A84D1D65E84C0B17CE48188AD95DF52E1FEF785E6C6415E028CB5F7F4F31C466 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:26:13.0140 0x00cc  DRVNDDM - ok
10:26:13.0234 0x00cc  [ 2AC2372FFAD9ADC85672CC8E8AE14BE9, 047FDB1D039C28F194222C5168D78C1BFFAE3873CE2991DF4B1097D294C04ED9 ] DSproct         C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
10:26:13.0250 0x00cc  DSproct - ok
10:26:13.0312 0x00cc  [ 3FCA03CBCA11269F973B70FA483C88EF, 0995989B9EBE5CE1C5489139849FB2AD69DE9749650BBC262AD754E5CE457C59 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:26:13.0359 0x00cc  E100B - ok
10:26:13.0390 0x00cc  EagleNT - ok
10:26:13.0437 0x00cc  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
10:26:13.0468 0x00cc  EapHost - ok
10:26:13.0703 0x00cc  [ 089296AEDB9B72B4916AC959752BDC89, 966DA9217411892E0F0B3582C93A45A3727650F97FBC9FC7D0E259F96B44896C ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:26:13.0906 0x00cc  eeCtrl - ok
10:26:13.0953 0x00cc  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:26:13.0968 0x00cc  ERSvc - ok
10:26:14.0062 0x00cc  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
10:26:14.0109 0x00cc  Eventlog - ok
10:26:14.0281 0x00cc  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
10:26:14.0406 0x00cc  EventSystem - ok
10:26:14.0906 0x00cc  [ F10E7AA8BDF4488E3DFA989B8E7F7C9F, DDEDE33071F9675D536DED08A2A4A5731F995A8F0398AC7F78D2306EFB858858 ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
10:26:15.0328 0x00cc  EvtEng - ok
10:26:15.0375 0x00cc  [ E3B0CD18146F9D51A34969E9BC2458D2, 04CC273F1D7F533A2B9E9CC7EE52D9A0DFC47AEE279579BC8BC830937D2323E9 ] FANTOM          C:\WINDOWS\system32\DRIVERS\fantom.sys
10:26:15.0390 0x00cc  FANTOM - ok
10:26:15.0468 0x00cc  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:26:15.0531 0x00cc  Fastfat - ok
10:26:15.0625 0x00cc  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:26:15.0703 0x00cc  FastUserSwitchingCompatibility - ok
10:26:15.0890 0x00cc  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
10:26:16.0046 0x00cc  Fax - ok
10:26:16.0093 0x00cc  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
10:26:16.0109 0x00cc  Fdc - ok
10:26:16.0156 0x00cc  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:26:16.0171 0x00cc  Fips - ok
10:26:16.0203 0x00cc  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:26:16.0218 0x00cc  Flpydisk - ok
10:26:16.0328 0x00cc  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
10:26:16.0390 0x00cc  FltMgr - ok
10:26:16.0484 0x00cc  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:26:16.0515 0x00cc  FontCache3.0.0.0 - ok
10:26:16.0578 0x00cc  [ E0087225B137E57239FF40F8AE82059B, A03EF9778F267EEBBAD8F72AC0E492872AF73BCA435CCF5C336A8475046B1672 ] fssfltr         C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
10:26:16.0609 0x00cc  fssfltr - ok
10:26:16.0937 0x00cc  [ 45B52394F9624237F33A8A3D73C0B221, AC3E26F9D0E8A91164C54E87C9C8BFCF824A14C80D4CEF3255C6127A482F25FE ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
10:26:17.0187 0x00cc  fsssvc - ok
10:26:17.0203 0x00cc  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:26:17.0218 0x00cc  Fs_Rec - ok
10:26:17.0281 0x00cc  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:26:17.0343 0x00cc  Ftdisk - ok
10:26:17.0375 0x00cc  [ 4AC51459805264AFFD5F6FDFB9D9235F, E97CB835B85F74FC0814D5E27739E0AABC888EAC3921FDD2AD0473F83BCFF5D9 ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:26:17.0375 0x00cc  GEARAspiWDM - ok
10:26:17.0421 0x00cc  [ 483924F92E55A5F9423201EC635E2CED, FEDAC3616709F081A0FA48E2BF521CBCC35E11E523EBADDEACA7308AD14338B3 ] gfibto          C:\WINDOWS\system32\drivers\gfibto.sys
10:26:17.0437 0x00cc  gfibto - ok
10:26:17.0484 0x00cc  [ 3800262165CE4A2B9D1ED09E2BCE3E9C, 719A4338C0CFE479303798D9AF5BAD5B633C14E92BD2904E78D51667FF52CACE ] GoProto         C:\WINDOWS\system32\DRIVERS\goprot51.sys
10:26:17.0500 0x00cc  GoProto - ok
10:26:17.0546 0x00cc  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:26:17.0578 0x00cc  Gpc - ok
10:26:17.0718 0x00cc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
10:26:17.0781 0x00cc  gupdate - ok
10:26:17.0843 0x00cc  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:26:17.0843 0x00cc  gupdatem - ok
10:26:17.0890 0x00cc  [ 14D11F508E649F1499BD32E145BA80CB, 3D7A2496AEA2D3795DA6FD0E3DCFCD4F554B4C8F37E8941639A3ADA168244311 ] hamachi         C:\WINDOWS\system32\DRIVERS\hamachi.sys
10:26:17.0890 0x00cc  hamachi - ok
10:26:18.0015 0x00cc  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:26:18.0015 0x00cc  HDAudBus - ok
10:26:18.0109 0x00cc  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:26:18.0125 0x00cc  helpsvc - ok
10:26:18.0125 0x00cc  HidServ - ok
10:26:18.0140 0x00cc  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:26:18.0156 0x00cc  HidUsb - ok
10:26:18.0234 0x00cc  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
10:26:18.0265 0x00cc  hkmsvc - ok
10:26:18.0281 0x00cc  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
10:26:18.0296 0x00cc  hpn - ok
10:26:18.0421 0x00cc  [ 3C78B0754CB95861B304F748BC4C28FA, AC0138DF1DB71FD9F44F5752442B968D50E0A2D665B8E9C3855BCE08676966B1 ] hrfsmrx         C:\WINDOWS\System32\Drivers\hrfsmrx.sys
10:26:18.0500 0x00cc  hrfsmrx - ok
10:26:19.0046 0x00cc  [ E8EC1767EA315A39A0DD8989952CA0E9, E7586CF0D4F2898E551E51035D7979B6EAF5E20B40FDDFA6297B84E171DB9016 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
10:26:19.0546 0x00cc  HSF_DPV - ok
10:26:19.0671 0x00cc  [ 61478FA42EE04562E7F11F4DCA87E9C8, 3F54BE008E0D109B00BC2B069B5D509FE784D399B0F5E856E651B12021F0DBA0 ] HSXHWAZL        C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
10:26:19.0765 0x00cc  HSXHWAZL - ok
10:26:19.0937 0x00cc  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:26:20.0109 0x00cc  HTTP - ok
10:26:20.0140 0x00cc  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:26:20.0171 0x00cc  HTTPFilter - ok
10:26:20.0187 0x00cc  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
10:26:20.0187 0x00cc  i2omgmt - ok
10:26:20.0218 0x00cc  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:26:20.0234 0x00cc  i2omp - ok
10:26:20.0296 0x00cc  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:26:20.0312 0x00cc  i8042prt - ok
10:26:23.0421 0x00cc  [ E8C7CC369C2FB657E0792AF70DF529E6, 2EDE19EE792A3222DAEEBE36B223715D5A81EB9C3354E3C7AF405D4C950B8E92 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:26:26.0546 0x00cc  ialm - ok
10:26:26.0687 0x00cc  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:26:26.0734 0x00cc  IDriverT - ok
10:26:27.0078 0x00cc  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:26:27.0343 0x00cc  idsvc - ok
10:26:27.0359 0x00cc  idsvc32 - ok
10:26:27.0406 0x00cc  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:26:27.0437 0x00cc  Imapi - ok
10:26:27.0562 0x00cc  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:26:27.0640 0x00cc  ImapiService - ok
10:26:27.0671 0x00cc  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:26:27.0687 0x00cc  ini910u - ok
10:26:27.0718 0x00cc  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
10:26:27.0718 0x00cc  IntelIde - ok
10:26:27.0781 0x00cc  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:26:27.0812 0x00cc  intelppm - ok
10:26:27.0859 0x00cc  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
10:26:27.0875 0x00cc  Ip6Fw - ok
10:26:27.0921 0x00cc  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:26:27.0937 0x00cc  IpFilterDriver - ok
10:26:27.0968 0x00cc  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:26:27.0984 0x00cc  IpInIp - ok
10:26:28.0093 0x00cc  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:26:28.0187 0x00cc  IpNat - ok
10:26:28.0421 0x00cc  [ 1E9ED06A30FB0410CE94892F1BA6984B, F4DE0667281B627887A0C7BF14EAC576D84CDE60E20E1DB4D89790FC2841DF82 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:26:28.0609 0x00cc  iPod Service - ok
10:26:28.0671 0x00cc  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:26:28.0703 0x00cc  IPSec - ok
10:26:28.0734 0x00cc  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:26:28.0750 0x00cc  IRENUM - ok
10:26:28.0796 0x00cc  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:26:28.0812 0x00cc  isapnp - ok
10:26:29.0015 0x00cc  [ 1834C96FB1F9280BCF6DDFA6DE8338BF, 294C7596A96C3524CB886B4184A9698A078A88F2C37AACDC34E9F1425C259ADF ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
10:26:29.0109 0x00cc  JavaQuickStarterService - ok
10:26:29.0140 0x00cc  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:26:29.0156 0x00cc  Kbdclass - ok
10:26:29.0281 0x00cc  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:26:29.0375 0x00cc  kmixer - ok
10:26:29.0453 0x00cc  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:26:29.0500 0x00cc  KSecDD - ok
10:26:29.0578 0x00cc  [ F385F4B02C535BFFE1D70CAB80838123, A1695E161673BCB77CE150C2D98A07FCB454C53F10EEBECD754D2CC40DEAA1E0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
10:26:29.0609 0x00cc  lanmanserver - ok
10:26:29.0734 0x00cc  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:26:29.0796 0x00cc  lanmanworkstation - ok
10:26:29.0890 0x00cc  [ 6C4A3804510AD8E0F0C07B5BE3D44DDB, 5DB7EC4716B2F05C6C3930EE5AB500ABF602D7E26D26117723A293022AB2BEDE ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
10:26:29.0906 0x00cc  Lavasoft Kernexplorer - ok
10:26:29.0921 0x00cc  Lbd - ok
10:26:29.0937 0x00cc  lbrtfdc - ok
10:26:30.0875 0x00cc  [ FB3A35318CA7F6A10FA3C3826A69AFFE, 454E18EB0E9C57547C7216A53A792FB3002F9FD1760C046AD3889598CBF10EDE ] LiveUpdate      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
10:26:31.0875 0x00cc  LiveUpdate - ok
10:26:31.0921 0x00cc  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:26:31.0921 0x00cc  LmHosts - ok
10:26:31.0984 0x00cc  [ 805C6F337968C7271F0421D0A386C8EE, 1FAB99BA07A4B1012857EC2F1E38696BBBE1E494AF6E165A76FE41E46BDC463A ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
10:26:32.0015 0x00cc  mbamchameleon - ok
10:26:32.0093 0x00cc  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
10:26:32.0109 0x00cc  MBAMProtector - ok
10:26:32.0390 0x00cc  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:26:32.0609 0x00cc  MBAMScheduler - ok
10:26:33.0031 0x00cc  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:26:33.0453 0x00cc  MBAMService - ok
10:26:33.0531 0x00cc  [ 5C47D60938E77822A2C8D25102C63CE2, CF0E7ED02D783F06B9AA82B4DDA593245D65D399268F11A7AF432B260602EA02 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
10:26:33.0593 0x00cc  MBAMSwissArmy - ok
10:26:33.0609 0x00cc  MCSTRM - ok
10:26:33.0875 0x00cc  [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
10:26:34.0046 0x00cc  MDM - ok
10:26:34.0109 0x00cc  [ E246A32C445056996074A397DA56E815, 5CD5B22840151CAC1FC990C3E468E5382DCC3F89EFD8CE422B9B10B5BEB6F990 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:26:34.0125 0x00cc  mdmxsdk - ok
10:26:34.0156 0x00cc  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:26:34.0187 0x00cc  Messenger - ok
10:26:34.0281 0x00cc  Microsoft Office Groove Audit Service - ok
10:26:34.0328 0x00cc  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:26:34.0343 0x00cc  mnmdd - ok
10:26:34.0390 0x00cc  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
10:26:34.0406 0x00cc  mnmsrvc - ok
10:26:34.0468 0x00cc  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:26:34.0484 0x00cc  Modem - ok
10:26:35.0265 0x00cc  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] monfilt         C:\WINDOWS\system32\drivers\monfilt.sys
10:26:35.0984 0x00cc  monfilt - ok
10:26:36.0015 0x00cc  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:26:36.0031 0x00cc  Mouclass - ok
10:26:36.0062 0x00cc  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:26:36.0078 0x00cc  mouhid - ok
10:26:36.0125 0x00cc  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:26:36.0156 0x00cc  MountMgr - ok
10:26:36.0265 0x00cc  [ 96AA8BA23142CC8E2B30F3CAE0C80254, C65380761373DAD16425211FBA0B4E15F260F79A1FF328B1314076D732EE6F0E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:26:36.0328 0x00cc  MozillaMaintenance - ok
10:26:36.0468 0x00cc  [ EE728AF83850DDAD9A3FCAC0AAB3AD97, F392EA3B26974593512F7441E8BC4DA91DD771216DB908F005D844C513A2DDB7 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:26:36.0593 0x00cc  MpFilter - ok
10:26:36.0781 0x00cc  MpKsle1e3df44 - ok
10:26:36.0796 0x00cc  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:26:36.0812 0x00cc  mraid35x - ok
10:26:36.0937 0x00cc  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:26:37.0031 0x00cc  MRxDAV - ok
10:26:37.0312 0x00cc  [ F3AEFB11ABC521122B67095044169E98, A9FF6C9256FC1F08338F179FF7434AE064B5B6828F16AC8B5C8F362872E3078B ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:26:37.0546 0x00cc  MRxSmb - ok
10:26:37.0593 0x00cc  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
10:26:37.0593 0x00cc  MSDTC - ok
10:26:37.0640 0x00cc  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:26:37.0640 0x00cc  Msfs - ok
10:26:37.0656 0x00cc  MSIServer - ok
10:26:37.0718 0x00cc  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:26:37.0734 0x00cc  MSKSSRV - ok
10:26:37.0781 0x00cc  [ E077FCA2A7E79FB9BF67D3E30B5CE593, B01A1C00E6467E1DF5ABA2C6F957BA0E2A3691BB2C5BCDC0F089ED7553BCC235 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:26:37.0781 0x00cc  MsMpSvc - ok
10:26:37.0812 0x00cc  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:26:37.0812 0x00cc  MSPCLOCK - ok
10:26:37.0843 0x00cc  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:26:37.0843 0x00cc  MSPQM - ok
10:26:37.0875 0x00cc  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:26:37.0890 0x00cc  mssmbios - ok
10:26:37.0968 0x00cc  MSSQL$MSSMLBIZ - ok
10:26:38.0062 0x00cc  MSSQL$SONY_MEDIAMGR - ok
10:26:38.0156 0x00cc  [ C06EA83F6FC2959E897C117255B6B1D5, 012C6E5AA61BAAED47CB0E59E2F3E6E87941F555C5581ECAC7DF1051795AF681 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
10:26:38.0218 0x00cc  MSSQLServerADHelper - ok
10:26:38.0281 0x00cc  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
10:26:38.0296 0x00cc  MSTEE - ok
10:26:39.0531 0x00cc  [ 73FA09B84B23A1897809A84F976D5D99, 8ADBEE035DF08DB860D56597C88230F4ECE80B214A13AF22D5D5475C9B7FEFC1 ] msvsmon80       C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
10:26:40.0687 0x00cc  msvsmon80 - ok
10:26:40.0796 0x00cc  [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:26:40.0843 0x00cc  Mup - ok
10:26:40.0875 0x00cc  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:26:40.0906 0x00cc  NABTSFEC - ok
10:26:41.0046 0x00cc  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
10:26:41.0156 0x00cc  napagent - ok
10:26:41.0328 0x00cc  [ 0953BB24C1E70A99C315F44F15993C17, 6DF8E22015B5FDC94D801E49E0FD5A7B846960D440D6F1B1EE92772A0E895494 ] NAVENG          C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100806.002\naveng.sys
10:26:41.0390 0x00cc  NAVENG - ok
10:26:42.0265 0x00cc  [ 3DDB0BEF60B65DF6B110C23E17CD67DC, 987DBE7047B0839A42810E430B4B3BE8EECAC7840AF6330471C2EF24AD5FEDBC ] NAVEX15         C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100806.002\navex15.sys
10:26:43.0187 0x00cc  NAVEX15 - ok
10:26:43.0328 0x00cc  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:26:43.0437 0x00cc  NDIS - ok
10:26:43.0468 0x00cc  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:26:43.0468 0x00cc  NdisIP - ok
10:26:43.0515 0x00cc  [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:26:43.0531 0x00cc  NdisTapi - ok
10:26:43.0546 0x00cc  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:26:43.0562 0x00cc  Ndisuio - ok
10:26:43.0625 0x00cc  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:26:43.0687 0x00cc  NdisWan - ok
10:26:43.0718 0x00cc  [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:26:43.0750 0x00cc  NDProxy - ok
10:26:43.0796 0x00cc  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:26:43.0812 0x00cc  NetBIOS - ok
10:26:43.0906 0x00cc  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:26:44.0000 0x00cc  NetBT - ok
10:26:44.0093 0x00cc  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:26:44.0125 0x00cc  NetDDE - ok
10:26:44.0187 0x00cc  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:26:44.0187 0x00cc  NetDDEdsdm - ok
10:26:44.0218 0x00cc  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:26:44.0218 0x00cc  Netlogon - ok
10:26:44.0359 0x00cc  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
10:26:44.0453 0x00cc  Netman - ok
10:26:44.0562 0x00cc  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:26:44.0625 0x00cc  NetTcpPortSharing - ok
10:26:45.0937 0x00cc  [ 88100EBDD10309FBD445EF8E42452EAE, 43F9DA861968485004EC0D7832979E9CCAE92A9929CBAFF02BFDED159F85503E ] NETw4x32        C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
10:26:47.0203 0x00cc  NETw4x32 - ok
10:26:47.0265 0x00cc  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:26:47.0296 0x00cc  NIC1394 - ok
10:26:47.0468 0x00cc  [ BE4AF05C8D9176A65B2854E7A1DA752B, 779F4F663B61FD821D78F2DF59A1CE355A8FA68B40B1ABD2E4AD673BFED5711A ] nidimk          C:\WINDOWS\system32\drivers\nidimk.dll
10:26:47.0531 0x00cc  nidimk - ok
10:26:47.0562 0x00cc  [ 79B4624620CCE9CC8DECBF5ED7898F2C, B9A2B7013D5241CB7C90CFB605E32B3B8AF9891EBF31C59BE0CB6864E0824CB0 ] niorbk          C:\WINDOWS\system32\drivers\niorbk.dll
10:26:47.0578 0x00cc  niorbk - ok
10:26:47.0859 0x00cc  [ DDA074EE53C37DC5B54E1BA2B414F10A, 08445883FBA711C5388EF5D5F38E2BB3394BB1753F07306C805A54686D10DA02 ] NIPALK          C:\WINDOWS\system32\drivers\NIPALK.sys
10:26:48.0093 0x00cc  NIPALK - ok
10:26:48.0140 0x00cc  [ E58B22C89CC8D3C7A511F03148A1EAB9, 264A0FA3C97764045D8D567579A25255A79760C2A2D85D8DD85BBA9DA037CC66 ] nipxirmk        C:\WINDOWS\system32\drivers\nipxirmk.dll
10:26:48.0156 0x00cc  nipxirmk - ok
10:26:48.0187 0x00cc  [ AD54F5E0C708573F72819E777A5A71E9, 9EDA683DE798DDBD9D18EAD74172D361BB8867B013A438CB500704CDBBC48258 ] nipxirmu        C:\WINDOWS\system32\nipalsm.exe
10:26:48.0203 0x00cc  nipxirmu - ok
10:26:48.0453 0x00cc  [ 740286BBF4CEEBEAB2B348FE96701EF5, A0B70177898877E104AFE4EB3CA5D8E55D4698BF2BA0356A39576E539E03FC9A ] NitroDriverReadSpool C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
10:26:48.0546 0x00cc  NitroDriverReadSpool - ok
10:26:48.0593 0x00cc  [ BF2E68C70DB20888A3D58BFE6A7644E3, C3C83C040C9AC5C8D7743F4DE6542E09E8F7CF7BA7F0A53800240562F3D7CCF6 ] NiViPxiK        C:\WINDOWS\system32\drivers\NiViPxiK.sys
10:26:48.0609 0x00cc  NiViPxiK - ok
10:26:48.0781 0x00cc  [ 832E4DD8964AB7ACC880B2837CB1ED20, 9774411C6B66C3199348A7FDF448971CEBFFC18D45C11354DBC615AA8FEBF6F0 ] Nla             C:\WINDOWS\System32\mswsock.dll
10:26:48.0781 0x00cc  Nla - ok
10:26:48.0859 0x00cc  [ 5A28D39F504C3BB4773AF70D8306B263, 4746DFE341CCEE04BA84B3D1F698434385B918834DCE493B9E4B0843903C62E6 ] nlsX86cc        C:\WINDOWS\system32\NLSSRV32.EXE
10:26:48.0906 0x00cc  nlsX86cc - ok
10:26:48.0968 0x00cc  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:26:48.0984 0x00cc  Npfs - ok
10:26:49.0281 0x00cc  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:26:49.0609 0x00cc  Ntfs - ok
10:26:49.0640 0x00cc  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
10:26:49.0640 0x00cc  NtLmSsp - ok
10:26:49.0843 0x00cc  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:26:50.0015 0x00cc  NtmsSvc - ok
10:26:50.0046 0x00cc  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:26:50.0046 0x00cc  Null - ok
10:26:50.0796 0x00cc  [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:26:51.0484 0x00cc  nv - ok
10:26:51.0531 0x00cc  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:26:51.0531 0x00cc  NwlnkFlt - ok
10:26:51.0578 0x00cc  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:26:51.0578 0x00cc  NwlnkFwd - ok
10:26:51.0859 0x00cc  [ 1F0E05DFF4F5A833168E49BE1256F002, A858267572033C185293B0FD15B2BFDA679D0771A14C0ADF24461B529DBAD8DF ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:26:52.0078 0x00cc  odserv - ok
10:26:52.0140 0x00cc  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:26:52.0171 0x00cc  ohci1394 - ok
10:26:52.0234 0x00cc  [ CEC7E2C6C1FA00C7AB2F5434F848AE51, 399CF962689652F6B3906F40D20EE7BBDA856CD56031A65C5A1E8718016FCE90 ] OMCI            C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
10:26:52.0250 0x00cc  OMCI - ok
10:26:54.0718 0x00cc  [ 575B4B56F3EEE1B41E4321F62E860CF2, 17B26C51B80FCFC859376F7BA7BA18303CB2636EB8F4E09A9B253F73954CB397 ] OnlineStorageService C:\Program Files\Trend Micro SafeSync\hrfscore.exe
10:26:57.0031 0x00cc  OnlineStorageService - ok
10:26:57.0171 0x00cc  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:26:57.0265 0x00cc  ose - ok
10:26:57.0359 0x00cc  [ 103A9B117A7D9903111955CDAFE65AC6, 06060CA6036F757ABB6C9CFD8376D70996E80ACC7896896DD426AEA0786E2B15 ] ossrv           C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
10:26:57.0421 0x00cc  ossrv - ok
10:26:57.0515 0x00cc  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
10:26:57.0546 0x00cc  Parport - ok
10:26:57.0578 0x00cc  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:26:57.0593 0x00cc  PartMgr - ok
10:26:57.0640 0x00cc  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:26:57.0640 0x00cc  ParVdm - ok
10:26:57.0703 0x00cc  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:26:57.0734 0x00cc  PCI - ok
10:26:57.0750 0x00cc  PCIDump - ok
10:26:57.0796 0x00cc  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
10:26:57.0812 0x00cc  PCIIde - ok
10:26:57.0875 0x00cc  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
10:26:57.0921 0x00cc  Pcmcia - ok
10:26:57.0937 0x00cc  PDCOMP - ok
10:26:57.0953 0x00cc  PDFRAME - ok
10:26:57.0968 0x00cc  PDRELI - ok
10:26:58.0000 0x00cc  PDRFRAME - ok
10:26:58.0046 0x00cc  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
10:26:58.0062 0x00cc  perc2 - ok
10:26:58.0078 0x00cc  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:26:58.0093 0x00cc  perc2hib - ok
10:26:58.0203 0x00cc  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
10:26:58.0218 0x00cc  PlugPlay - ok
10:26:58.0250 0x00cc  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
10:26:58.0250 0x00cc  PolicyAgent - ok
10:26:58.0296 0x00cc  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:26:58.0312 0x00cc  PptpMiniport - ok
10:26:58.0343 0x00cc  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:26:58.0343 0x00cc  ProtectedStorage - ok
10:26:58.0406 0x00cc  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:26:58.0453 0x00cc  PSched - ok
10:26:58.0500 0x00cc  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:26:58.0500 0x00cc  Ptilink - ok
10:26:58.0562 0x00cc  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:26:58.0593 0x00cc  PxHelp20 - ok
10:26:58.0687 0x00cc  [ 35DD92AF8B4EC79162A6A013884797AF, 5BB447C279E1306010A5DB4EE181D729BC081DC0C44AA38BF4F80D99E624F497 ] QBCFMonitorService c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
10:26:58.0703 0x00cc  QBCFMonitorService - ok
10:26:58.0796 0x00cc  [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService     c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
10:26:58.0843 0x00cc  QBFCService - ok
10:26:58.0890 0x00cc  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:26:58.0906 0x00cc  ql1080 - ok
10:26:58.0953 0x00cc  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:26:58.0968 0x00cc  Ql10wnt - ok
10:26:59.0000 0x00cc  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:26:59.0015 0x00cc  ql12160 - ok
10:26:59.0046 0x00cc  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:26:59.0078 0x00cc  ql1240 - ok
10:26:59.0125 0x00cc  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:26:59.0140 0x00cc  ql1280 - ok
10:26:59.0171 0x00cc  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:26:59.0187 0x00cc  RasAcd - ok
10:26:59.0250 0x00cc  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:26:59.0296 0x00cc  RasAuto - ok
10:26:59.0328 0x00cc  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:26:59.0359 0x00cc  Rasl2tp - ok
10:26:59.0515 0x00cc  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:26:59.0609 0x00cc  RasMan - ok
10:26:59.0656 0x00cc  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:26:59.0671 0x00cc  RasPppoe - ok
10:26:59.0703 0x00cc  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:26:59.0718 0x00cc  Raspti - ok
10:26:59.0828 0x00cc  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:26:59.0921 0x00cc  Rdbss - ok
10:26:59.0953 0x00cc  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:26:59.0953 0x00cc  RDPCDD - ok
10:27:00.0078 0x00cc  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:27:00.0187 0x00cc  rdpdr - ok
10:27:00.0265 0x00cc  [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:27:00.0328 0x00cc  RDPWD - ok
10:27:00.0437 0x00cc  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:27:00.0515 0x00cc  RDSessMgr - ok
10:27:00.0546 0x00cc  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:27:00.0578 0x00cc  redbook - ok
10:27:00.0859 0x00cc  [ 7274BD434B6165BAA382BDD87F6CA4CE, 51B1F9C35EA99C8F4DCB62A5CB375D3F23557297C41A1F3B3CE4C61E74375452 ] RegSrvc         C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
10:27:01.0109 0x00cc  RegSrvc - ok
10:27:01.0171 0x00cc  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:27:01.0203 0x00cc  RemoteAccess - ok
10:27:01.0281 0x00cc  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
10:27:01.0312 0x00cc  RemoteRegistry - ok
10:27:01.0359 0x00cc  [ D85E3FA9F5B1F29BB4ED185C450D1470, 5DCB3DF594E907B058CCF3EDA07EB019D9E1835177B6CDAEA2EDE9003699809E ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
10:27:01.0359 0x00cc  rimmptsk - ok
10:27:01.0406 0x00cc  [ DB8EB01C58C9FADA00C70B1775278AE0, 35F0F3F15211D0F0B3EC85832C7E307ED7FDA6A2C9B463740EA0D7A49BC64926 ] rimsptsk        C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
10:27:01.0421 0x00cc  rimsptsk - ok
10:27:01.0453 0x00cc  [ 6C1F93C0760C9F79A1869D07233DF39D, 70DD037E76F6E89CE9630175772707BB8588324058079B5F18C505B31306BACE ] rismxdp         C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
10:27:01.0453 0x00cc  rismxdp - ok
10:27:01.0546 0x00cc  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:27:01.0593 0x00cc  RpcLocator - ok
10:27:01.0843 0x00cc  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
10:27:01.0859 0x00cc  RpcSs - ok
10:27:01.0953 0x00cc  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:27:02.0046 0x00cc  RSVP - ok
10:27:02.0734 0x00cc  [ 20F261E78CCF0EA36D4FE2C363A2EF8A, E9046CA60DD4B0DD0B78FF2EF87E4581B802C18D2480AF408C6D8698B5172D21 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
10:27:03.0343 0x00cc  S24EventMonitor - ok
10:27:03.0375 0x00cc  [ C26A053E4DB47F6CDD8653C83AAF22EE, 1F1EAC80EA437F08A98A675EC253947AA8931D01B2D5FD8E1FB90429B784D4EB ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
10:27:03.0375 0x00cc  s24trans - ok
10:27:03.0406 0x00cc  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:27:03.0406 0x00cc  SamSs - ok
10:27:03.0500 0x00cc  [ 3525FDCFC567E807A337C61AFF366BE8, 1F36EEF2F96E87347F15CA98629132D266469FC5BC6A19BA49D59B5C53B890C1 ] SavRoam         C:\Program Files\Symantec AntiVirus\SavRoam.exe
10:27:03.0546 0x00cc  SavRoam - ok
10:27:03.0750 0x00cc  [ 12B6E269EF8AC8EA36122544C8A1B6D8, 2794137FFAAA164616002D82A2723AA02DA1B5D8D93F866AA19349F5EAAE2512 ] SAVRT           C:\Program Files\Symantec AntiVirus\savrt.sys
10:27:03.0921 0x00cc  SAVRT - ok
10:27:03.0984 0x00cc  [ 97E5B6F3F95465E1F59360B59D8EC64E, F3014D8C528401CF8BAF24391185DB0A8F4AA5D6024D5DAC56A2C369BE098987 ] SAVRTPEL        C:\Program Files\Symantec AntiVirus\Savrtpel.sys
10:27:04.0015 0x00cc  SAVRTPEL - ok
10:27:06.0484 0x00cc  [ 99FC1599F89A80216E41175B8CA44D89, 20306278CF081E58002D6ADCC07CA65D7651C8D059392337562612EDFAC5BEB5 ] SBAMSvc         C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
10:27:08.0625 0x00cc  SBAMSvc - ok
10:27:08.0734 0x00cc  [ B244960E5A1DB8E9D5D17086DE37C1E4, E0E2984DEA1BD4C321C0491C431CD3C05673A67DCD385843559A06FE2146C876 ] sbp2port        C:\WINDOWS\system32\DRIVERS\sbp2port.sys
10:27:08.0765 0x00cc  sbp2port - ok
10:27:08.0843 0x00cc  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:27:08.0890 0x00cc  SCardSvr - ok
10:27:09.0046 0x00cc  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:27:09.0140 0x00cc  Schedule - ok
10:27:09.0234 0x00cc  [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:27:09.0265 0x00cc  sdbus - ok
10:27:09.0484 0x00cc  [ D358E077A0A05D9B12DA22D137EE8464, 7B6493B199DEF411596B1A6F479F57838202B102C3324333B620E212E0AE9053 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:27:09.0609 0x00cc  SeaPort - ok
10:27:09.0671 0x00cc  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:27:09.0687 0x00cc  Secdrv - ok
10:27:09.0703 0x00cc  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:27:09.0718 0x00cc  seclogon - ok
10:27:09.0765 0x00cc  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
10:27:09.0796 0x00cc  SENS - ok
10:27:09.0828 0x00cc  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
10:27:09.0843 0x00cc  serenum - ok
10:27:09.0890 0x00cc  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
10:27:09.0921 0x00cc  Serial - ok
10:27:10.0000 0x00cc  [ 0FA803C64DF0914B41F807EA276BF2A6, 847B1CD47ADF9E4AE298E74CC53A7F9DB4E58F43919D3A2BBFFE07244134778D ] sffdisk         C:\WINDOWS\system32\DRIVERS\sffdisk.sys
10:27:10.0000 0x00cc  sffdisk - ok
10:27:10.0031 0x00cc  [ C17C331E435ED8737525C86A7557B3AC, F1DEB2CA5D8E02280782B354A31E148E3A2F2B5F57AD6C575875DE20F6D3C930 ] sffp_sd         C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
10:27:10.0031 0x00cc  sffp_sd - ok
10:27:10.0062 0x00cc  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
10:27:10.0078 0x00cc  Sfloppy - ok
10:27:10.0281 0x00cc  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:27:10.0421 0x00cc  SharedAccess - ok
10:27:10.0546 0x00cc  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:27:10.0546 0x00cc  ShellHWDetection - ok
10:27:10.0562 0x00cc  Simbad - ok
10:27:10.0609 0x00cc  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:27:10.0640 0x00cc  sisagp - ok
10:27:10.0656 0x00cc  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:27:10.0656 0x00cc  SLIP - ok
10:27:10.0796 0x00cc  [ 0D411EEA92751C1ECD8453892F41E726, 7D7EF12BAA41C1BC2076DF5A91B69A00E514463AEC8A7DF22A6152FBC79A102E ] SNDSrvc         C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
10:27:10.0875 0x00cc  SNDSrvc - ok
10:27:10.0921 0x00cc  [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
10:27:10.0921 0x00cc  SONYPVU1 - ok
10:27:10.0984 0x00cc  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:27:11.0000 0x00cc  Sparrow - ok
10:27:11.0250 0x00cc  [ 677B10906838D3BFB1C07AC9087E4BF7, 2560E00FCB5496033A5484069DE83D4547F7D3AE326EBCF79FCDAFDB7055A102 ] SPBBCDrv        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
10:27:11.0468 0x00cc  SPBBCDrv - ok
10:27:12.0093 0x00cc  [ C830007369E18A54AED23B5BB3AFA2BA, EE2010C79C8D1C6C9732B0803E0EAD495F66AFB7851BB49CDE65A7A6147ED4E0 ] SPBBCSvc        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
10:27:12.0703 0x00cc  SPBBCSvc - ok
10:27:12.0750 0x00cc  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:27:12.0765 0x00cc  splitter - ok
10:27:12.0812 0x00cc  [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B, 130D686A220AF97EBF33DD481B79990F259B4EE38DD95A35CD3D0F0517790FF0 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:27:12.0859 0x00cc  Spooler - ok
10:27:13.0281 0x00cc  [ 0C1DAD75274CB6E31F053CE3E08BF9C3, F77186DD0DF8AFF1607A21C59F8D2E7E8F71C2EDD2AD2D3F2F810980B8BE46FC ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
10:27:13.0281 0x00cc  Suspicious file ( NoAccess ): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 0C1DAD75274CB6E31F053CE3E08BF9C3, sha256: F77186DD0DF8AFF1607A21C59F8D2E7E8F71C2EDD2AD2D3F2F810980B8BE46FC
10:27:13.0281 0x00cc  sptd - detected LockedFile.Multi.Generic ( 1 )
10:27:16.0234 0x00cc  Detect skipped due to KSN trusted
10:27:16.0234 0x00cc  sptd - ok
10:27:16.0234 0x00cc  SQLAgent$SONY_MEDIAMGR - ok
10:27:16.0390 0x00cc  [ B2EC3E1DEAC5F0A764BD3486D213A0AF, 77597D6AF90BF0FD50AF7271C800D84BE69E288760116B7A252FB8B068614A52 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:27:16.0515 0x00cc  SQLBrowser - ok
10:27:16.0609 0x00cc  [ D2F4F32B59440011174B4F8137AF4E0C, 82862C39B34D1ED6ED170DAAB385B6ABE5078A6CC995E396828695F2CE2542D9 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:27:16.0656 0x00cc  SQLWriter - ok
10:27:16.0718 0x00cc  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:27:16.0765 0x00cc  sr - ok
10:27:16.0875 0x00cc  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
10:27:16.0937 0x00cc  srservice - ok
10:27:17.0171 0x00cc  [ 89220B427890AA1DFFD1A02648AE51C3, E832B62178F2991B2D006F3FD540AE955811E29EB4FDE57445A5C532F8A57C15 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:27:17.0359 0x00cc  Srv - ok
10:27:17.0421 0x00cc  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:27:17.0453 0x00cc  SSDPSRV - ok
10:27:17.0546 0x00cc  [ 6F855B5625A47F3AC731A262FDC379A6, 230B7ACC80C18AF0F4184E3F55458CD0BEE620768CB1247E33226798BD2F5257 ] STacSV          C:\WINDOWS\system32\stacsv.exe
10:27:17.0609 0x00cc  STacSV - ok
10:27:18.0281 0x00cc  [ 951801DFB54D86F611F0AF47825476F9, 96A4453AB42953E6FE57377D125AFEB98B18901E1D8450CA96CE3304FBF79A90 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
10:27:18.0921 0x00cc  STHDA - ok
10:27:19.0125 0x00cc  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:27:19.0312 0x00cc  stisvc - ok
10:27:19.0359 0x00cc  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:27:19.0359 0x00cc  streamip - ok
10:27:19.0390 0x00cc  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:27:19.0390 0x00cc  swenum - ok
10:27:19.0437 0x00cc  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:27:19.0468 0x00cc  swmidi - ok
10:27:19.0484 0x00cc  SwPrv - ok
10:27:20.0484 0x00cc  [ 8FDAADF204A4F29214DA1B03342E2735, 3759DD5031D3559DCBC4656254E2E8597E2AB2C52E3BBCD2F5C33E58DF333C0D ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
10:27:21.0421 0x00cc  Symantec AntiVirus - ok
10:27:21.0484 0x00cc  [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
10:27:21.0484 0x00cc  symc810 - ok
10:27:21.0515 0x00cc  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:27:21.0546 0x00cc  symc8xx - ok
10:27:21.0625 0x00cc  [ DE6D1102D55926354171AE4E73936725, 649873476882ECC3A9329A58E68A01647FCFF0EBEF6DF7D0123F43CB298B1817 ] SymEvent        C:\Program Files\Symantec\SYMEVENT.SYS
10:27:21.0687 0x00cc  SymEvent - ok
10:27:21.0734 0x00cc  [ 6C0A85982F4E0D672B85A2BFB50A24B5, B278643F1EBE857DC5ECCAA4F2573EE01A7667413282FF8E57222767467C7E15 ] SYMREDRV        C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
10:27:21.0750 0x00cc  SYMREDRV - ok
10:27:21.0875 0x00cc  [ CDDA3BA3F7D5B63FF9F85CB478C11473, C0DCFB3520DBCCBCFF61BF7D1C0D6324CC9B0B47D9CBD40AA8109EBBB557CE57 ] SYMTDI          C:\WINDOWS\System32\Drivers\SYMTDI.SYS
10:27:21.0875 0x00cc  SYMTDI - ok
10:27:21.0921 0x00cc  [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:27:21.0937 0x00cc  sym_hi - ok
10:27:21.0953 0x00cc  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:27:21.0968 0x00cc  sym_u3 - ok
10:27:22.0109 0x00cc  [ FA2DAA32BED908023272A0F77D625DAE, 7A9A38360D694229BB8B9D3F4C0BEDCD6872F7F074CA81F1425E36C85F602B59 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:27:22.0218 0x00cc  SynTP - ok
10:27:22.0312 0x00cc  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:27:22.0343 0x00cc  sysaudio - ok
10:27:22.0421 0x00cc  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
10:27:22.0468 0x00cc  SysmonLog - ok
10:27:22.0656 0x00cc  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:27:22.0796 0x00cc  TapiSrv - ok
10:27:23.0015 0x00cc  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:27:23.0203 0x00cc  Tcpip - ok
10:27:23.0234 0x00cc  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:27:23.0234 0x00cc  TDPIPE - ok
10:27:23.0265 0x00cc  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
10:27:23.0281 0x00cc  TDTCP - ok
10:27:23.0328 0x00cc  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:27:23.0343 0x00cc  TermDD - ok
10:27:23.0515 0x00cc  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
10:27:23.0656 0x00cc  TermService - ok
10:27:23.0750 0x00cc  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:27:23.0750 0x00cc  Themes - ok
10:27:23.0812 0x00cc  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
10:27:23.0843 0x00cc  TlntSvr - ok
10:27:23.0875 0x00cc  [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
10:27:23.0875 0x00cc  TosIde - ok
10:27:23.0937 0x00cc  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:27:23.0984 0x00cc  TrkWks - ok
10:27:24.0046 0x00cc  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:27:24.0093 0x00cc  Udfs - ok
10:27:24.0109 0x00cc  UIUSys - ok
10:27:24.0171 0x00cc  [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
10:27:24.0187 0x00cc  ultra - ok
10:27:24.0421 0x00cc  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:27:24.0609 0x00cc  Update - ok
10:27:24.0718 0x00cc  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:27:24.0781 0x00cc  upnphost - ok
10:27:24.0828 0x00cc  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
10:27:24.0843 0x00cc  UPS - ok
10:27:24.0890 0x00cc  [ E919708DB44ED8543A7C017953148330, 226D032912D396117213FC29CD0BB5A8B2F872DD91D92F254F2F1FE392481B61 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
10:27:24.0921 0x00cc  usbaudio - ok
10:27:24.0968 0x00cc  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:27:24.0984 0x00cc  usbccgp - ok
10:27:25.0031 0x00cc  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:27:25.0046 0x00cc  usbehci - ok
10:27:25.0093 0x00cc  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:27:25.0125 0x00cc  usbhub - ok
10:27:25.0171 0x00cc  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:27:25.0187 0x00cc  usbprint - ok
10:27:25.0218 0x00cc  [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:27:25.0218 0x00cc  usbscan - ok
10:27:25.0265 0x00cc  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:27:25.0281 0x00cc  USBSTOR - ok
10:27:25.0328 0x00cc  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:27:25.0328 0x00cc  usbuhci - ok
10:27:25.0359 0x00cc  [ B6CC50279D6CD28E090A5D33244ADC9A, 1A861FBC6215A281EB66A0B63F39913EB2F5F39A70306943C4D4BE404B59E0F0 ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
10:27:25.0375 0x00cc  usb_rndisx - ok
10:27:25.0421 0x00cc  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
10:27:25.0437 0x00cc  VgaSave - ok
10:27:25.0484 0x00cc  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:27:25.0500 0x00cc  viaagp - ok
10:27:25.0531 0x00cc  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
10:27:25.0531 0x00cc  ViaIde - ok
10:27:25.0593 0x00cc  [ 5F974FDE801C73952770736BECDE11E7, 6321143932DA5C9DFBA257C590D2975C9514B1494B0E4ABF45951CE8EB58188F ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
10:27:25.0609 0x00cc  Viewpoint Manager Service - ok
10:27:25.0671 0x00cc  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
10:27:25.0703 0x00cc  VolSnap - ok
10:27:25.0921 0x00cc  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
10:27:26.0140 0x00cc  VSS - ok
10:27:26.0296 0x00cc  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time         C:\WINDOWS\system32\w32time.dll
10:27:26.0390 0x00cc  w32time - ok
10:27:27.0171 0x00cc  [ 95C7421F8BAFC85BA09D33364058937D, DD77094301CFCBD1421CE972A1045E432BACD735352BBFC34B98600E24718457 ] w39n51          C:\WINDOWS\system32\DRIVERS\w39n51.sys
10:27:27.0937 0x00cc  w39n51 - ok
10:27:28.0000 0x00cc  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:27:28.0015 0x00cc  Wanarp - ok
10:27:28.0031 0x00cc  wanatw - ok
10:27:28.0250 0x00cc  [ 060E8CB99CC0A6751DB5810C042B0D45, 2607F86B74B765D9D23F2F57553F6891B783581F94000F5A284A2E25DC259856 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:27:28.0421 0x00cc  Wdf01000 - ok
10:27:28.0437 0x00cc  WDICA - ok
10:27:28.0515 0x00cc  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:27:28.0562 0x00cc  wdmaud - ok
10:27:28.0625 0x00cc  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:27:28.0671 0x00cc  WebClient - ok
10:27:29.0062 0x00cc  [ BA6B6FB242A6BA4068C8B763063BEB63, 424324919D018033D93A19F30C8CACF4F88808A79EA17B35284EA02BA8A7DD27 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
10:27:29.0421 0x00cc  winachsf - ok
10:27:29.0578 0x00cc  [ 097A8291DF541F9B9AF2C500797CDCAA, 4FBA86C49570D4D5EE2F202D3C0C7D6B6C6CE2DE96CE55B1B5059997E78D7774 ] WinDriver6      C:\WINDOWS\system32\drivers\windrvr6.sys
10:27:29.0671 0x00cc  WinDriver6 - ok
10:27:29.0843 0x00cc  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:27:29.0906 0x00cc  winmgmt - ok
10:27:30.0156 0x00cc  [ C2ED9211101F3C9CF70B9CBDB3E99C8C, 8E0DEE3F476EB69347DD71DC61DADC80BEA4C8517B8B0E86BD171A2815B646F2 ] WLANKEEPER      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
10:27:30.0343 0x00cc  WLANKEEPER - ok
10:27:30.0390 0x00cc  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
10:27:30.0406 0x00cc  WmdmPmSN - ok
10:27:30.0765 0x00cc  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
10:27:31.0046 0x00cc  Wmi - ok
10:27:31.0093 0x00cc  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:27:31.0109 0x00cc  WmiAcpi - ok
10:27:31.0203 0x00cc  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:27:31.0265 0x00cc  WmiApSrv - ok
10:27:31.0812 0x00cc  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
10:27:32.0281 0x00cc  WMPNetworkSvc - ok
10:27:32.0375 0x00cc  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:27:32.0437 0x00cc  wscsvc - ok
10:27:32.0453 0x00cc  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:27:32.0468 0x00cc  WSTCODEC - ok
10:27:32.0500 0x00cc  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:27:32.0578 0x00cc  wuauserv - ok
10:27:32.0656 0x00cc  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:27:32.0703 0x00cc  WudfPf - ok
10:27:32.0765 0x00cc  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:27:32.0812 0x00cc  WudfRd - ok
10:27:32.0859 0x00cc  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
10:27:32.0875 0x00cc  WudfSvc - ok
10:27:33.0171 0x00cc  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:27:33.0406 0x00cc  WZCSVC - ok
10:27:33.0484 0x00cc  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
10:27:33.0531 0x00cc  xmlprov - ok
10:27:33.0593 0x00cc  [ EB7AE2DC574734BC0BF24BE0ADA76F2B, 620B2EB82A33862C782996D180CCF2F2AD225F1DF8D7123FB3E66810762E56CA ] xusb21          C:\WINDOWS\system32\DRIVERS\xusb21.sys
10:27:33.0625 0x00cc  xusb21 - ok
10:27:33.0750 0x00cc  [ 18F41AF6D22F4A68348D0D762D1E4517, 705BD6F926BEC7DB3E82907DE426574F41A9042DD34CD0A5C01E0CB9C3C67EA6 ] ZSMC302         C:\WINDOWS\system32\Drivers\usbvm302.sys
10:27:33.0859 0x00cc  ZSMC302 - ok
10:27:33.0906 0x00cc  ================ Scan global ===============================
10:27:33.0984 0x00cc  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
10:27:34.0171 0x00cc  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C, 1ED920E475221228EF215708701EC166A0B1BBCBD236E5B047420EBD0FF1371A ] C:\WINDOWS\system32\winsrv.dll
10:27:34.0484 0x00cc  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C, 1ED920E475221228EF215708701EC166A0B1BBCBD236E5B047420EBD0FF1371A ] C:\WINDOWS\system32\winsrv.dll
10:27:34.0562 0x00cc  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
10:27:34.0562 0x00cc  [ Global ] - ok
10:27:34.0562 0x00cc  ================ Scan MBR ==================================
10:27:34.0593 0x00cc  [ 87F75ABB087C82BEE3A1FBEC42BBABD0 ] \Device\Harddisk0\DR0
10:27:34.0593 0x00cc  Suspicious mbr (Forged): \Device\Harddisk0\DR0
10:27:34.0609 0x00cc  \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 ( 0 )
10:27:34.0609 0x00cc  \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
10:27:37.0125 0x00cc  ================ Scan VBR ==================================
10:27:37.0218 0x00cc  [ 271F56BEF2F9C7E7D23D32687BA5273E ] \Device\Harddisk0\DR0\Partition1
10:27:37.0218 0x00cc  \Device\Harddisk0\DR0\Partition1 - ok
10:27:37.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:38.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:39.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:40.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:41.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:42.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:43.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:44.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:45.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:46.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:47.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:48.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:49.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:50.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:51.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:52.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:53.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:54.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:55.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:56.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:57.0218 0x00cc  Waiting for KSN requests completion. In queue: 77
10:27:58.0359 0x00cc  AV detected via SS1: Microsoft Security Essentials, 4.1.0522.0, disabled, updated
10:27:58.0359 0x00cc  AV detected via SS1: Symantec AntiVirus Corporate Edition, 10.1.5.5000, enabled, outofdate
10:27:58.0359 0x00cc  Win FW state via NFM: enabled
10:28:00.0875 0x00cc  ============================================================
10:28:00.0875 0x00cc  Scan finished
10:28:00.0875 0x00cc  ============================================================
10:28:00.0906 0x0524  Detected object count: 1
10:28:00.0906 0x0524  Actual detected object count: 1
10:28:22.0921 0x0524  \Device\Harddisk0\DR0\# - copied to quarantine
10:28:22.0921 0x0524  \Device\Harddisk0\DR0 - copied to quarantine
10:28:22.0984 0x0524  \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
10:28:22.0984 0x0524  \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
10:28:23.0015 0x0524  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
10:28:23.0046 0x0524  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:28:23.0078 0x0524  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:28:23.0203 0x0524  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:28:23.0203 0x0524  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:28:23.0234 0x0524  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:28:23.0250 0x0524  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:28:23.0281 0x0524  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:28:23.0281 0x0524  \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
10:28:23.0296 0x0524  \Device\Harddisk0\DR0 - ok
10:28:23.0296 0x0524  \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure 
10:28:37.0296 0x079c  Deinitialize success


#14 1080stunts

1080stunts
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 20 October 2013 - 11:59 AM

Well.Everything worked.  Thanks so much for the help!



#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:10 AM

Posted 20 October 2013 - 05:39 PM

See if you can run MBAR now.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users