Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack Suspected; Google keeps going to Czech Republic version


  • This topic is locked This topic is locked
18 replies to this topic

#1 chrislbrown

chrislbrown

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:00 PM

Posted 22 December 2013 - 01:40 AM

Hello, and Merry Christmas.  I really do mean that, although it understandably might be after Christmas once someone is able to see this.  Well, it looks like our friends in the old Czech Republic are at it again.  Strange behavior from my web browsers include ridiculous lag times on certain sites; a button appearing on my Google Chrome bookmarks bar and then  an entire folder of bookmarks disappearing from it; redirecting to google.cz whenever I press the google button from within the browser; and additionally, Microsoft Word all of a sudden does not want to work.

 

I've updated my version of google chrome and changed my google password, as well as adding steps of authentication.  Yet, whatever was at the root of this is still around and I'd like to destroy it, firmly putting mud pie in the face of my criminal CZ doppleganger.

 

Thank you for your time and help!!

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by WSAdmin at 1:28:28 on 2013-12-22
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2996.1681 [GMT -5:00]
.
AV: System Center 2012 Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: System Center 2012 Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\SMART Technologies\Education Software\ResponseHardwareService.exe
C:\Windows\System32\rpcnet.exe
C:\Program Files\Lightspeed Systems\User Agent\UAService.exe
C:\Program Files\UltraVNC\WinVNC.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\ProgramData\Rpcnet\Bin\rpcld.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SMART Technologies\Education Software\ResponseSoftwareService.exe
C:\Windows\system32\wksprt.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://wsfcs.k12.nc.us/site/default.aspx?PageID=1
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - c:\program files\smart technologies\education software\win32\NotebookPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [SMART Board Service] "c:\program files\smart technologies\education software\SMARTBoardService.exe"
mRun: [SMART Board Tools] "c:\program files\smart technologies\education software\SMARTBoardTools.exe"
mRun: [Response Desktop Menu] "c:\program files\smart technologies\education software\DesktopMenu.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: Wallpaper = c:\windows\image_setup\wallpaper\TranscodedWallpaper.jpg
uPolicies-System: WallpaperStyle = 4
mPolicies-Explorer: UseDefaultTile = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:181
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableSecureUIAPaths = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: disablecad = dword:1
mPolicies-Windows\System: LeaveAppMgmtData = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{2FFD74F9-CE74-4AE0-8B4D-B7433305F86D} : DHCPNameServer = 10.4.223.146 10.4.223.145
TCP: Interfaces\{BA71545B-8851-466E-B0D9-37BA1C2B96F2} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{BA71545B-8851-466E-B0D9-37BA1C2B96F2}\350584D2C4731303645424 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BA71545B-8851-466E-B0D9-37BA1C2B96F2}\36862796372627166756E6 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{BA71545B-8851-466E-B0D9-37BA1C2B96F2}\7535643435F5D416E616765646 : DHCPNameServer = 10.4.223.146 10.4.223.145
TCP: Interfaces\{F3474035-994E-464D-BF95-FA93F3A753EA} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-10-5 165760]
R1 MpKslb366cd61;MpKslb366cd61;c:\programdata\microsoft\microsoft antimalware\definition updates\{af8f6d34-5ffd-49a2-8c8f-3cbde5b9a275}\MpKslb366cd61.sys [2013-12-21 40392]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2013-7-31 137528]
R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2013-9-17 65657]
R2 Response Hardware;Response Hardware;c:\program files\smart technologies\education software\ResponseHardwareService.exe [2011-6-23 19312]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2013-8-22 45056]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\rpcnet\bin\rpcld.exe --> c:\programdata\rpcnet\bin\rpcld.exe [?]
R2 UAService;User Agent Service;c:\program files\lightspeed systems\user agent\UAService.exe [2013-2-26 522240]
R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2013-8-22 2016504]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2013-8-22 127232]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2013-8-22 268968]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2013-8-22 125696]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-10-5 43392]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\Netwsn00.sys [2013-8-22 10339840]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-10-5 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-9-2 208928]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2011-7-13 11632]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2011-7-13 14704]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2011-7-13 21872]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2013-3-20 6272]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
S3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2013-8-22 9037312]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2013-3-19 21376]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2013-3-19 23936]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2013-3-20 11264]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
.
=============== Created Last 30 ================
.
2013-12-21 21:36:40 40392 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{af8f6d34-5ffd-49a2-8c8f-3cbde5b9a275}\MpKslb366cd61.sys
2013-12-21 20:58:25 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{af8f6d34-5ffd-49a2-8c8f-3cbde5b9a275}\mpengine.dll
2013-12-17 17:21:47 -------- d-----w- c:\program files\ooVoo
2013-12-02 13:11:31 -------- d-----w- c:\windows\system32\??
.
==================== Find3M  ====================
.
2013-12-22 06:08:26 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2013-12-19 14:54:50 69792 ----a-w- c:\windows\system32\rpcnet.dll
2013-12-11 18:48:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 18:48:17 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: HITACHI_ rev.EC2Z -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x82C1B000]<< >>UNKNOWN [0x8B599000]<< >>UNKNOWN [0x8B608000]<< >>UNKNOWN [0x8AEBB000]<< >>UNKNOWN [0x8302D000]<< >>UNKNOWN [0x8B027000]<< 
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL;  }
1 ntkrnlpa!IofCallDriver[0x82C5255A] -> \Device\Harddisk0\DR0[0x87DF0948]
\Driver\Disk[0x87DEFDF0] -> IRP_MJ_CREATE -> 0x8B59D39F
3 [0x8B59D59E] -> ntkrnlpa!IofCallDriver[0x82C5255A] -> [0x8627A8E0]
\Driver\ACPI[0x85592C10] -> IRP_MJ_CREATE -> 0x8AEC44CC
5 [0x8AEC43D4] -> ntkrnlpa!IofCallDriver[0x82C5255A] -> \Device\Ide\IAAStorageDevice-1[0x8625A028]
\Driver\iaStor[0x862754A0] -> IRP_MJ_CREATE -> 0x8B04DC54
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
user & kernel MBR OK 
Warning: possible TDL3 rootkit infection !
.
============= FINISH:  1:28:53.49 ===============
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,700 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 27 December 2013 - 08:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518245 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:00 PM

Posted 28 December 2013 - 06:05 AM

I reinstalled Google, which upgraded it to the newest version, and I am not having the same frequency of the problem.  But the fact that it was there in the first place, And I got a notification from Google that someone had tried to access my account from the Czech Republic, makes me think that something still needs to be undone in the guts of this laptop.

 

Logs:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.25.2
Run by scmcdowell at 5:58:07 on 2013-12-28
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2996.918 [GMT -5:00]
.
AV: System Center 2012 Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: System Center 2012 Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\SMART Technologies\Education Software\ResponseHardwareService.exe
C:\Windows\System32\rpcnet.exe
C:\Program Files\Lightspeed Systems\User Agent\UAService.exe
C:\Program Files\UltraVNC\WinVNC.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SMART Technologies\Education Software\ResponseSoftwareService.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://wsfcs.k12.nc.us/site/default.aspx?PageID=1
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - c:\program files\smart technologies\education software\win32\NotebookPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [SMART Board Service] "c:\program files\smart technologies\education software\SMARTBoardService.exe"
mRun: [SMART Board Tools] "c:\program files\smart technologies\education software\SMARTBoardTools.exe"
mRun: [Response Desktop Menu] "c:\program files\smart technologies\education software\DesktopMenu.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: ForceActiveDesktopOn = dword:1
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
uPolicies-Explorer: ForceClassicControlPanel = dword:1
uPolicies-Explorer: NoSimpleStartMenu = dword:1
uPolicies-Explorer: NoSMConfigurePrograms = dword:1
uPolicies-Explorer: NoInternetIcon = dword:1
uPolicies-Explorer: NoPropertiesMyDocuments = dword:1
uPolicies-Explorer: NoPropertiesMyComputer = dword:1
uPolicies-Explorer: DisablePersonalDirChange = dword:1
uPolicies-Explorer: NoWindowsUpdate = dword:1
uPolicies-Explorer: NoSMMyDocs = dword:1
uPolicies-Explorer: NoSMMyPictures = dword:1
uPolicies-Explorer: NoStartMenuMyMusic = dword:1
uPolicies-Explorer: NoStartMenuNetworkPlaces = dword:1
uPolicies-Explorer: NoSMHelp = dword:1
uPolicies-Explorer: NoNetworkConnections = dword:1
uPolicies-Explorer: NoSetTaskbar = dword:1
uPolicies-Explorer: LockTaskbar = dword:1
uPolicies-Explorer: NoSMBalloonTip = dword:1
uPolicies-Explorer: NoStartMenuPinnedList = dword:1
uPolicies-Explorer: NoToolbarsOnTaskbar = dword:1
uPolicies-Explorer: NoCloseDragDropBands = dword:1
uPolicies-Explorer: NoPublishingWizard = dword:1
uPolicies-Explorer: NoWebServices = dword:1
uPolicies-Explorer: NoOnlinePrintsWizard = dword:1
uPolicies-Explorer: NoAutoTrayNotify = dword:1
uPolicies-Explorer: NoFolderOptions = dword:1
uPolicies-Explorer: NoNetConnectDisconnect = dword:1
uPolicies-Explorer: NoManageMyComputerVerb = dword:1
uPolicies-Explorer: EnforceShellExtensionSecurity = dword:1
uPolicies-Explorer: NoDFSTab = dword:1
uPolicies-Explorer: NoHardwareTab = dword:1
uPolicies-Explorer: NoSecurityTab = dword:1
uPolicies-Explorer: NoRunasInstallPrompt = dword:1
uPolicies-Explorer: MaxRecentDocs = dword:10
uPolicies-Explorer: NoComputersNearMe = dword:1
uPolicies-Explorer: NoChangeKeyboardNavigationIndicators = dword:1
uPolicies-Explorer: NoChangeAnimation = dword:1
uPolicies-Explorer: PreXPSP2ShellProtocolBehavior = dword:1
uPolicies-Explorer: NoWinKeys = dword:1
uPolicies-Explorer: NoThumbnailCache = dword:1
uPolicies-Explorer: RecycleBinSize = dword:30
uPolicies-Explorer: DisallowCpl = dword:1
uPolicies-Explorer: NoCommonGroups = dword:1
uPolicies-System: Wallpaper = c:\windows\image_setup\wallpaper\TranscodedWallpaper.jpg
uPolicies-System: WallpaperStyle = 4
uPolicies-System: NoDispBackgroundPage = dword:1
uPolicies-System: NoDispAppearancePage = dword:1
uPolicies-System: NoDispScrSavPage = dword:1
mPolicies-Explorer: UseDefaultTile = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:181
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableSecureUIAPaths = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: disablecad = dword:1
mPolicies-Windows\System: LeaveAppMgmtData = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{2FFD74F9-CE74-4AE0-8B4D-B7433305F86D} : DHCPNameServer = 10.4.223.146 10.4.223.145
TCP: Interfaces\{BA71545B-8851-466E-B0D9-37BA1C2B96F2} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{BA71545B-8851-466E-B0D9-37BA1C2B96F2}\350584D2C4731303645424 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BA71545B-8851-466E-B0D9-37BA1C2B96F2}\36862796372627166756E6 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{BA71545B-8851-466E-B0D9-37BA1C2B96F2}\7535643435F5D416E616765646 : DHCPNameServer = 10.4.223.146 10.4.223.145
TCP: Interfaces\{F3474035-994E-464D-BF95-FA93F3A753EA} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-10-5 165760]
R1 MpKsl06261778;MpKsl06261778;c:\programdata\microsoft\microsoft antimalware\definition updates\{000587fc-4bef-440d-b826-641e7f99ddde}\MpKsl06261778.sys [2013-12-28 40392]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2013-7-31 137528]
R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2013-9-17 65657]
R2 Response Hardware;Response Hardware;c:\program files\smart technologies\education software\ResponseHardwareService.exe [2011-6-23 19312]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2013-8-22 45056]
R2 UAService;User Agent Service;c:\program files\lightspeed systems\user agent\UAService.exe [2013-2-26 522240]
R2 uvnc_service;uvnc_service;c:\program files\ultravnc\winvnc.exe [2013-8-22 2016504]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2013-8-22 127232]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2013-8-22 268968]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2013-8-22 125696]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-10-5 43392]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\Netwsn00.sys [2013-8-22 10339840]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-10-5 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-9-2 208928]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2011-7-13 11632]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2011-7-13 14704]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2011-7-13 21872]
S2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\rpcnet\bin\rpcld.exe --> c:\programdata\rpcnet\bin\rpcld.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2013-3-20 6272]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
S3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2013-8-22 9037312]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2013-3-19 21376]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2013-3-19 23936]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2013-3-20 11264]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
.
=============== Created Last 30 ================
.
2013-12-28 06:58:57 40392 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{000587fc-4bef-440d-b826-641e7f99ddde}\MpKsl06261778.sys
2013-12-28 06:58:56 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{000587fc-4bef-440d-b826-641e7f99ddde}\offreg.dll
2013-12-28 06:57:02 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{000587fc-4bef-440d-b826-641e7f99ddde}\mpengine.dll
2013-12-17 17:22:49 -------- d-----w- c:\users\scmcdowell\appdata\roaming\ooVoo Details
2013-12-17 17:21:47 -------- d-----w- c:\program files\ooVoo
2013-12-02 13:11:31 -------- d-----w- c:\windows\system32\??
.
==================== Find3M  ====================
.
2013-12-27 23:06:57 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2013-12-19 14:54:50 69792 ----a-w- c:\windows\system32\rpcnet.dll
2013-12-11 18:48:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 18:48:17 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: HITACHI_ rev.EC2Z -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x82C1B000]<< >>UNKNOWN [0x8B599000]<< >>UNKNOWN [0x8B608000]<< >>UNKNOWN [0x8AEBB000]<< >>UNKNOWN [0x8302D000]<< >>UNKNOWN [0x8B027000]<< 
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL;  }
1 ntkrnlpa!IofCallDriver[0x82C5255A] -> \Device\Harddisk0\DR0[0x87DF0948]
\Driver\Disk[0x87DEFDF0] -> IRP_MJ_CREATE -> 0x8B59D39F
3 [0x8B59D59E] -> ntkrnlpa!IofCallDriver[0x82C5255A] -> [0x8627A8E0]
\Driver\ACPI[0x85592C10] -> IRP_MJ_CREATE -> 0x8AEC44CC
5 [0x8AEC43D4] -> ntkrnlpa!IofCallDriver[0x82C5255A] -> \Device\Ide\IAAStorageDevice-1[0x8625A028]
\Driver\iaStor[0x862754A0] -> IRP_MJ_CREATE -> 0x8B04DC54
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
user & kernel MBR OK 
Warning: possible TDL3 rootkit infection !
.
============= FINISH:  5:58:51.31 ===============
 

Oh, and, I do not have the original windows installation disk.  Thank you for your help!  --Chris

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 28 December 2013 - 11:07 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:00 PM

Posted 04 January 2014 - 01:50 AM

Hi and Thank You.  Happy 2014.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-01-2014
Ran by scmcdowell (administrator) on E351A025024 on 04-01-2014 01:44:48
Running from C:\Users\scmcdowell\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\ResponseHardwareService.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(Lightspeed Systems) C:\Program Files\Lightspeed Systems\User Agent\UAService.exe
(UltraVNC) C:\Program Files\UltraVNC\winvnc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\ResponseSoftwareService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\ProgramData\Rpcnet\Bin\rpcld.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(UltraVNC) C:\Program Files\UltraVNC\winvnc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [998760 2011-10-29] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2325776 2012-02-09] (Synaptics Incorporated)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SMART Board Service] - C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe [1761136 2011-07-13] (SMART Technologies)
HKLM\...\Run: [SMART Board Tools] - C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe [9800560 2011-06-23] (SMART Technologies ULC)
HKLM\...\Run: [Response Desktop Menu] - C:\Program Files\SMART Technologies\Education Software\DesktopMenu.exe [1900912 2011-06-23] (SMART Technologies)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM Group Policy restriction on software: c:\windows\psexec.exe <====== ATTENTION
HKLM Group Policy restriction on software: P:\*.rar <====== ATTENTION
HKLM Group Policy restriction on software: S:\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\psexesvc.exe <====== ATTENTION
HKLM Group Policy restriction on software: H:\zPharaoh.exe <====== ATTENTION
HKLM Group Policy restriction on software: P:\autorun.inf <====== ATTENTION
HKLM Group Policy restriction on software: H:\autorun.inf <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\system32\vistaupgrade.exe <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\system32\2.exe <====== ATTENTION
HKLM Group Policy restriction on software: S:\*.rar <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\system32\1.exe <====== ATTENTION
HKLM Group Policy restriction on software: S:\autorun.inf <====== ATTENTION
HKLM Group Policy restriction on software: P:\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: H:\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: c:\windows\psexecsvc.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\zPharaoh.exe <====== ATTENTION
HKLM Group Policy restriction on software: H:\*.rar <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\1.taz <====== ATTENTION
HKLM Group Policy restriction on software: %UserProfile%\Local Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKCU Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKCU Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKCU Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKCU Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [UseDefaultTile] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Policies\system: [Wallpaper] C:\Windows\Image_Setup\Wallpaper\TranscodedWallpaper.jpg
HKCU\...\Policies\system: [WallpaperStyle] 4
HKCU\...\Policies\system: [NoDispBackgroundPage] 1
HKCU\...\Policies\system: [NoDispAppearancePage] 1
HKCU\...\Policies\system: [NoDispScrSavPage] 1
HKCU\...\Policies\Explorer: [ForceActiveDesktopOn] 1
HKCU\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKCU\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKCU\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKCU\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKCU\...\Policies\Explorer: [NoInternetIcon] 1
HKCU\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKCU\...\Policies\Explorer: [NoPropertiesMyComputer] 1
HKCU\...\Policies\Explorer: [NoNetHood] 1
HKCU\...\Policies\Explorer: [DisablePersonalDirChange] 1
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 1
HKCU\...\Policies\Explorer: [NoSMMyDocs] 1
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKCU\...\Policies\Explorer: [NoSMMyPictures] 1
HKCU\...\Policies\Explorer: [NoStartMenuMyMusic] 1
HKCU\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKCU\...\Policies\Explorer: [NoSMHelp] 1
HKCU\...\Policies\Explorer: [NoNetworkConnections] 1
HKCU\...\Policies\Explorer: [NoSetTaskbar] 1
HKCU\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKCU\...\Policies\Explorer: [LockTaskbar] 1
HKCU\...\Policies\Explorer: [NoSMBalloonTip] 1
HKCU\...\Policies\Explorer: [NoStartMenuPinnedList] 1
HKCU\...\Policies\Explorer: [NoToolbarsOnTaskbar] 1
HKCU\...\Policies\Explorer: [NoSaveSettings] 1
HKCU\...\Policies\Explorer: [NoCloseDragDropBands] 1
HKCU\...\Policies\Explorer: [NoPublishingWizard] 1
HKCU\...\Policies\Explorer: [NoWebServices] 1
HKCU\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKCU\...\Policies\Explorer: [NoInternetOpenWith] 1
HKCU\...\Policies\Explorer: [NoResolveSearch] 1
HKCU\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKCU\...\Policies\Explorer: [NoFolderOptions] 1
HKCU\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKCU\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKCU\...\Policies\Explorer: [EnforceShellExtensionSecurity] 1
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoDFSTab] 1
HKCU\...\Policies\Explorer: [NoHardwareTab] 1
HKCU\...\Policies\Explorer: [NoSecurityTab] 1
HKCU\...\Policies\Explorer: [NoRunasInstallPrompt] 1
HKCU\...\Policies\Explorer: [MaxRecentDocs] 10
HKCU\...\Policies\Explorer: [NoComputersNearMe] 1
HKCU\...\Policies\Explorer: [NoChangeKeyboardNavigationIndicators] 1
HKCU\...\Policies\Explorer: [NoChangeAnimation] 1
HKCU\...\Policies\Explorer: [PreXPSP2ShellProtocolBehavior] 1
HKCU\...\Policies\Explorer: [NoWinKeys] 1
HKCU\...\Policies\Explorer: [NoThumbnailCache] 1
HKCU\...\Policies\Explorer: [NoSharedDocuments] 1
HKCU\...\Policies\Explorer: [RecycleBinSize] 30
HKCU\...\Policies\Explorer: [DisallowCpl] 1
HKCU\...\Policies\Explorer: [NoCommonGroups] 1
MountPoints2: {320f286f-1c64-11e3-8537-78dd08aa607b} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\Default\...\Policies\system: [Wallpaper] C:\Windows\Image_Setup\Wallpaper\TranscodedWallpaper.jpg
HKU\Default\...\Policies\system: [WallpaperStyle] 4
HKU\Default User\...\Policies\system: [Wallpaper] C:\Windows\Image_Setup\Wallpaper\TranscodedWallpaper.jpg
HKU\Default User\...\Policies\system: [WallpaperStyle] 4
HKU\e351t\...\Policies\system: [Wallpaper] C:\Windows\Image_Setup\Wallpaper\TranscodedWallpaper.jpg
HKU\e351t\...\Policies\system: [WallpaperStyle] 4
HKU\e351t\...\Policies\system: [NoDispBackgroundPage] 1
HKU\e351t\...\Policies\system: [NoDispAppearancePage] 1
HKU\e351t\...\Policies\system: [NoDispScrSavPage] 1
HKU\gshill\...\Policies\system: [Wallpaper] C:\Windows\Image_Setup\Wallpaper\TranscodedWallpaper.jpg
HKU\gshill\...\Policies\system: [WallpaperStyle] 4
HKU\ServiceUser\...\Policies\system: [Wallpaper] C:\Windows\Image_Setup\Wallpaper\TranscodedWallpaper.jpg
HKU\ServiceUser\...\Policies\system: [WallpaperStyle] 4
HKU\tdjones3\...\Policies\system: [Wallpaper] C:\Windows\Image_Setup\Wallpaper\TranscodedWallpaper.jpg
HKU\tdjones3\...\Policies\system: [WallpaperStyle] 4
HKU\wksadmin\...\Policies\system: [Wallpaper] C:\Windows\Image_Setup\Wallpaper\TranscodedWallpaper.jpg
HKU\wksadmin\...\Policies\system: [WallpaperStyle] 4
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wsfcs.k12.nc.us/site/default.aspx?PageID=1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBE2AC3AE7754CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\scmcdowell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\scmcdowell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\scmcdowell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\scmcdowell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\scmcdowell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\scmcdowell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11720 2011-09-02] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208928 2011-09-02] (Microsoft Corporation)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)
R2 Response Hardware; C:\Program Files\SMART Technologies\Education Software\ResponseHardwareService.exe [19312 2011-06-23] (SMART Technologies)
R2 Rpcnet; C:\Windows\System32\rpcnet.exe [69792 2013-08-22] (Absolute Software Corp.)
R2 UAService; C:\Program Files\Lightspeed Systems\User Agent\UAService.exe [522240 2013-02-26] (Lightspeed Systems)
R2 uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [2016504 2011-05-18] (UltraVNC)
R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [9037312 2011-10-13] (Intel Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165760 2011-10-05] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-10-05] (Microsoft Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10339840 2012-02-20] (Intel Corporation)
R3 SMARTMouseFilterx86; C:\Windows\System32\DRIVERS\SMARTMouseFilterx86.sys [11632 2011-07-13] (SMART Technologies ULC)
R3 SMARTVHidMini2000x86; C:\Windows\System32\DRIVERS\SMARTVHidMini2000x86.sys [14704 2011-07-13] (SMART Technologies ULC)
R3 SMARTVTabletPCx86; C:\Windows\System32\DRIVERS\SMARTVTabletPCx86.sys [21872 2011-07-13] (SMART Technologies ULC)
S3 TPM; C:\Windows\System32\drivers\tpm.sys [13824 2008-03-26] (Intel Corporation)
U3 mbr; \??\C:\Users\WSAdmin\AppData\Local\Temp\mbr.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-04 01:44 - 2014-01-04 01:45 - 00023069 _____ C:\Users\scmcdowell\Desktop\FRST.txt
2014-01-04 01:44 - 2014-01-04 01:44 - 00000000 ____D C:\FRST
2014-01-04 01:42 - 2014-01-04 01:42 - 01064761 _____ (Farbar) C:\Users\scmcdowell\Desktop\FRST.exe
2014-01-01 05:02 - 2014-01-01 05:02 - 00000000 ____H C:\Users\scmcdowell\Default.rdp
2014-01-01 05:02 - 2014-01-01 05:02 - 00000000 ____H C:\Users\scmcdowell\Default.rdp
2013-12-29 12:34 - 2013-09-07 10:02 - 72014156 ____N C:\Users\WSAdmin\Desktop\VID_20130907_105952_985.mp4
2013-12-29 12:34 - 2013-08-27 16:04 - 58419714 ____N C:\Users\WSAdmin\Desktop\VID_20130827_170331_555.mp4
2013-12-29 12:32 - 2013-09-02 13:15 - 76674750 ____N C:\Users\WSAdmin\Desktop\VID_20130902_141417_697.mp4
2013-12-29 12:30 - 2013-08-27 16:05 - 130116948 ____N C:\Users\WSAdmin\Desktop\VID_20130827_170419_372.mp4
2013-12-29 12:27 - 2013-09-12 15:47 - 133756961 ____N C:\Users\WSAdmin\Desktop\VID_20130912_164631_463.mp4
2013-12-29 12:10 - 2013-10-19 09:00 - 30245912 ____N C:\Users\WSAdmin\Desktop\VID_20131019_095959_966.mp4
2013-12-29 12:10 - 2013-10-09 11:35 - 56263198 ____N C:\Users\WSAdmin\Desktop\VID_20131009_123458_232.mp4
2013-12-29 12:09 - 2013-12-24 14:18 - 75671618 ____N C:\Users\WSAdmin\Desktop\VID_20131224_141739_868.mp4
2013-12-29 12:09 - 2013-11-07 19:45 - 81611907 ____N C:\Users\WSAdmin\Desktop\VID_20131107_194105_642.mp4
2013-12-29 12:09 - 2013-10-25 09:58 - 102103502 ____N C:\Users\WSAdmin\Desktop\VID_20131025_105740_259.mp4
2013-12-29 11:50 - 2013-12-29 11:50 - 00000020 _____ C:\Windows\ðóC
2013-12-29 11:49 - 2013-12-29 11:50 - 00000000 ____D C:\Program Files\Windows Live
2013-12-29 11:49 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-12-29 11:49 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-12-29 11:49 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-12-29 11:49 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-12-29 11:49 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2013-12-29 11:49 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2013-12-29 11:45 - 2013-12-29 11:45 - 00002062 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-12-29 11:45 - 2013-12-29 11:45 - 00002062 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-12-29 11:45 - 2013-12-29 11:45 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-12-29 11:44 - 2013-12-29 11:45 - 00000000 ___RD C:\Users\WSAdmin\SkyDrive
2013-12-29 11:44 - 2013-12-29 11:45 - 00000000 ___RD C:\Users\WSAdmin\SkyDrive
2013-12-29 11:44 - 2013-12-29 11:44 - 00002128 _____ C:\Users\WSAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-12-29 11:44 - 2013-12-29 11:44 - 00000000 ____D C:\Users\WSAdmin\AppData\Local\Windows Live
2013-12-29 11:44 - 2013-12-29 11:44 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-12-29 11:44 - 2013-12-29 11:44 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-12-29 11:44 - 2013-12-29 11:44 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-12-28 18:37 - 2014-01-04 01:41 - 00000000 ____D C:\Users\WSAdmin\AppData\Roaming\Skype
2013-12-28 05:58 - 2013-12-28 05:58 - 00020245 _____ C:\Users\scmcdowell\Desktop\dds.txt
2013-12-28 05:58 - 2013-12-28 05:58 - 00013569 _____ C:\Users\scmcdowell\Desktop\attach.txt
2013-12-28 05:57 - 2013-12-28 05:57 - 00688992 ____R (Swearware) C:\Users\scmcdowell\Downloads\dds (3).com
2013-12-24 17:12 - 2013-12-24 17:12 - 01321015 _____ C:\Users\scmcdowell\Downloads\VID 00025-20110609-1134.3GP
2013-12-23 15:42 - 2013-12-23 15:42 - 00688992 _____ (Swearware) C:\Users\scmcdowell\Downloads\dds (2).com
2013-12-23 04:38 - 2013-12-23 04:38 - 00000000 ____D C:\Users\WSAdmin\AppData\Roaming\Macromedia
2013-12-22 01:29 - 2013-12-22 01:29 - 00007863 _____ C:\Users\WSAdmin\Desktop\attach.txt
2013-12-22 01:29 - 2013-12-22 01:28 - 00015345 _____ C:\Users\WSAdmin\Desktop\dds.txt
2013-12-21 22:21 - 2013-12-21 22:21 - 00688992 ____R (Swearware) C:\Users\WSAdmin\Desktop\dds.com
2013-12-21 21:32 - 2013-12-21 21:32 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-21 18:37 - 2013-12-21 18:38 - 00688992 _____ (Swearware) C:\Users\scmcdowell\Downloads\dds (1).com
2013-12-21 18:35 - 2013-12-21 18:37 - 00688992 _____ (Swearware) C:\Users\scmcdowell\Downloads\dds.com
2013-12-21 18:14 - 2013-12-21 18:15 - 00688992 _____ (Swearware) C:\Users\scmcdowell\Desktop\dds.com
2013-12-21 09:18 - 2013-12-21 09:20 - 15951305 _____ C:\Users\scmcdowell\Downloads\documents-export-2013-12-21.zip
2013-12-19 09:53 - 2013-12-19 09:53 - 00000000 ____D C:\Users\tdjones3\AppData\Local\Adobe
2013-12-19 09:48 - 2013-12-19 09:48 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\SMART Technologies
2013-12-19 09:48 - 2013-12-19 09:48 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Epson
2013-12-19 09:48 - 2013-12-19 09:48 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Apple Computer
2013-12-19 09:47 - 2013-12-19 09:53 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Adobe
2013-12-19 09:47 - 2013-12-19 09:52 - 00001634 _____ C:\Users\tdjones3\Desktop\Staff Shared Folder.lnk
2013-12-19 09:47 - 2013-12-19 09:47 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Motorola Mobility
2013-12-19 09:47 - 2013-12-19 09:47 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Teacher Applications
2013-12-19 09:46 - 2013-12-19 09:52 - 00002104 _____ C:\Users\tdjones3\Desktop\Google Chrome.lnk
2013-12-19 09:46 - 2013-12-19 09:52 - 00001916 _____ C:\Users\tdjones3\Desktop\Internet Explorer.lnk
2013-12-19 09:46 - 2013-12-19 09:52 - 00001753 _____ C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Workstation Information.lnk
2013-12-19 09:46 - 2013-12-19 09:52 - 00001636 _____ C:\Users\tdjones3\Desktop\Student Shared Folder.lnk
2013-12-19 09:46 - 2013-12-19 09:52 - 00001614 _____ C:\Users\tdjones3\Desktop\Home Folder.lnk
2013-12-19 09:46 - 2013-12-19 09:52 - 00000609 _____ C:\Users\tdjones3\Desktop\Orchard.lnk
2013-12-19 09:46 - 2013-12-19 09:52 - 00000134 _____ C:\Users\tdjones3\Desktop\Destiny Online Catalog.url
2013-12-19 09:46 - 2013-12-19 09:52 - 00000130 _____ C:\Users\tdjones3\Desktop\Cook Online.url
2013-12-19 09:46 - 2013-12-19 09:52 - 00000125 _____ C:\Users\tdjones3\Desktop\Staff Email.url
2013-12-19 09:46 - 2013-12-19 09:52 - 00000116 _____ C:\Users\tdjones3\Desktop\Starfall.url
2013-12-19 09:46 - 2013-12-19 09:46 - 00008696 __RSH C:\Users\tdjones3\ntuser.pol
2013-12-19 09:46 - 2013-12-19 09:46 - 00008696 __RSH C:\Users\tdjones3\ntuser.pol
2013-12-19 09:46 - 2013-12-19 09:46 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Student Applications
2013-12-19 09:46 - 2013-12-19 09:46 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Applications
2013-12-19 09:46 - 2013-12-19 09:46 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities
2013-12-19 09:46 - 2013-12-19 09:46 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2013-12-19 09:46 - 2013-12-19 09:46 - 00000000 ____D C:\Users\tdjones3
2013-12-19 09:46 - 2013-08-22 10:20 - 00000000 ____D C:\Users\tdjones3\AppData\Local\Google
2013-12-19 09:46 - 2013-08-22 10:16 - 00108824 _____ C:\Users\tdjones3\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-19 09:46 - 2013-08-22 10:07 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-12-19 09:46 - 2013-08-22 09:48 - 00000000 ____D C:\Users\tdjones3\AppData\Local\Microsoft Help
2013-12-19 09:46 - 2012-06-25 15:27 - 00001417 _____ C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-19 09:46 - 2012-06-25 15:26 - 00000020 ___SH C:\Users\tdjones3\ntuser.ini
2013-12-19 09:46 - 2012-06-25 15:26 - 00000020 ___SH C:\Users\tdjones3\ntuser.ini
2013-12-19 09:46 - 2012-06-25 15:26 - 00000000 ____D C:\Users\tdjones3\AppData\Local\VirtualStore
2013-12-19 09:46 - 2009-07-13 23:42 - 00000000 ___RD C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-19 09:46 - 2009-07-13 23:37 - 00000000 ___RD C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-17 12:22 - 2013-12-17 12:22 - 00000000 ____D C:\Users\scmcdowell\AppData\Roaming\ooVoo Details
2013-12-17 12:21 - 2013-12-17 12:21 - 00001815 _____ C:\Users\Public\Desktop\ooVoo.lnk
2013-12-17 12:21 - 2013-12-17 12:21 - 00000000 ____D C:\Program Files\ooVoo
2013-12-17 12:19 - 2013-12-17 12:20 - 02512960 _____ (ooVoo LLC) C:\Users\scmcdowell\Downloads\ooVooSetup.exe
 
==================== One Month Modified Files and Folders =======
 
2014-01-04 01:45 - 2014-01-04 01:44 - 00023069 _____ C:\Users\scmcdowell\Desktop\FRST.txt
2014-01-04 01:44 - 2014-01-04 01:44 - 00000000 ____D C:\FRST
2014-01-04 01:42 - 2014-01-04 01:42 - 01064761 _____ (Farbar) C:\Users\scmcdowell\Desktop\FRST.exe
2014-01-04 01:41 - 2013-12-28 18:37 - 00000000 ____D C:\Users\WSAdmin\AppData\Roaming\Skype
2014-01-04 01:38 - 2013-09-12 17:00 - 02073310 _____ C:\Windows\WindowsUpdate.log
2014-01-04 01:38 - 2013-08-22 10:20 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-04 01:37 - 2013-08-22 09:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-04 01:37 - 2012-06-25 18:19 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2014-01-03 19:39 - 2012-10-22 11:26 - 00000157 __RSH C:\ProgramData\3002.xml
2014-01-03 19:39 - 2012-10-22 11:26 - 00000157 __RSH C:\ProgramData\3002.xml
2014-01-03 19:39 - 2010-11-20 16:01 - 00798564 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 13:37 - 2009-07-13 23:39 - 00047756 _____ C:\Windows\setupact.log
2014-01-03 12:37 - 2013-08-22 10:20 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 05:02 - 2014-01-01 05:02 - 00000000 ____H C:\Users\scmcdowell\Default.rdp
2014-01-01 05:02 - 2014-01-01 05:02 - 00000000 ____H C:\Users\scmcdowell\Default.rdp
2014-01-01 05:02 - 2013-09-13 06:10 - 00000000 ____D C:\Users\scmcdowell
2013-12-30 16:08 - 2009-07-13 23:34 - 00019120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-30 16:08 - 2009-07-13 23:34 - 00019120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-29 12:20 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-29 11:50 - 2013-12-29 11:50 - 00000020 _____ C:\Windows\ðóC
2013-12-29 11:50 - 2013-12-29 11:49 - 00000000 ____D C:\Program Files\Windows Live
2013-12-29 11:50 - 2013-08-22 09:50 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-12-29 11:49 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-12-29 11:46 - 2013-08-22 09:50 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-12-29 11:45 - 2013-12-29 11:45 - 00002062 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-12-29 11:45 - 2013-12-29 11:45 - 00002062 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-12-29 11:45 - 2013-12-29 11:45 - 00000000 ____D C:\Program Files\Microsoft SkyDrive
2013-12-29 11:45 - 2013-12-29 11:44 - 00000000 ___RD C:\Users\WSAdmin\SkyDrive
2013-12-29 11:45 - 2013-12-29 11:44 - 00000000 ___RD C:\Users\WSAdmin\SkyDrive
2013-12-29 11:44 - 2013-12-29 11:44 - 00002128 _____ C:\Users\WSAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-12-29 11:44 - 2013-12-29 11:44 - 00000000 ____D C:\Users\WSAdmin\AppData\Local\Windows Live
2013-12-29 11:44 - 2013-12-29 11:44 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-12-29 11:44 - 2013-12-29 11:44 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-12-29 11:44 - 2013-12-29 11:44 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-12-29 11:44 - 2012-06-25 15:26 - 00000000 ____D C:\Users\WSAdmin
2013-12-28 18:38 - 2013-09-18 12:22 - 00000000 ___RD C:\Program Files\Skype
2013-12-28 18:38 - 2013-09-18 12:22 - 00000000 ____D C:\ProgramData\Skype
2013-12-28 18:38 - 2013-09-18 12:22 - 00000000 ____D C:\ProgramData\Skype
2013-12-28 05:58 - 2013-12-28 05:58 - 00020245 _____ C:\Users\scmcdowell\Desktop\dds.txt
2013-12-28 05:58 - 2013-12-28 05:58 - 00013569 _____ C:\Users\scmcdowell\Desktop\attach.txt
2013-12-28 05:57 - 2013-12-28 05:57 - 00688992 ____R (Swearware) C:\Users\scmcdowell\Downloads\dds (3).com
2013-12-28 01:17 - 2013-09-18 12:22 - 00000000 ____D C:\Users\scmcdowell\AppData\Roaming\Skype
2013-12-24 17:12 - 2013-12-24 17:12 - 01321015 _____ C:\Users\scmcdowell\Downloads\VID 00025-20110609-1134.3GP
2013-12-24 14:18 - 2013-12-29 12:09 - 75671618 ____N C:\Users\WSAdmin\Desktop\VID_20131224_141739_868.mp4
2013-12-23 15:42 - 2013-12-23 15:42 - 00688992 _____ (Swearware) C:\Users\scmcdowell\Downloads\dds (2).com
2013-12-23 08:21 - 2013-09-15 01:34 - 00002205 _____ C:\Users\scmcdowell\Desktop\Google Chrome.lnk
2013-12-23 08:18 - 2013-10-25 07:26 - 00000000 ____D C:\Users\WSAdmin\AppData\Roaming\Apple Computer
2013-12-23 04:38 - 2013-12-23 04:38 - 00000000 ____D C:\Users\WSAdmin\AppData\Roaming\Macromedia
2013-12-22 01:29 - 2013-12-22 01:29 - 00007863 _____ C:\Users\WSAdmin\Desktop\attach.txt
2013-12-22 01:28 - 2013-12-22 01:29 - 00015345 _____ C:\Users\WSAdmin\Desktop\dds.txt
2013-12-21 22:21 - 2013-12-21 22:21 - 00688992 ____R (Swearware) C:\Users\WSAdmin\Desktop\dds.com
2013-12-21 21:32 - 2013-12-21 21:32 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-21 21:32 - 2013-08-22 10:20 - 00000000 ____D C:\Program Files\Google
2013-12-21 18:38 - 2013-12-21 18:37 - 00688992 _____ (Swearware) C:\Users\scmcdowell\Downloads\dds (1).com
2013-12-21 18:37 - 2013-12-21 18:35 - 00688992 _____ (Swearware) C:\Users\scmcdowell\Downloads\dds.com
2013-12-21 18:15 - 2013-12-21 18:14 - 00688992 _____ (Swearware) C:\Users\scmcdowell\Desktop\dds.com
2013-12-21 09:20 - 2013-12-21 09:18 - 15951305 _____ C:\Users\scmcdowell\Downloads\documents-export-2013-12-21.zip
2013-12-20 14:35 - 2013-09-13 06:11 - 00001916 _____ C:\Users\scmcdowell\Desktop\Internet Explorer.lnk
2013-12-20 14:35 - 2013-09-13 06:11 - 00001753 _____ C:\Users\scmcdowell\AppData\Roaming\Microsoft\Windows\Start Menu\Workstation Information.lnk
2013-12-20 14:35 - 2013-09-13 06:11 - 00001636 _____ C:\Users\scmcdowell\Desktop\Student Shared Folder.lnk
2013-12-20 14:35 - 2013-09-13 06:11 - 00001634 _____ C:\Users\scmcdowell\Desktop\Staff Shared Folder.lnk
2013-12-20 14:35 - 2013-09-13 06:11 - 00001614 _____ C:\Users\scmcdowell\Desktop\Home Folder.lnk
2013-12-20 14:35 - 2013-09-13 06:11 - 00000609 _____ C:\Users\scmcdowell\Desktop\Orchard.lnk
2013-12-20 14:35 - 2013-09-13 06:11 - 00000134 _____ C:\Users\scmcdowell\Desktop\Destiny Online Catalog.url
2013-12-20 14:35 - 2013-09-13 06:11 - 00000130 _____ C:\Users\scmcdowell\Desktop\Cook Online.url
2013-12-20 14:35 - 2013-09-13 06:11 - 00000125 _____ C:\Users\scmcdowell\Desktop\Staff Email.url
2013-12-20 14:35 - 2013-09-13 06:11 - 00000116 _____ C:\Users\scmcdowell\Desktop\Starfall.url
2013-12-20 14:35 - 2013-09-12 11:05 - 00000120 _____ C:\Windows\system32\config\netlogon.ftl
2013-12-20 08:16 - 2013-09-13 14:14 - 00000220 _____ C:\Windows\hpbafd.ini
2013-12-19 09:54 - 2012-06-27 09:42 - 00069792 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2013-12-19 09:54 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-19 09:53 - 2013-12-19 09:53 - 00000000 ____D C:\Users\tdjones3\AppData\Local\Adobe
2013-12-19 09:53 - 2013-12-19 09:47 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Adobe
2013-12-19 09:52 - 2013-12-19 09:47 - 00001634 _____ C:\Users\tdjones3\Desktop\Staff Shared Folder.lnk
2013-12-19 09:52 - 2013-12-19 09:46 - 00002104 _____ C:\Users\tdjones3\Desktop\Google Chrome.lnk
2013-12-19 09:52 - 2013-12-19 09:46 - 00001916 _____ C:\Users\tdjones3\Desktop\Internet Explorer.lnk
2013-12-19 09:52 - 2013-12-19 09:46 - 00001753 _____ C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Workstation Information.lnk
2013-12-19 09:52 - 2013-12-19 09:46 - 00001636 _____ C:\Users\tdjones3\Desktop\Student Shared Folder.lnk
2013-12-19 09:52 - 2013-12-19 09:46 - 00001614 _____ C:\Users\tdjones3\Desktop\Home Folder.lnk
2013-12-19 09:52 - 2013-12-19 09:46 - 00000609 _____ C:\Users\tdjones3\Desktop\Orchard.lnk
2013-12-19 09:52 - 2013-12-19 09:46 - 00000134 _____ C:\Users\tdjones3\Desktop\Destiny Online Catalog.url
2013-12-19 09:52 - 2013-12-19 09:46 - 00000130 _____ C:\Users\tdjones3\Desktop\Cook Online.url
2013-12-19 09:52 - 2013-12-19 09:46 - 00000125 _____ C:\Users\tdjones3\Desktop\Staff Email.url
2013-12-19 09:52 - 2013-12-19 09:46 - 00000116 _____ C:\Users\tdjones3\Desktop\Starfall.url
2013-12-19 09:48 - 2013-12-19 09:48 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\SMART Technologies
2013-12-19 09:48 - 2013-12-19 09:48 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Epson
2013-12-19 09:48 - 2013-12-19 09:48 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Apple Computer
2013-12-19 09:47 - 2013-12-19 09:47 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Motorola Mobility
2013-12-19 09:47 - 2013-12-19 09:47 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Teacher Applications
2013-12-19 09:46 - 2013-12-19 09:46 - 00008696 __RSH C:\Users\tdjones3\ntuser.pol
2013-12-19 09:46 - 2013-12-19 09:46 - 00008696 __RSH C:\Users\tdjones3\ntuser.pol
2013-12-19 09:46 - 2013-12-19 09:46 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Student Applications
2013-12-19 09:46 - 2013-12-19 09:46 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Applications
2013-12-19 09:46 - 2013-12-19 09:46 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities
2013-12-19 09:46 - 2013-12-19 09:46 - 00000000 ____D C:\Users\tdjones3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2013-12-19 09:46 - 2013-12-19 09:46 - 00000000 ____D C:\Users\tdjones3
2013-12-17 12:22 - 2013-12-17 12:22 - 00000000 ____D C:\Users\scmcdowell\AppData\Roaming\ooVoo Details
2013-12-17 12:21 - 2013-12-17 12:21 - 00001815 _____ C:\Users\Public\Desktop\ooVoo.lnk
2013-12-17 12:21 - 2013-12-17 12:21 - 00000000 ____D C:\Program Files\ooVoo
2013-12-17 12:20 - 2013-12-17 12:19 - 02512960 _____ (ooVoo LLC) C:\Users\scmcdowell\Downloads\ooVooSetup.exe
2013-12-17 08:34 - 2010-11-20 16:48 - 00013314 _____ C:\Windows\PFRO.log
2013-12-11 13:48 - 2013-08-22 09:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 13:48 - 2013-08-22 09:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-05 11:07 - 2013-09-13 06:11 - 00000000 ____D C:\Users\scmcdowell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office
 
Some content of TEMP:
====================
C:\Users\scmcdowell\AppData\Local\Temp\MotoCast_Installer_2.0403.exe
C:\Users\scmcdowell\AppData\Local\Temp\offercast.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-30 10:55
 
==================== End Of Log ============================

 

Attached Files



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 04 January 2014 - 01:46 PM

You have several policy restrictions in place, which is fine if you set them intentionally.  Is that the case, or were you unaware of them?  Please do this next:

icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

Please include the following in your next post:
  • TDSSKiller log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:00 PM

Posted 04 January 2014 - 03:54 PM

Hi, and thanks for your help.

 

This is a public school employee laptop, so we do have group policy restrictions, which are annoying.  

 

My first log was from the admin account on this same laptop, and then I logged back into my personal login.  Let me know if that changes anything.  (Meaning, all subsequent logs have been run with this account.)

 

The TDSK log follows:

 

15:41:50.0334 0x3060  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
15:41:59.0710 0x3060  ============================================================
15:41:59.0710 0x3060  Current date / time: 2014/01/04 15:41:59.0710
15:41:59.0710 0x3060  SystemInfo:
15:41:59.0710 0x3060  
15:41:59.0710 0x3060  OS Version: 6.1.7601 ServicePack: 1.0
15:41:59.0710 0x3060  Product type: Workstation
15:41:59.0710 0x3060  ComputerName: E351A025024
15:41:59.0711 0x3060  UserName: scmcdowell
15:41:59.0711 0x3060  Windows directory: C:\Windows
15:41:59.0711 0x3060  System windows directory: C:\Windows
15:41:59.0711 0x3060  Processor architecture: Intel x86
15:41:59.0711 0x3060  Number of processors: 4
15:41:59.0711 0x3060  Page size: 0x1000
15:41:59.0711 0x3060  Boot type: Normal boot
15:41:59.0711 0x3060  ============================================================
15:42:00.0399 0x3060  KLMD registered as C:\Windows\system32\drivers\49813350.sys
15:42:00.0938 0x3060  System UUID: {133A06AE-C009-3835-E36E-CD0DC3C11DC4}
15:42:01.0870 0x3060  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
15:42:01.0872 0x3060  ============================================================
15:42:01.0872 0x3060  \Device\Harddisk0\DR0:
15:42:01.0873 0x3060  MBR partitions:
15:42:01.0873 0x3060  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:42:01.0873 0x3060  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
15:42:01.0873 0x3060  ============================================================
15:42:01.0910 0x3060  C: <-> \Device\Harddisk0\DR0\Partition2
15:42:01.0910 0x3060  ============================================================
15:42:01.0910 0x3060  Initialize success
15:42:01.0910 0x3060  ============================================================
15:42:42.0842 0x0c58  ============================================================
15:42:42.0842 0x0c58  Scan started
15:42:42.0842 0x0c58  Mode: Manual; TDLFS; 
15:42:42.0842 0x0c58  ============================================================
15:42:42.0843 0x0c58  KSN ping started
15:42:54.0901 0x0c58  KSN ping finished: true
15:42:55.0023 0x0c58  ================ Scan system memory ========================
15:42:55.0023 0x0c58  System memory - ok
15:42:55.0024 0x0c58  ================ Scan services =============================
15:42:55.0284 0x0c58  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:42:55.0293 0x0c58  1394ohci - ok
15:42:55.0346 0x0c58  [ 5E67A474CBC887DAF0DDD343F6F7FEA0, 2228D6FCDD031D3CF149BF0E63CFD4439F21B3A7E4FFC5CE23232AC1AE904FED ] 5U877           C:\Windows\system32\DRIVERS\5U877.sys
15:42:55.0350 0x0c58  5U877 - ok
15:42:55.0379 0x0c58  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:42:55.0386 0x0c58  ACPI - ok
15:42:55.0411 0x0c58  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:42:55.0413 0x0c58  AcpiPmi - ok
15:42:55.0475 0x0c58  [ B1EA9681502EE57F87DB71D726288A5B, D17BD2CFAE72E92C77D183331D5CBA0FEA893BF54875920870E271940F40A8BB ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:42:55.0492 0x0c58  AdobeARMservice - ok
15:42:55.0550 0x0c58  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:42:55.0561 0x0c58  AdobeFlashPlayerUpdateSvc - ok
15:42:55.0612 0x0c58  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:42:55.0622 0x0c58  adp94xx - ok
15:42:55.0657 0x0c58  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:42:55.0665 0x0c58  adpahci - ok
15:42:55.0687 0x0c58  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:42:55.0692 0x0c58  adpu320 - ok
15:42:55.0713 0x0c58  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:42:55.0715 0x0c58  AeLookupSvc - ok
15:42:55.0753 0x0c58  [ 9EBBBA55060F786F0FCAA3893BFA2806, 2E5A0FA2995989E9391771024839F5AD040A041CEE56787286D8FC421E26FE90 ] AFD             C:\Windows\system32\drivers\afd.sys
15:42:55.0761 0x0c58  AFD - ok
15:42:55.0785 0x0c58  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
15:42:55.0788 0x0c58  agp440 - ok
15:42:55.0815 0x0c58  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
15:42:55.0818 0x0c58  aic78xx - ok
15:42:55.0857 0x0c58  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
15:42:55.0860 0x0c58  ALG - ok
15:42:55.0880 0x0c58  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:42:55.0881 0x0c58  aliide - ok
15:42:55.0897 0x0c58  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:42:55.0900 0x0c58  amdagp - ok
15:42:55.0905 0x0c58  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:42:55.0906 0x0c58  amdide - ok
15:42:55.0915 0x0c58  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:42:55.0930 0x0c58  AmdK8 - ok
15:42:56.0165 0x0c58  [ E5F39C5164EB4FF2F5B262276FA1337B, 4A03F296F0EB2F6F3A59BC60384714D1A2DEEA0F4567104677DB6DEC9CE83983 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:42:56.0321 0x0c58  amdkmdag - ok
15:42:56.0407 0x0c58  [ 4890563647943D912E371804602F37D1, 7122E7BA3ED0279D159D3C86CAF96DB47A71F8D2EF6D0B420026D631A5D297C7 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:42:56.0419 0x0c58  amdkmdap - ok
15:42:56.0441 0x0c58  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:42:56.0445 0x0c58  AmdPPM - ok
15:42:56.0478 0x0c58  [ E7F4D42D8076EC60E21715CD11743A0D, 91AC020A70964F8783C999BDE8AB8391A3FA3AFC1CD4BC52A43625A2010A53E7 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:42:56.0483 0x0c58  amdsata - ok
15:42:56.0513 0x0c58  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:42:56.0520 0x0c58  amdsbs - ok
15:42:56.0534 0x0c58  [ 146459D2B08BFDCBFA856D9947043C81, AC7F2069717601F949B0968EA651899D497170A93B84281B66D3CE5C382DDECB ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:42:56.0536 0x0c58  amdxata - ok
15:42:56.0578 0x0c58  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
15:42:56.0581 0x0c58  AppID - ok
15:42:56.0619 0x0c58  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:42:56.0621 0x0c58  AppIDSvc - ok
15:42:56.0626 0x0c58  [ FB1959012294D6AD43E5304DF65E3C26, CFE906B07FF71A178CF9C254B056C6F5A303DDC511F0E4E1E75808F1D5326495 ] Appinfo         C:\Windows\System32\appinfo.dll
15:42:56.0628 0x0c58  Appinfo - ok
15:42:56.0654 0x0c58  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:42:56.0659 0x0c58  AppMgmt - ok
15:42:56.0697 0x0c58  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
15:42:56.0699 0x0c58  arc - ok
15:42:56.0713 0x0c58  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:42:56.0716 0x0c58  arcsas - ok
15:42:56.0850 0x0c58  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:42:56.0889 0x0c58  aspnet_state - ok
15:42:56.0911 0x0c58  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:42:56.0913 0x0c58  AsyncMac - ok
15:42:56.0946 0x0c58  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:42:56.0948 0x0c58  atapi - ok
15:42:57.0441 0x0c58  [ E5F39C5164EB4FF2F5B262276FA1337B, 4A03F296F0EB2F6F3A59BC60384714D1A2DEEA0F4567104677DB6DEC9CE83983 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:42:57.0569 0x0c58  atikmdag - ok
15:42:57.0636 0x0c58  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:42:57.0660 0x0c58  AudioEndpointBuilder - ok
15:42:57.0675 0x0c58  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:42:57.0684 0x0c58  Audiosrv - ok
15:42:57.0711 0x0c58  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:42:57.0714 0x0c58  AxInstSV - ok
15:42:57.0757 0x0c58  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
15:42:57.0768 0x0c58  b06bdrv - ok
15:42:57.0800 0x0c58  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:42:57.0806 0x0c58  b57nd60x - ok
15:42:57.0843 0x0c58  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
15:42:57.0846 0x0c58  BDESVC - ok
15:42:57.0873 0x0c58  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:42:57.0874 0x0c58  Beep - ok
15:42:57.0919 0x0c58  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
15:42:57.0932 0x0c58  BFE - ok
15:42:57.0967 0x0c58  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
15:42:57.0983 0x0c58  BITS - ok
15:42:58.0001 0x0c58  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:42:58.0003 0x0c58  blbdrive - ok
15:42:58.0112 0x0c58  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:42:58.0145 0x0c58  Bonjour Service - ok
15:42:58.0170 0x0c58  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:42:58.0173 0x0c58  bowser - ok
15:42:58.0187 0x0c58  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:42:58.0188 0x0c58  BrFiltLo - ok
15:42:58.0200 0x0c58  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:42:58.0202 0x0c58  BrFiltUp - ok
15:42:58.0229 0x0c58  [ 6E11F33D14D020F58D5E02E4D67DFA19, 9563E4E8CE769B7619745F6F6DE618389A1595785023BF1F295AD8301B27F0AF ] Browser         C:\Windows\System32\browser.dll
15:42:58.0232 0x0c58  Browser - ok
15:42:58.0254 0x0c58  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:42:58.0262 0x0c58  Brserid - ok
15:42:58.0276 0x0c58  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:42:58.0279 0x0c58  BrSerWdm - ok
15:42:58.0304 0x0c58  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:42:58.0306 0x0c58  BrUsbMdm - ok
15:42:58.0314 0x0c58  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:42:58.0315 0x0c58  BrUsbSer - ok
15:42:58.0355 0x0c58  [ 7FCC9983A18DCB0D69EA827CCE130308, 5347D3BA0733A4F6243C8A83179751BB6C950E44A2C31B6AF6A78CBCE1EDC764 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
15:42:58.0357 0x0c58  BTCFilterService - ok
15:42:58.0385 0x0c58  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
15:42:58.0387 0x0c58  BthEnum - ok
15:42:58.0403 0x0c58  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:42:58.0405 0x0c58  BTHMODEM - ok
15:42:58.0416 0x0c58  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:42:58.0419 0x0c58  BthPan - ok
15:42:58.0442 0x0c58  [ C2FBF6D271D9A94D839C416BF186EAD9, 492F8344BD2E354C3525E1E535A1BAAAC17A38EE01868B986AC112E33B3B2A66 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
15:42:58.0451 0x0c58  BTHPORT - ok
15:42:58.0483 0x0c58  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
15:42:58.0486 0x0c58  bthserv - ok
15:42:58.0516 0x0c58  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
15:42:58.0518 0x0c58  BTHUSB - ok
15:42:58.0563 0x0c58  [ 51DD1428D9F9B546F178AF8CA32D6E70, FAE9E1715597791EF0EF95551D621B2AD640F538B9B5FDA962766B92A7AAEB17 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
15:42:58.0569 0x0c58  btwavdt - ok
15:42:58.0603 0x0c58  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:42:58.0607 0x0c58  cdfs - ok
15:42:58.0669 0x0c58  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:42:58.0674 0x0c58  cdrom - ok
15:42:58.0711 0x0c58  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:42:58.0715 0x0c58  CertPropSvc - ok
15:42:58.0730 0x0c58  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:42:58.0732 0x0c58  circlass - ok
15:42:58.0758 0x0c58  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
15:42:58.0776 0x0c58  CLFS - ok
15:42:58.0842 0x0c58  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:42:58.0887 0x0c58  clr_optimization_v2.0.50727_32 - ok
15:42:58.0932 0x0c58  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:42:58.0959 0x0c58  clr_optimization_v4.0.30319_32 - ok
15:42:58.0990 0x0c58  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:42:58.0992 0x0c58  CmBatt - ok
15:42:59.0007 0x0c58  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:42:59.0009 0x0c58  cmdide - ok
15:42:59.0046 0x0c58  [ 247B4CE2DAB1160CD422D532D5241E1F, CFE04DBE48B23B084C3F4C3D0F483B26F322E4693176D8739A412BE5D8BE597E ] CNG             C:\Windows\system32\Drivers\cng.sys
15:42:59.0059 0x0c58  CNG - ok
15:42:59.0109 0x0c58  [ A0CDCA3E0936081C796B3A2059CDC940, FF1E9E47A9E5C009CF98348C823F38BAE4FFD3DB24C924372CD5F1A493206B46 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
15:42:59.0123 0x0c58  CnxtHdAudService - ok
15:42:59.0144 0x0c58  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:42:59.0145 0x0c58  Compbatt - ok
15:42:59.0190 0x0c58  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:42:59.0192 0x0c58  CompositeBus - ok
15:42:59.0203 0x0c58  COMSysApp - ok
15:42:59.0218 0x0c58  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:42:59.0219 0x0c58  crcdisk - ok
15:42:59.0264 0x0c58  [ 96C0E38905CFD788313BE8E11DAE3F2F, C6497C68942D8DC542A9C7D003ED14BDFBD74C33CD8240628CEF74E81D122D2B ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:42:59.0277 0x0c58  CryptSvc - ok
15:42:59.0299 0x0c58  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
15:42:59.0311 0x0c58  CSC - ok
15:42:59.0347 0x0c58  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
15:42:59.0363 0x0c58  CscService - ok
15:42:59.0399 0x0c58  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:42:59.0415 0x0c58  DcomLaunch - ok
15:42:59.0442 0x0c58  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
15:42:59.0449 0x0c58  defragsvc - ok
15:42:59.0473 0x0c58  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:42:59.0476 0x0c58  DfsC - ok
15:42:59.0512 0x0c58  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:42:59.0519 0x0c58  Dhcp - ok
15:42:59.0548 0x0c58  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
15:42:59.0552 0x0c58  discache - ok
15:42:59.0597 0x0c58  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
15:42:59.0600 0x0c58  Disk - ok
15:42:59.0618 0x0c58  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
15:42:59.0623 0x0c58  dmvsc - ok
15:42:59.0675 0x0c58  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:42:59.0680 0x0c58  Dnscache - ok
15:42:59.0733 0x0c58  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:42:59.0746 0x0c58  dot3svc - ok
15:42:59.0778 0x0c58  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
15:42:59.0784 0x0c58  DPS - ok
15:42:59.0814 0x0c58  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:42:59.0816 0x0c58  drmkaud - ok
15:42:59.0858 0x0c58  [ 23F5D28378A160352BA8F817BD8C71CB, 11BF7B7E6276C28EFF74B8AF89B493CBB89B394D2A091708EDA15DA5C342FF19 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:42:59.0878 0x0c58  DXGKrnl - ok
15:42:59.0915 0x0c58  [ 341F236953B2ABBE8C9DBEFA1215ECD4, 5AF12066E14A9CBA5A2071DE76F00FD7ECE271289EFA78FFA3D7B5F259438276 ] e1kexpress      C:\Windows\system32\DRIVERS\e1k6232.sys
15:42:59.0923 0x0c58  e1kexpress - ok
15:42:59.0962 0x0c58  [ 8EEF52AD831471E323EE7364A8656D35, 815E8D320019F55497B716872DA02BA4DFBA3BE2DD29AF74DA86DD6B0BCE5FA6 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y6032.sys
15:42:59.0970 0x0c58  e1yexpress - ok
15:43:00.0008 0x0c58  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
15:43:00.0012 0x0c58  EapHost - ok
15:43:00.0268 0x0c58  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
15:43:00.0379 0x0c58  ebdrv - ok
15:43:00.0404 0x0c58  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] EFS             C:\Windows\System32\lsass.exe
15:43:00.0407 0x0c58  EFS - ok
15:43:00.0497 0x0c58  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:43:00.0519 0x0c58  ehRecvr - ok
15:43:00.0530 0x0c58  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
15:43:00.0544 0x0c58  ehSched - ok
15:43:00.0604 0x0c58  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:43:00.0616 0x0c58  elxstor - ok
15:43:00.0633 0x0c58  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:43:00.0635 0x0c58  ErrDev - ok
15:43:00.0670 0x0c58  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
15:43:00.0678 0x0c58  EventSystem - ok
15:43:00.0699 0x0c58  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:43:00.0703 0x0c58  exfat - ok
15:43:00.0720 0x0c58  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:43:00.0725 0x0c58  fastfat - ok
15:43:00.0758 0x0c58  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
15:43:00.0772 0x0c58  Fax - ok
15:43:00.0802 0x0c58  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
15:43:00.0805 0x0c58  fdc - ok
15:43:00.0832 0x0c58  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
15:43:00.0844 0x0c58  fdPHost - ok
15:43:00.0867 0x0c58  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:43:00.0871 0x0c58  FDResPub - ok
15:43:00.0892 0x0c58  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:43:00.0895 0x0c58  FileInfo - ok
15:43:00.0907 0x0c58  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:43:00.0909 0x0c58  Filetrace - ok
15:43:00.0927 0x0c58  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:43:00.0929 0x0c58  flpydisk - ok
15:43:00.0956 0x0c58  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:43:00.0962 0x0c58  FltMgr - ok
15:43:01.0034 0x0c58  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
15:43:01.0058 0x0c58  FontCache - ok
15:43:01.0099 0x0c58  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:43:01.0103 0x0c58  FontCache3.0.0.0 - ok
15:43:01.0119 0x0c58  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:43:01.0121 0x0c58  FsDepends - ok
15:43:01.0144 0x0c58  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:43:01.0145 0x0c58  Fs_Rec - ok
15:43:01.0165 0x0c58  [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:43:01.0170 0x0c58  fvevol - ok
15:43:01.0189 0x0c58  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:43:01.0192 0x0c58  gagp30kx - ok
15:43:01.0238 0x0c58  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:43:01.0259 0x0c58  gpsvc - ok
15:43:01.0321 0x0c58  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:43:01.0337 0x0c58  gupdate - ok
15:43:01.0347 0x0c58  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:43:01.0352 0x0c58  gupdatem - ok
15:43:01.0418 0x0c58  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:43:01.0424 0x0c58  gusvc - ok
15:43:01.0443 0x0c58  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:43:01.0445 0x0c58  hcw85cir - ok
15:43:01.0483 0x0c58  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:43:01.0494 0x0c58  HdAudAddService - ok
15:43:01.0524 0x0c58  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:43:01.0529 0x0c58  HDAudBus - ok
15:43:01.0610 0x0c58  [ A88485DC6A7136C10D9A6C7E38FDFE3C, B651823E5F6D13B086B00440AD17C7C2756F079DD9290E0FEB1A3A48D0104F8C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
15:43:01.0615 0x0c58  HECI - ok
15:43:01.0641 0x0c58  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:43:01.0643 0x0c58  HidBatt - ok
15:43:01.0679 0x0c58  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:43:01.0684 0x0c58  HidBth - ok
15:43:01.0709 0x0c58  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:43:01.0712 0x0c58  HidIr - ok
15:43:01.0739 0x0c58  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
15:43:01.0743 0x0c58  hidserv - ok
15:43:01.0769 0x0c58  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:43:01.0772 0x0c58  HidUsb - ok
15:43:01.0794 0x0c58  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:43:01.0799 0x0c58  hkmsvc - ok
15:43:01.0825 0x0c58  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:43:01.0835 0x0c58  HomeGroupListener - ok
15:43:01.0872 0x0c58  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:43:01.0883 0x0c58  HomeGroupProvider - ok
15:43:01.0909 0x0c58  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:43:01.0913 0x0c58  HpSAMD - ok
15:43:01.0951 0x0c58  [ 210388FD8225B02BD83D77628AAE64A9, EFB755244CDF8344E14528CF46A6D43C1E8266A307603A63023D8955925FE0C3 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
15:43:01.0975 0x0c58  HsfXAudioService - ok
15:43:02.0034 0x0c58  [ C761B4A8391F5E47F7C51A691CE773F4, FDECE4A213F6200B381149DA7C7236E0B26F6AD8BFA09BE678E391FF924BA0DE ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:43:02.0068 0x0c58  HSF_DPV - ok
15:43:02.0093 0x0c58  [ 50B42EF358A2E5363BE6B77138A22391, 8ACFA56E332338047CEBE8F87AE6614B9222DFDD49C48FA6F3C3C4AED3206B9F ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:43:02.0098 0x0c58  HSXHWAZL - ok
15:43:02.0139 0x0c58  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:43:02.0152 0x0c58  HTTP - ok
15:43:02.0165 0x0c58  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:43:02.0166 0x0c58  hwpolicy - ok
15:43:02.0193 0x0c58  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:43:02.0196 0x0c58  i8042prt - ok
15:43:02.0234 0x0c58  [ 39F7C9AEEE865FE8E98CF3EDD2B4BB4A, EB783FC244BEA8522E1351A0612E29AE74D11CEC0DB4A3668D9BE905FFFD4AC2 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:43:02.0243 0x0c58  iaStor - ok
15:43:02.0293 0x0c58  [ A3CAE5D281DB4CFF7CFF8233507EE5AD, 2666107220B9F301193F2CF85A3D6B09E6E42CC150152D10A8886E47A3FD9B0D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:43:02.0301 0x0c58  iaStorV - ok
15:43:02.0332 0x0c58  [ 15DDDB0CF28BA9877927B4B7125173B0, B70E63CFD18AD2A8A43D23488DFC93EF170356FF849978CE2FF745F10437197D ] IBMPMDRV        C:\Windows\system32\drivers\ibmpmdrv.sys
15:43:02.0333 0x0c58  IBMPMDRV - ok
15:43:02.0342 0x0c58  [ 4ED14BF4B1C02349F91B45E07D2E7438, D374C3E460DB84DCAC8B6D8A686F893A0139EF8D600F832D4C839E4739252437 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
15:43:02.0345 0x0c58  IBMPMSVC - ok
15:43:02.0475 0x0c58  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:43:02.0518 0x0c58  idsvc - ok
15:43:03.0101 0x0c58  [ AA1636107C0C05A881BFBCE41142C70F, D12EF2D29F0A20843C969E3046088DF5704615665DDCBD72509506BE10C51500 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:43:03.0407 0x0c58  igfx - ok
15:43:03.0459 0x0c58  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:43:03.0461 0x0c58  iirsp - ok
15:43:03.0509 0x0c58  [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:43:03.0526 0x0c58  IKEEXT - ok
15:43:03.0595 0x0c58  [ 2DB41BA61D5E44D0667CF126D35DCF34, AFD9EE3167C8BA0B547DBA8D559401F49EC4ACEBFF2BFE7598A0BC61491C45F8 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
15:43:03.0610 0x0c58  Impcd - ok
15:43:03.0683 0x0c58  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:43:03.0685 0x0c58  intelide - ok
15:43:04.0224 0x0c58  [ AA1636107C0C05A881BFBCE41142C70F, D12EF2D29F0A20843C969E3046088DF5704615665DDCBD72509506BE10C51500 ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd32.sys
15:43:04.0533 0x0c58  intelkmd - ok
15:43:04.0609 0x0c58  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:43:04.0611 0x0c58  intelppm - ok
15:43:04.0699 0x0c58  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:43:04.0702 0x0c58  IPBusEnum - ok
15:43:04.0764 0x0c58  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:04.0768 0x0c58  IpFilterDriver - ok
15:43:04.0917 0x0c58  [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:43:04.0938 0x0c58  iphlpsvc - ok
15:43:04.0958 0x0c58  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:43:04.0960 0x0c58  IPMIDRV - ok
15:43:04.0990 0x0c58  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:43:04.0993 0x0c58  IPNAT - ok
15:43:05.0063 0x0c58  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:43:05.0065 0x0c58  IRENUM - ok
15:43:05.0117 0x0c58  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:43:05.0121 0x0c58  isapnp - ok
15:43:05.0164 0x0c58  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:43:05.0176 0x0c58  iScsiPrt - ok
15:43:05.0288 0x0c58  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:05.0292 0x0c58  kbdclass - ok
15:43:05.0351 0x0c58  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:43:05.0354 0x0c58  kbdhid - ok
15:43:05.0388 0x0c58  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] KeyIso          C:\Windows\system32\lsass.exe
15:43:05.0391 0x0c58  KeyIso - ok
15:43:05.0459 0x0c58  [ B7895B4182C0D16F6EFADEB8081E8D36, BAC3BAD22207C8826125FD7721C96F2C7A238960FD9398A3D4573E14648E9DB9 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:43:05.0464 0x0c58  KSecDD - ok
15:43:05.0500 0x0c58  [ D30159AC9237519FBC62C6EC247D2D46, 10BDE041C95D0CCD3591ED497002043FEC3A5F732D7AE311FBA457E0FE16CE4B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:43:05.0507 0x0c58  KSecPkg - ok
15:43:05.0578 0x0c58  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:43:05.0588 0x0c58  KtmRm - ok
15:43:05.0664 0x0c58  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:43:05.0671 0x0c58  LanmanServer - ok
15:43:05.0724 0x0c58  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:43:05.0732 0x0c58  LanmanWorkstation - ok
15:43:05.0827 0x0c58  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:43:05.0831 0x0c58  lltdio - ok
15:43:05.0874 0x0c58  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:43:05.0882 0x0c58  lltdsvc - ok
15:43:05.0901 0x0c58  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:43:05.0904 0x0c58  lmhosts - ok
15:43:05.0971 0x0c58  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:43:05.0974 0x0c58  LSI_FC - ok
15:43:06.0016 0x0c58  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:43:06.0044 0x0c58  LSI_SAS - ok
15:43:06.0093 0x0c58  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:43:06.0097 0x0c58  LSI_SAS2 - ok
15:43:06.0125 0x0c58  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:43:06.0131 0x0c58  LSI_SCSI - ok
15:43:06.0159 0x0c58  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:43:06.0164 0x0c58  luafv - ok
15:43:06.0218 0x0c58  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:43:06.0224 0x0c58  Mcx2Svc - ok
15:43:06.0254 0x0c58  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:43:06.0256 0x0c58  mdmxsdk - ok
15:43:06.0298 0x0c58  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:43:06.0300 0x0c58  megasas - ok
15:43:06.0343 0x0c58  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:43:06.0353 0x0c58  MegaSR - ok
15:43:06.0491 0x0c58  Microsoft SharePoint Workspace Audit Service - ok
15:43:06.0527 0x0c58  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
15:43:06.0532 0x0c58  MMCSS - ok
15:43:06.0566 0x0c58  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
15:43:06.0568 0x0c58  Modem - ok
15:43:06.0635 0x0c58  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:43:06.0636 0x0c58  monitor - ok
15:43:06.0703 0x0c58  [ 80546B56A1E9D70F8F67D4AF5DC15EE7, 38CACEA41E88EC38B57B3304785D944B82A70B38EC17FA1764F084286DBD7123 ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
15:43:06.0708 0x0c58  motccgp - ok
15:43:06.0884 0x0c58  [ 1BCB26A55B2E092FAA4DA01D9A3DE528, A4A00F6DAB0EB8AC750184221E19F6182DC8A4CAD87D1259DC15AAF7ACA82360 ] Motorola Device Manager C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
15:43:06.0891 0x0c58  Motorola Device Manager - ok
15:43:06.0918 0x0c58  [ 140176B235722B6B92B56910ACDF3CC0, B8CA65949ED9755D7A15A8656FA4677EBAFB1FF2EB99A37B3D750D816008E981 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
15:43:06.0920 0x0c58  MotoSwitchService - ok
15:43:06.0981 0x0c58  [ 02338F0FBF22FC4680E8520D8ADDB257, 0FDEB4D9D5E34B5F756F94E0C48A56451893C8A273FD849067FF65BEE648E370 ] Motousbnet      C:\Windows\system32\DRIVERS\Motousbnet.sys
15:43:06.0984 0x0c58  Motousbnet - ok
15:43:07.0019 0x0c58  [ DDA26939FEB88994FBC45D7C52DA5D10, 900A5CB7EB9FB643706C118894CB99FAB0FA276F91F10238487F315C76B18AE2 ] motusbdevice    C:\Windows\system32\DRIVERS\motusbdevice.sys
15:43:07.0021 0x0c58  motusbdevice - ok
15:43:07.0147 0x0c58  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:43:07.0150 0x0c58  mouclass - ok
15:43:07.0222 0x0c58  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:43:07.0224 0x0c58  mouhid - ok
15:43:07.0260 0x0c58  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:43:07.0265 0x0c58  mountmgr - ok
15:43:07.0388 0x0c58  [ 27DBF5B9699D6A4DDE720C7904E716D2, A342CAEBCE04D7C3265C17B14538BF222B8F86AE932BBB00BC16806648A1A5DD ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
15:43:07.0397 0x0c58  MpFilter - ok
15:43:07.0427 0x0c58  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:43:07.0434 0x0c58  mpio - ok
15:43:07.0725 0x0c58  [ 06D4F934E09C359B0EFBFB3146F1D910, 484F57CD6F8757137F3B3491B8AC8ECF6C6385A666CD1671833DDD9E962AAB4A ] MpKsl595154d5   c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{209AC505-DA7C-41FA-BBCF-7C56E77EA80A}\MpKsl595154d5.sys
15:43:07.0728 0x0c58  MpKsl595154d5 - ok
15:43:07.0763 0x0c58  [ 95AF9806C836F726387A9F8AAB85782A, 23422549C5817577FD4420C223F51A37EE77B3F7CB8D4E48256103FDB856B8C2 ] MpNWMon         C:\Windows\system32\DRIVERS\MpNWMon.sys
15:43:07.0767 0x0c58  MpNWMon - ok
15:43:07.0829 0x0c58  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:43:07.0833 0x0c58  mpsdrv - ok
15:43:07.0957 0x0c58  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:43:07.0975 0x0c58  MpsSvc - ok
15:43:08.0013 0x0c58  [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:43:08.0017 0x0c58  MRxDAV - ok
15:43:08.0107 0x0c58  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:08.0114 0x0c58  mrxsmb - ok
15:43:08.0187 0x0c58  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:08.0199 0x0c58  mrxsmb10 - ok
15:43:08.0232 0x0c58  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:08.0235 0x0c58  mrxsmb20 - ok
15:43:08.0266 0x0c58  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:43:08.0268 0x0c58  msahci - ok
15:43:08.0373 0x0c58  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:43:08.0380 0x0c58  msdsm - ok
15:43:08.0424 0x0c58  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\system32\msdtc.exe
15:43:08.0432 0x0c58  MSDTC - ok
15:43:08.0508 0x0c58  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:43:08.0510 0x0c58  Msfs - ok
15:43:08.0544 0x0c58  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:43:08.0551 0x0c58  mshidkmdf - ok
15:43:08.0603 0x0c58  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:43:08.0606 0x0c58  msisadrv - ok
15:43:08.0733 0x0c58  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:43:08.0742 0x0c58  MSiSCSI - ok
15:43:08.0748 0x0c58  msiserver - ok
15:43:08.0808 0x0c58  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:43:08.0811 0x0c58  MSKSSRV - ok
15:43:08.0991 0x0c58  [ 98DE19ACC703D8B06ED2C2C52F9053A0, F0A5CC1F2CF16E2F0BC170D72344B74CD94DC7619BCE859697A861EA00AABB4A ] MsMpSvc         c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
15:43:08.0993 0x0c58  MsMpSvc - ok
15:43:09.0043 0x0c58  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:09.0045 0x0c58  MSPCLOCK - ok
15:43:09.0079 0x0c58  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:43:09.0080 0x0c58  MSPQM - ok
15:43:09.0115 0x0c58  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:43:09.0123 0x0c58  MsRPC - ok
15:43:09.0157 0x0c58  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:43:09.0159 0x0c58  mssmbios - ok
15:43:09.0203 0x0c58  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:43:09.0205 0x0c58  MSTEE - ok
15:43:09.0275 0x0c58  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:43:09.0277 0x0c58  MTConfig - ok
15:43:09.0308 0x0c58  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:43:09.0312 0x0c58  Mup - ok
15:43:09.0406 0x0c58  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
15:43:09.0424 0x0c58  napagent - ok
15:43:09.0489 0x0c58  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:43:09.0498 0x0c58  NativeWifiP - ok
15:43:09.0723 0x0c58  [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:43:09.0754 0x0c58  NDIS - ok
15:43:09.0822 0x0c58  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:43:09.0825 0x0c58  NdisCap - ok
15:43:09.0885 0x0c58  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:09.0887 0x0c58  NdisTapi - ok
15:43:09.0927 0x0c58  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:09.0930 0x0c58  Ndisuio - ok
15:43:09.0982 0x0c58  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:09.0988 0x0c58  NdisWan - ok
15:43:10.0022 0x0c58  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:43:10.0026 0x0c58  NDProxy - ok
15:43:10.0113 0x0c58  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:43:10.0116 0x0c58  NetBIOS - ok
15:43:10.0150 0x0c58  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:43:10.0159 0x0c58  NetBT - ok
15:43:10.0197 0x0c58  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] Netlogon        C:\Windows\system32\lsass.exe
15:43:10.0200 0x0c58  Netlogon - ok
15:43:10.0287 0x0c58  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
15:43:10.0304 0x0c58  Netman - ok
15:43:10.0375 0x0c58  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:43:10.0385 0x0c58  NetMsmqActivator - ok
15:43:10.0416 0x0c58  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:43:10.0420 0x0c58  NetPipeActivator - ok
15:43:10.0502 0x0c58  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
15:43:10.0517 0x0c58  netprofm - ok
15:43:10.0524 0x0c58  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:43:10.0527 0x0c58  NetTcpActivator - ok
15:43:10.0534 0x0c58  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:43:10.0536 0x0c58  NetTcpPortSharing - ok
15:43:10.0928 0x0c58  [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
15:43:11.0032 0x0c58  netw5v32 - ok
15:43:11.0751 0x0c58  [ 3B33804D73DB00138544E30594D11733, 5B7193D2F09100F645329E98A280328250F4E9147037B99415AE99BE73507240 ] NETwNs32        C:\Windows\system32\DRIVERS\Netwsn00.sys
15:43:12.0098 0x0c58  NETwNs32 - ok
15:43:12.0208 0x0c58  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:43:12.0212 0x0c58  nfrd960 - ok
15:43:12.0269 0x0c58  [ 2BB155440871883201687E7156F7B9AE, B035234D0730370586CAF47D39FC80CF155FCB97477081ABF2E9A0EAA104CB8B ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:43:12.0274 0x0c58  NisDrv - ok
15:43:12.0322 0x0c58  [ 7C974A0C5FAB06A0DC6D7DB2ADEA5EE4, B412D042EF604C496A692756E5AD60DB18C5905F78353F036E564CFCD4E98E47 ] NisSrv          c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
15:43:12.0331 0x0c58  NisSrv - ok
15:43:12.0390 0x0c58  [ 912084381D30D8B89EC4E293053F4710, 99B8CD043DF531D4B9725ED167F63CED220608B2FED3EE8250C217D15762DFD7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:43:12.0406 0x0c58  NlaSvc - ok
15:43:12.0442 0x0c58  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:43:12.0445 0x0c58  Npfs - ok
15:43:12.0498 0x0c58  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
15:43:12.0503 0x0c58  nsi - ok
15:43:12.0529 0x0c58  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:43:12.0532 0x0c58  nsiproxy - ok
15:43:12.0710 0x0c58  [ 33C3093D09017CFE2E219F2472BFF6EB, DE46C7A53C3606F036DED1EE8A81B79CAF3171A7E97DA2F71712E2DA046A262E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:43:12.0742 0x0c58  Ntfs - ok
15:43:12.0768 0x0c58  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
15:43:12.0770 0x0c58  Null - ok
15:43:12.0869 0x0c58  [ 93C0F383B39B1F5FE7203E3270D4CF52, B212AC5A149AB0D4FFC98FB7B080E10712B5F4E2132F0698D1B7C975DD3791AD ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
15:43:12.0877 0x0c58  NVHDA - ok
15:43:14.0150 0x0c58  [ 0F3E07C92860DE5B24E8D11A1CE633AE, A712B4C3B95E6BD1AD1A91384BE558CD73F0B1FED4A9431711BBBE4EBB2928FE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:43:14.0502 0x0c58  nvlddmkm - ok
15:43:14.0623 0x0c58  [ AF2EEC9580C1D32FB7EAF105D9784061, 6DAAE3BCA048ACD7FFD26A65C793C461933179070F03855FE3DC3C01F968163A ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:43:14.0627 0x0c58  nvraid - ok
15:43:14.0683 0x0c58  [ 9283C58EBAA2618F93482EB5DABCEC82, 0BC119D4EAFDEA879E4C1CFBA5402499DBD1970EDF963C6D2034D4867C34D15E ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:43:14.0688 0x0c58  nvstor - ok
15:43:14.0834 0x0c58  [ 931325513B281B3F29F2296C3FCEECEA, 25201F2CAAA08980BE38C91A29189D6BF76BBFC8BC82143127893AD5BD34AA5D ] NVSvc           C:\Windows\system32\nvvsvc.exe
15:43:14.0853 0x0c58  NVSvc - ok
15:43:14.0885 0x0c58  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:43:14.0889 0x0c58  nv_agp - ok
15:43:14.0985 0x0c58  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:43:14.0989 0x0c58  ohci1394 - ok
15:43:15.0230 0x0c58  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:43:15.0239 0x0c58  ose - ok
15:43:15.0652 0x0c58  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:43:15.0908 0x0c58  osppsvc - ok
15:43:15.0974 0x0c58  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:43:15.0983 0x0c58  p2pimsvc - ok
15:43:16.0114 0x0c58  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:43:16.0130 0x0c58  p2psvc - ok
15:43:16.0190 0x0c58  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
15:43:16.0194 0x0c58  Parport - ok
15:43:16.0234 0x0c58  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:43:16.0236 0x0c58  partmgr - ok
15:43:16.0266 0x0c58  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
15:43:16.0267 0x0c58  Parvdm - ok
15:43:16.0301 0x0c58  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:43:16.0309 0x0c58  PcaSvc - ok
15:43:16.0351 0x0c58  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
15:43:16.0357 0x0c58  pci - ok
15:43:16.0385 0x0c58  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:43:16.0386 0x0c58  pciide - ok
15:43:16.0470 0x0c58  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:43:16.0481 0x0c58  pcmcia - ok
15:43:16.0544 0x0c58  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:43:16.0549 0x0c58  pcw - ok
15:43:16.0710 0x0c58  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:43:16.0732 0x0c58  PEAUTH - ok
15:43:16.0941 0x0c58  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:43:16.0973 0x0c58  PeerDistSvc - ok
15:43:17.0222 0x0c58  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
15:43:17.0263 0x0c58  pla - ok
15:43:17.0388 0x0c58  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:43:17.0406 0x0c58  PlugPlay - ok
15:43:17.0466 0x0c58  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:43:17.0469 0x0c58  PNRPAutoReg - ok
15:43:17.0509 0x0c58  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:43:17.0518 0x0c58  PNRPsvc - ok
15:43:17.0632 0x0c58  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:43:17.0645 0x0c58  PolicyAgent - ok
15:43:17.0710 0x0c58  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
15:43:17.0715 0x0c58  Power - ok
15:43:17.0835 0x0c58  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:43:17.0840 0x0c58  PptpMiniport - ok
15:43:17.0872 0x0c58  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
15:43:17.0875 0x0c58  Processor - ok
15:43:17.0956 0x0c58  [ 43CA4CCC22D52FB58E8988F0198851D0, DF67BD70D9D82677AE61244B4E54677A5008A7F5EB531DF2A7E7D33F1658EA78 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:43:17.0966 0x0c58  ProfSvc - ok
15:43:18.0006 0x0c58  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] ProtectedStorage C:\Windows\system32\lsass.exe
15:43:18.0009 0x0c58  ProtectedStorage - ok
15:43:18.0096 0x0c58  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:43:18.0102 0x0c58  Psched - ok
15:43:18.0198 0x0c58  [ EA735BF6DF13A857A83C99BF27A422AD, 026A57155FB9E01CFAFD8613980CDF0F3D744ABBBC66EFDC6C20B89980FB45CF ] PST Service     C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
15:43:18.0202 0x0c58  PST Service - ok
15:43:18.0450 0x0c58  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:43:18.0515 0x0c58  ql2300 - ok
15:43:18.0588 0x0c58  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:43:18.0592 0x0c58  ql40xx - ok
15:43:18.0650 0x0c58  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
15:43:18.0665 0x0c58  QWAVE - ok
15:43:18.0701 0x0c58  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:43:18.0703 0x0c58  QWAVEdrv - ok
15:43:18.0725 0x0c58  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:43:18.0727 0x0c58  RasAcd - ok
15:43:18.0782 0x0c58  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:43:18.0785 0x0c58  RasAgileVpn - ok
15:43:18.0821 0x0c58  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
15:43:18.0828 0x0c58  RasAuto - ok
15:43:18.0864 0x0c58  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:43:18.0868 0x0c58  Rasl2tp - ok
15:43:18.0911 0x0c58  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
15:43:18.0925 0x0c58  RasMan - ok
15:43:18.0936 0x0c58  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:43:18.0941 0x0c58  RasPppoe - ok
15:43:18.0973 0x0c58  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:43:18.0976 0x0c58  RasSstp - ok
15:43:19.0019 0x0c58  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:43:19.0026 0x0c58  rdbss - ok
15:43:19.0032 0x0c58  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:43:19.0034 0x0c58  rdpbus - ok
15:43:19.0071 0x0c58  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:43:19.0073 0x0c58  RDPCDD - ok
15:43:19.0107 0x0c58  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:43:19.0112 0x0c58  RDPDR - ok
15:43:19.0172 0x0c58  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:43:19.0174 0x0c58  RDPENCDD - ok
15:43:19.0210 0x0c58  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:43:19.0213 0x0c58  RDPREFMP - ok
15:43:19.0264 0x0c58  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:43:19.0272 0x0c58  RDPWD - ok
15:43:19.0340 0x0c58  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:43:19.0348 0x0c58  rdyboost - ok
15:43:19.0420 0x0c58  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:43:19.0427 0x0c58  RemoteAccess - ok
15:43:19.0483 0x0c58  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:43:19.0492 0x0c58  RemoteRegistry - ok
15:43:19.0777 0x0c58  [ 3C5AE759F7742C029F51E9965ED7835B, CE6F68B0245C1760CB031762ED758B13B931DF99C8437BE47DC98FBA36C9CF8A ] Response Hardware C:\Program Files\SMART Technologies\Education Software\ResponseHardwareService.exe
15:43:19.0781 0x0c58  Response Hardware - ok
15:43:19.0903 0x0c58  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:43:19.0911 0x0c58  RFCOMM - ok
15:43:19.0988 0x0c58  [ 571E6AE8D33F6AAAF342D0919630F901, 516E1978E476600AF02C4A0A0C6040DC65F9C4ADED40A94BE2FA5D5A6085F63E ] rimspci         C:\Windows\system32\DRIVERS\rimspe86.sys
15:43:19.0992 0x0c58  rimspci - ok
15:43:20.0071 0x0c58  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:43:20.0077 0x0c58  RpcEptMapper - ok
15:43:20.0211 0x0c58  [ B1574DCB4AE3EFACC24AA87B4AE6FC55, C8D3AF639699BF4571C1BDD0532C791036B74996A3E58CFE7728303B8727EA6C ] rpcld           C:\ProgramData\Rpcnet\Bin\rpcld.exe
15:43:20.0211 0x0c58  Suspicious file ( NoAccess ): C:\ProgramData\Rpcnet\Bin\rpcld.exe. md5: B1574DCB4AE3EFACC24AA87B4AE6FC55, sha256: C8D3AF639699BF4571C1BDD0532C791036B74996A3E58CFE7728303B8727EA6C
15:43:20.0212 0x0c58  rpcld - detected LockedFile.Multi.Generic ( 1 )
15:43:20.0727 0x0c58  Detect skipped due to KSN trusted
15:43:20.0728 0x0c58  rpcld - ok
15:43:20.0791 0x0c58  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
15:43:20.0795 0x0c58  RpcLocator - ok
15:43:20.0858 0x0c58  [ 675C575444AAFD56B4E8A99EF8A570CD, 22B068C69B4FA360601250E003DCBB96FED30966A4D01D29ACAE7A6687C25B6D ] Rpcnet          C:\Windows\System32\rpcnet.exe
15:43:20.0864 0x0c58  Rpcnet - ok
15:43:20.0952 0x0c58  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
15:43:20.0972 0x0c58  RpcSs - ok
15:43:21.0053 0x0c58  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:43:21.0058 0x0c58  rspndr - ok
15:43:21.0095 0x0c58  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:43:21.0098 0x0c58  s3cap - ok
15:43:21.0131 0x0c58  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] SamSs           C:\Windows\system32\lsass.exe
15:43:21.0135 0x0c58  SamSs - ok
15:43:21.0186 0x0c58  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:43:21.0192 0x0c58  sbp2port - ok
15:43:21.0246 0x0c58  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:43:21.0256 0x0c58  SCardSvr - ok
15:43:21.0275 0x0c58  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:43:21.0278 0x0c58  scfilter - ok
15:43:21.0420 0x0c58  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
15:43:21.0455 0x0c58  Schedule - ok
15:43:21.0504 0x0c58  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:43:21.0508 0x0c58  SCPolicySvc - ok
15:43:21.0574 0x0c58  [ 0328BE1C7F1CBA23848179F8762E391C, EA80853F04BAE6F46F658B3EFED34BFDDE20E6F2BDA349EBC17EC75DFF19855D ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
15:43:21.0578 0x0c58  sdbus - ok
15:43:21.0604 0x0c58  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:43:21.0610 0x0c58  SDRSVC - ok
15:43:21.0675 0x0c58  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:43:21.0677 0x0c58  secdrv - ok
15:43:21.0698 0x0c58  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
15:43:21.0703 0x0c58  seclogon - ok
15:43:21.0729 0x0c58  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
15:43:21.0734 0x0c58  SENS - ok
15:43:21.0775 0x0c58  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:43:21.0780 0x0c58  SensrSvc - ok
15:43:21.0815 0x0c58  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:43:21.0820 0x0c58  Serenum - ok
15:43:21.0840 0x0c58  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:43:21.0845 0x0c58  Serial - ok
15:43:21.0887 0x0c58  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:43:21.0890 0x0c58  sermouse - ok
15:43:21.0919 0x0c58  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:43:21.0925 0x0c58  SessionEnv - ok
15:43:21.0942 0x0c58  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
15:43:21.0943 0x0c58  sffdisk - ok
15:43:21.0960 0x0c58  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:43:21.0963 0x0c58  sffp_mmc - ok
15:43:21.0977 0x0c58  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
15:43:21.0978 0x0c58  sffp_sd - ok
15:43:21.0989 0x0c58  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:43:21.0991 0x0c58  sfloppy - ok
15:43:22.0015 0x0c58  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:43:22.0024 0x0c58  SharedAccess - ok
15:43:22.0058 0x0c58  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:43:22.0069 0x0c58  ShellHWDetection - ok
15:43:22.0096 0x0c58  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:43:22.0099 0x0c58  sisagp - ok
15:43:22.0131 0x0c58  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:43:22.0134 0x0c58  SiSRaid2 - ok
15:43:22.0151 0x0c58  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:43:22.0154 0x0c58  SiSRaid4 - ok
15:43:22.0209 0x0c58  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:43:22.0215 0x0c58  SkypeUpdate - ok
15:43:22.0259 0x0c58  [ 63A8BC2EF084BA9F1DE28DAC078DA7B3, FB0F016C56E74B4AD883C3C8799B9F5D83F08CB612E55FC676E9F11834684A61 ] SMARTMouseFilterx86 C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys
15:43:22.0260 0x0c58  SMARTMouseFilterx86 - ok
15:43:22.0288 0x0c58  [ D1BED532D69788E3EE646FCF20E66561, 65326805AB8F476E96BCCFE2DAEFC59A307FCC05561552853FB7C131E5D1741C ] SMARTVHidMini2000x86 C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
15:43:22.0290 0x0c58  SMARTVHidMini2000x86 - ok
15:43:22.0316 0x0c58  [ 2E8B61503AB9B4E29593A4BAEBA1BD81, C66A83B391604150F9BA191EFD796F6EBC49DF9A65DD1F33FF1C05892E0EE5AF ] SMARTVTabletPCx86 C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys
15:43:22.0318 0x0c58  SMARTVTabletPCx86 - ok
15:43:22.0351 0x0c58  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:43:22.0354 0x0c58  Smb - ok
15:43:22.0400 0x0c58  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:43:22.0404 0x0c58  SNMPTRAP - ok
15:43:22.0420 0x0c58  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:43:22.0422 0x0c58  spldr - ok
15:43:22.0450 0x0c58  [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler         C:\Windows\System32\spoolsv.exe
15:43:22.0464 0x0c58  Spooler - ok
15:43:22.0602 0x0c58  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
15:43:22.0677 0x0c58  sppsvc - ok
15:43:22.0713 0x0c58  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:43:22.0717 0x0c58  sppuinotify - ok
15:43:22.0750 0x0c58  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:43:22.0759 0x0c58  srv - ok
15:43:22.0776 0x0c58  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:43:22.0784 0x0c58  srv2 - ok
15:43:22.0820 0x0c58  [ E00FDFAFF025E94F9821153750C35A6D, 6ECDC5F314A29B859B0DCB7FF114CACE0718612556299B16412C21F9539DC9B5 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:43:22.0826 0x0c58  SrvHsfHDA - ok
15:43:22.0883 0x0c58  [ CEB4E3B6890E1E42DCA6694D9E59E1A0, 00D841690A88F1051A238F67AACCE905E8A59C86070F215A8D31FA3E68C6BF35 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:43:22.0908 0x0c58  SrvHsfV92 - ok
15:43:22.0938 0x0c58  [ BC0C7EA89194C299F051C24119000E17, F5FB21F7AD7370F3D5DF7C23F33118ECF19865B995AF12E9A8A8D893E7E6264F ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:43:22.0955 0x0c58  SrvHsfWinac - ok
15:43:22.0977 0x0c58  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:43:22.0981 0x0c58  srvnet - ok
15:43:23.0003 0x0c58  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:43:23.0010 0x0c58  SSDPSRV - ok
15:43:23.0028 0x0c58  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:43:23.0033 0x0c58  SstpSvc - ok
15:43:23.0052 0x0c58  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:43:23.0054 0x0c58  stexstor - ok
15:43:23.0083 0x0c58  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
15:43:23.0096 0x0c58  StiSvc - ok
15:43:23.0117 0x0c58  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:43:23.0119 0x0c58  storflt - ok
15:43:23.0139 0x0c58  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
15:43:23.0143 0x0c58  StorSvc - ok
15:43:23.0170 0x0c58  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:43:23.0172 0x0c58  storvsc - ok
15:43:23.0186 0x0c58  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:43:23.0187 0x0c58  swenum - ok
15:43:23.0211 0x0c58  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
15:43:23.0221 0x0c58  swprv - ok
15:43:23.0260 0x0c58  [ A71D2E8644037AC7D11227BC2B1DA89E, 1A1A6630D4F55734DC2510854B820B288E047B037EF068B32740438CD422035E ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:43:23.0268 0x0c58  SynTP - ok
15:43:23.0325 0x0c58  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
15:43:23.0355 0x0c58  SysMain - ok
15:43:23.0367 0x0c58  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
15:43:23.0371 0x0c58  TabletInputService - ok
15:43:23.0391 0x0c58  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:43:23.0399 0x0c58  TapiSrv - ok
15:43:23.0411 0x0c58  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
15:43:23.0415 0x0c58  TBS - ok
15:43:23.0476 0x0c58  [ A5EBB8F648000E88B7D9390B514976BF, 5421B8C76FA0DFA5F2F8004B8EC0FA03157FB971A3264B97F3BEFDFC42108F17 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:43:23.0508 0x0c58  Tcpip - ok
15:43:23.0553 0x0c58  [ A5EBB8F648000E88B7D9390B514976BF, 5421B8C76FA0DFA5F2F8004B8EC0FA03157FB971A3264B97F3BEFDFC42108F17 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:43:23.0580 0x0c58  TCPIP6 - ok
15:43:23.0610 0x0c58  [ CCA24162E055C3714CE5A88B100C64ED, 9B7712E793B9478BA7A1EF71EA9CC03CCB9C4004C54EAA911F158958519EDCD9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:43:23.0612 0x0c58  tcpipreg - ok
15:43:23.0629 0x0c58  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:43:23.0630 0x0c58  TDPIPE - ok
15:43:23.0643 0x0c58  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:43:23.0645 0x0c58  TDTCP - ok
15:43:23.0656 0x0c58  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:43:23.0659 0x0c58  tdx - ok
15:43:23.0672 0x0c58  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:43:23.0675 0x0c58  TermDD - ok
15:43:23.0724 0x0c58  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
15:43:23.0739 0x0c58  TermService - ok
15:43:23.0754 0x0c58  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
15:43:23.0758 0x0c58  Themes - ok
15:43:23.0769 0x0c58  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
15:43:23.0772 0x0c58  THREADORDER - ok
15:43:23.0803 0x0c58  [ 3724DFF72B0F5307CF761CC91C2BB9F7, 6752764FAEC2D35E21E629A1A347311B48D82DF1AA359BBF68B734D292C9969C ] TPM             C:\Windows\system32\drivers\tpm.sys
15:43:23.0806 0x0c58  TPM - ok
15:43:23.0841 0x0c58  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
15:43:23.0845 0x0c58  TrkWks - ok
15:43:23.0890 0x0c58  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:43:23.0897 0x0c58  TrustedInstaller - ok
15:43:23.0926 0x0c58  [ 254BB140EEE3C59D6114C1A86B636877, EE09D62E90407A40278F2136F640DAB16A4E2BF57D4FB6E05F92CA9CC9CF57C0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:43:23.0928 0x0c58  tssecsrv - ok
15:43:23.0939 0x0c58  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:43:23.0942 0x0c58  TsUsbFlt - ok
15:43:23.0954 0x0c58  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:43:23.0956 0x0c58  TsUsbGD - ok
15:43:23.0984 0x0c58  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:43:23.0988 0x0c58  tunnel - ok
15:43:24.0008 0x0c58  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:43:24.0011 0x0c58  uagp35 - ok
15:43:24.0069 0x0c58  [ 730D09FBF8ADEAF3ADC7FBD6AC55920F, CA90A6C32E7E2967E234C560BABC280FDD050D3C2A50F549C16B2625C14C6950 ] UAService       C:\Program Files\Lightspeed Systems\User Agent\UAService.exe
15:43:24.0083 0x0c58  UAService - ok
15:43:24.0120 0x0c58  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:43:24.0126 0x0c58  udfs - ok
15:43:24.0157 0x0c58  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:43:24.0160 0x0c58  UI0Detect - ok
15:43:24.0172 0x0c58  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:43:24.0175 0x0c58  uliagpkx - ok
15:43:24.0197 0x0c58  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:43:24.0199 0x0c58  umbus - ok
15:43:24.0213 0x0c58  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:43:24.0215 0x0c58  UmPass - ok
15:43:24.0236 0x0c58  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:43:24.0243 0x0c58  UmRdpService - ok
15:43:24.0264 0x0c58  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
15:43:24.0273 0x0c58  upnphost - ok
15:43:24.0294 0x0c58  [ 7E72E7D7E0757D59481D530FD2B0BFAE, 288CAC9F4AC09DEB2B30C6E3A6ACF8D62A75576F62F0EC159D5E1B257419E9DC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:43:24.0297 0x0c58  usbccgp - ok
15:43:24.0323 0x0c58  [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:43:24.0326 0x0c58  usbcir - ok
15:43:24.0342 0x0c58  [ CFBCE999C057D78979A181C9C60F208E, D60698EAA8A085214D5945818B0863976CF116EBE523046C344AF4E9392FDF80 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:43:24.0344 0x0c58  usbehci - ok
15:43:24.0372 0x0c58  [ 9D22AAD9AC6A07C691A1113E5F860868, AC34D36DBB5649650FCD873A792CA1387AE841D4C46781C63C0D29834F9B58E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:43:24.0379 0x0c58  usbhub - ok
15:43:24.0389 0x0c58  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:43:24.0391 0x0c58  usbohci - ok
15:43:24.0414 0x0c58  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:43:24.0416 0x0c58  usbprint - ok
15:43:24.0446 0x0c58  [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:43:24.0448 0x0c58  usbscan - ok
15:43:24.0468 0x0c58  [ BF63EBFC6979FEFB2BC03DF7989A0C1A, AFEF764A3E5D52CDBB5074F0E87F2B5EBCDF8D9B6E8F88EE235602B80145BE31 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:43:24.0472 0x0c58  USBSTOR - ok
15:43:24.0484 0x0c58  [ 78780C3EBCE17405B1CCD07A3A8A7D72, FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:43:24.0487 0x0c58  usbuhci - ok
15:43:24.0510 0x0c58  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2, F9B72DE82078FDB5551D48988190F46EECA9B99655C591B7865FEA1AFB31F637 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:43:24.0515 0x0c58  usbvideo - ok
15:43:24.0544 0x0c58  [ D82F43D15FDAA666856C0190CB73E7C9, A998F5F0535ADCFE0E6F37E4B222262F59D4E43CB596D62E785EF8E0D7E296F6 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
15:43:24.0547 0x0c58  usb_rndisx - ok
15:43:24.0658 0x0c58  [ 6DA5BD7F379500C8473BB9EF23FBEB60, BAB89D62C3619DB396F2C0120FD97A7216EDCAB50788FD02AEF2D5AD55497645 ] uvnc_service    C:\Program Files\UltraVNC\WinVNC.exe
15:43:24.0707 0x0c58  uvnc_service - ok
15:43:24.0726 0x0c58  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
15:43:24.0729 0x0c58  UxSms - ok
15:43:24.0739 0x0c58  [ 81951F51E318AECC2D68559E47485CC4, ACF76395EF4A2ED03AB919A9DA04D3A4C03B4D0EDC60BE123B3BE1AFE78BC71B ] VaultSvc        C:\Windows\system32\lsass.exe
15:43:24.0741 0x0c58  VaultSvc - ok
15:43:24.0772 0x0c58  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:43:24.0774 0x0c58  vdrvroot - ok
15:43:24.0798 0x0c58  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
15:43:24.0812 0x0c58  vds - ok
15:43:24.0822 0x0c58  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:43:24.0824 0x0c58  vga - ok
15:43:24.0829 0x0c58  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:43:24.0830 0x0c58  VgaSave - ok
15:43:24.0846 0x0c58  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:43:24.0851 0x0c58  vhdmp - ok
15:43:24.0882 0x0c58  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:43:24.0893 0x0c58  viaagp - ok
15:43:24.0910 0x0c58  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
15:43:24.0912 0x0c58  ViaC7 - ok
15:43:24.0930 0x0c58  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:43:24.0931 0x0c58  viaide - ok
15:43:24.0950 0x0c58  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:43:24.0956 0x0c58  vmbus - ok
15:43:24.0973 0x0c58  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:43:24.0974 0x0c58  VMBusHID - ok
15:43:24.0987 0x0c58  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:43:24.0989 0x0c58  volmgr - ok
15:43:25.0005 0x0c58  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:43:25.0013 0x0c58  volmgrx - ok
15:43:25.0045 0x0c58  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:43:25.0052 0x0c58  volsnap - ok
15:43:25.0082 0x0c58  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:43:25.0087 0x0c58  vsmraid - ok
15:43:25.0143 0x0c58  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
15:43:25.0169 0x0c58  VSS - ok
15:43:25.0184 0x0c58  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:43:25.0185 0x0c58  vwifibus - ok
15:43:25.0216 0x0c58  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:43:25.0218 0x0c58  vwififlt - ok
15:43:25.0227 0x0c58  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:43:25.0228 0x0c58  vwifimp - ok
15:43:25.0245 0x0c58  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
15:43:25.0255 0x0c58  W32Time - ok
15:43:25.0271 0x0c58  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:43:25.0273 0x0c58  WacomPen - ok
15:43:25.0299 0x0c58  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:43:25.0301 0x0c58  WANARP - ok
15:43:25.0307 0x0c58  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:43:25.0308 0x0c58  Wanarpv6 - ok
15:43:25.0358 0x0c58  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
15:43:25.0389 0x0c58  wbengine - ok
15:43:25.0409 0x0c58  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:43:25.0415 0x0c58  WbioSrvc - ok
15:43:25.0430 0x0c58  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:43:25.0439 0x0c58  wcncsvc - ok
15:43:25.0450 0x0c58  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:43:25.0454 0x0c58  WcsPlugInService - ok
15:43:25.0477 0x0c58  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
15:43:25.0479 0x0c58  Wd - ok
15:43:25.0508 0x0c58  [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:43:25.0519 0x0c58  Wdf01000 - ok
15:43:25.0536 0x0c58  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:43:25.0541 0x0c58  WdiServiceHost - ok
15:43:25.0546 0x0c58  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:43:25.0550 0x0c58  WdiSystemHost - ok
15:43:25.0582 0x0c58  [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient       C:\Windows\System32\webclnt.dll
15:43:25.0590 0x0c58  WebClient - ok
15:43:25.0609 0x0c58  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:43:25.0615 0x0c58  Wecsvc - ok
15:43:25.0631 0x0c58  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:43:25.0635 0x0c58  wercplsupport - ok
15:43:25.0659 0x0c58  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
15:43:25.0663 0x0c58  WerSvc - ok
15:43:25.0691 0x0c58  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:43:25.0692 0x0c58  WfpLwf - ok
15:43:25.0705 0x0c58  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:43:25.0707 0x0c58  WIMMount - ok
15:43:25.0747 0x0c58  [ 253A9C2DF9A2A7B3B23146014959F2CD, DC9AEF4F5085C52930EE7523FB8FF209D1EF6A8333FAAB043269C18AD029112A ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:43:25.0764 0x0c58  winachsf - ok
15:43:25.0822 0x0c58  [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:43:25.0839 0x0c58  WinDefend - ok
15:43:25.0856 0x0c58  WinHttpAutoProxySvc - ok
15:43:25.0904 0x0c58  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:43:25.0909 0x0c58  Winmgmt - ok
15:43:25.0969 0x0c58  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
15:43:25.0998 0x0c58  WinRM - ok
15:43:26.0045 0x0c58  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
15:43:26.0047 0x0c58  WinUsb - ok
15:43:26.0081 0x0c58  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:43:26.0102 0x0c58  Wlansvc - ok
15:43:26.0202 0x0c58  [ 5E7C103F8475C4289847D15E129C20F7, C6325D3557545FA1DA26B0B1EA9A1C95AED1FA84A93BE29A771DAD9ECB00768B ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:43:26.0243 0x0c58  wlidsvc - ok
15:43:26.0278 0x0c58  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:43:26.0279 0x0c58  WmiAcpi - ok
15:43:26.0308 0x0c58  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:43:26.0313 0x0c58  wmiApSrv - ok
15:43:26.0399 0x0c58  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:43:26.0428 0x0c58  WMPNetworkSvc - ok
15:43:26.0459 0x0c58  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:43:26.0462 0x0c58  WPCSvc - ok
15:43:26.0473 0x0c58  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:43:26.0478 0x0c58  WPDBusEnum - ok
15:43:26.0501 0x0c58  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:43:26.0502 0x0c58  ws2ifsl - ok
15:43:26.0516 0x0c58  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:43:26.0520 0x0c58  wscsvc - ok
15:43:26.0525 0x0c58  WSearch - ok
15:43:26.0598 0x0c58  [ 3026418A50C5B4761BEFA632CEDB7406, 45C3B17793570B93D69037FD35C069390312B14E778852E7630C8DC63F02DDE8 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:43:26.0645 0x0c58  wuauserv - ok
15:43:26.0664 0x0c58  [ E714A1C0354636837E20CCBF00888EE7, 0E31F0DB0AA318E3B0DACD26C0D3B11519B42F2A996AE580BE67FA8B3C42C436 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:43:26.0667 0x0c58  WudfPf - ok
15:43:26.0700 0x0c58  [ 1023EE888C9B47178C5293ED5336AB69, 62221C80C3F719A585266247482A64F7CB2F5EF69AFA8FA07D563CA2B0A37561 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:43:26.0704 0x0c58  WUDFRd - ok
15:43:26.0747 0x0c58  [ 8D1E1E529A2C9E9B6A85B55A345F7629, 64B637CFE2AF58A4F7CE6D8C3D603F8EFD527500F7137E0A37840313C712CA93 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:43:26.0752 0x0c58  wudfsvc - ok
15:43:26.0768 0x0c58  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:43:26.0776 0x0c58  WwanSvc - ok
15:43:26.0805 0x0c58  [ 894F963BE999BA9DB5AAC3AED55B115D, F4ECDD57FC5F6E295414745C2B8A2D9F9074C7035A6902456EE4447560863710 ] XAudio          C:\Windows\system32\DRIVERS\XAudio32.sys
15:43:26.0807 0x0c58  XAudio - ok
15:43:26.0845 0x0c58  ================ Scan global ===============================
15:43:26.0881 0x0c58  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
15:43:26.0919 0x0c58  [ 48CB4FDBCAAEAC7BCE2F5941545FF071, B10D33F21A8DD82FF908AA6EB4134663C3A846F0EF990CA878AEE1C4B186811A ] C:\Windows\system32\winsrv.dll
15:43:26.0932 0x0c58  [ 48CB4FDBCAAEAC7BCE2F5941545FF071, B10D33F21A8DD82FF908AA6EB4134663C3A846F0EF990CA878AEE1C4B186811A ] C:\Windows\system32\winsrv.dll
15:43:26.0958 0x0c58  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
15:43:26.0978 0x0c58  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
15:43:26.0986 0x0c58  [ Global ] - ok
15:43:26.0987 0x0c58  ================ Scan MBR ==================================
15:43:27.0001 0x0c58  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:43:27.0433 0x0c58  \Device\Harddisk0\DR0 - ok
15:43:27.0434 0x0c58  ================ Scan VBR ==================================
15:43:27.0438 0x0c58  [ AAF3DDC831512552423E95AEF07FF502 ] \Device\Harddisk0\DR0\Partition1
15:43:27.0441 0x0c58  \Device\Harddisk0\DR0\Partition1 - ok
15:43:27.0474 0x0c58  [ 24A37B1FDC883A67B29BA48AB4F26F84 ] \Device\Harddisk0\DR0\Partition2
15:43:27.0477 0x0c58  \Device\Harddisk0\DR0\Partition2 - ok
15:43:27.0478 0x0c58  Waiting for KSN requests completion. In queue: 117
15:43:28.0673 0x0c58  AV detected via SS2: System Center 2012 Endpoint Protection, C:\Program Files\Microsoft Security Client\msseces.exe ( 2.2.903.0 ), 0x61000 ( enabled : updated )
15:43:28.0703 0x0c58  Win FW state via NFP2: enabled
15:43:29.0375 0x0c58  ============================================================
15:43:29.0375 0x0c58  Scan finished
15:43:29.0375 0x0c58  ============================================================
15:43:29.0393 0x1ca4  Detected object count: 0
15:43:29.0393 0x1ca4  Actual detected object count: 0
15:44:26.0472 0x1868  Deinitialize success


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 04 January 2014 - 04:31 PM

If this is laptop is owned by your school district, you may be better served by their IT staff.  There are a number of reasons I recommend this:

  • If your employer has IT support, it would be wiser to utilize them as they are more familiar with your IT environment
  • Many companies have policies against employees doing this type of work on their PCs
  • Your district may have policies or software versions in place that are business critical and should not be altered or removed. Obviously, I would have no way to know what they are.  The tools we use for home/personal systems will occasionally alter system settings.
  • Posting your logs in an open forum like this could possibly expose proprietary business information.

If you would still like my help I will do the best I can, but first please let me know that you understand the above information.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:00 PM

Posted 04 January 2014 - 08:14 PM

Thank you for your concern, but let me assure you that there is a reason that I am doing it this way.  It has worked twice before and been more of an expedient help than IT.  There is no proprietary info that we are worried about exposing. It is a saving grace to be able to take care of any problems without having to issue an IT ticket.  I've been thanked for it before.

 

So, yes, I would like to continue.

 

Oh, and there is no policy against what I am doing.  Public schools with very little funds are different than big businesses.  We scape by and are thankful for any little help.

 

Help me, and you're actually helping the at-risk 4th graders that I teach.



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 05 January 2014 - 12:04 AM

Fair enough!  Does this Google redirect happen everywhere you use the laptop, or just when you are connected to certain networks?  Please do this next:

icon11.gif  Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 12 January 2014 - 10:00 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 12 January 2014 - 01:40 PM

This topic has been re-opened at the request of the person who originally posted.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:00 PM

Posted 12 January 2014 - 04:30 PM

Hi, believe it or not I did not see your entire message about re-opening the thread.  My fault for not putting the link in the PM.  But thanks again for re-opening.

 

 

Here is the M-Bam log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.12.04
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
scmcdowell :: E351A025024 [administrator]
 
1/12/2014 8:56:15 AM
mbam-log-2014-01-12 (08-56-15).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 498631
Time elapsed: 2 hour(s), 17 minute(s), 6 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoFolderOptions (Hijack.FolderOptions) -> Data: 1 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: firewall.cpl -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 8
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop|NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceActiveDesktopOn (PUM.Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoPropertiesMyComputer (PUM.Disable.MCProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispBackgroundPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispAppearancePage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispScrSavPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig (Windows.Tool.Disabled) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Users\scmcdowell\AppData\Local\Temp\offercast.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
 
(end)


#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 PM

Posted 12 January 2014 - 05:03 PM

Does this Google redirect happen everywhere you use the laptop, or just when you are connected to certain networks?  

Most of the issues that MBAM just fixed were system policies that, based on your earlier post, were likely set by your IT staff.  Hopefully that isn't a problem.

Please do this next:

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 chrislbrown

chrislbrown
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:00 PM

Posted 12 January 2014 - 10:36 PM

Google is actually not redirecting anymore, since I installed the newest version.  Yet, I wanted to put this laptop through this process because there WAS a redirect, and a breach because of it, which still must exist somewhere.

 

Hey, I can't get the link to work at all.  I tired opening IE as administrator.  It still would not load the page.  Any suggestions?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users