Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

a few files i found, unsure if this indicates infection. no other signs


  • Please log in to reply
24 replies to this topic

#1 rp88

rp88

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:00 AM

Posted 28 December 2013 - 01:53 PM

about the old xp machine again...

i was browsing through the system folders on my machine and found the following folder

 

C:\Documents and Settings\Administrator\Local Settings\Temp\HCBackup

 

it contained iCRCReserve.tmp   hcpackage.exe    hcversion.xml  AUStrg(empty folder)  AUCache(folder)

 

i looked up some of these names online and found

 

http://www.threatexpert.com/report.aspx?md5=2399c6f17aaa39ba58bb09aee33bd913

 

 

my system contains the files listed under "file system modifications"-->"files created"

the files 

marked 3, 4 ,5 ,6 ,7 on that list are all present and have same size. they match the file sizes shown there, i did not know how to check the MD5 or SHA-1.

 

does this mean i am infected or are those files quite benign? they may have something to do with trend micro housecall or they might be named to fool me into thinking that. hcpackage.exe says it was produced by a "company" Igor Pavlov.

what is going on here?

thanks

 


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 rp88

rp88
  • Topic Starter

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:00 AM

Posted 30 December 2013 - 11:40 AM

excuse me but it's been several days now, can i have some advice on this matter please.

thanks.


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:00 PM

Posted 30 December 2013 - 01:22 PM

Hello rp88
sorry for the delay,,,holiday.

This is a nasty item and I am concerned by these abilities
Communication with a remote IRC server.
Produces outbound traffic.
Downloads/requests other files from Internet

This means it is communicating with the outside world.. If you do banking on here yYou will need to call the back to have them watch your accounts..

Lets get a further look.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    .
    .
    .
    .
    • Last run ESET.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 rp88

rp88
  • Topic Starter

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:00 AM

Posted 30 December 2013 - 01:45 PM

already have that lot installed on the machine, running them now. please note that i  am running them whilst not connected to the internet so logs will say things like google could not be resolved etc. if this is  a problem i can run them again whilst online. would you like me to run rkill as well as tdss killer?


Edited by rp88, 30 December 2013 - 01:53 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:00 PM

Posted 30 December 2013 - 01:50 PM

Get the new updated copies
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 rp88

rp88
  • Topic Starter

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:00 AM

Posted 30 December 2013 - 01:56 PM

ok, doing so now. seeing as i've had to connect to download them i'll run them  whilst online. as a note minitoolbox does something with IE and firefox proxy settings but i use chrome for almost everything. firefox is technically my default and i avoid using IE like the  plague that it is.

another thing, the tdss killer i downloaded the plain old exe not the version in the zip file. is this an issue?


Edited by rp88, 30 December 2013 - 02:08 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 rp88

rp88
  • Topic Starter

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:00 AM

Posted 30 December 2013 - 02:10 PM

tdsskiller took only 32 seconds, it says no threats found. there is no reports button instead it merely says details which brings up a list window containing nothing. sorry report is hidden at the top, i've opened it now. i'll upload all these logs as soon as i  have finished them all.


Edited by rp88, 30 December 2013 - 02:11 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#8 rp88

rp88
  • Topic Starter

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:00 AM

Posted 30 December 2013 - 02:17 PM

after clicking clean a small pop up appears down in the system tray saying something along the lines of "google blocked at attempt to change browser settings"


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:00 PM

Posted 30 December 2013 - 02:20 PM

Yes I know that about minitool... Post the logs..

 I'll be back soon ..


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 rp88

rp88
  • Topic Starter

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:00 AM

Posted 30 December 2013 - 03:17 PM

sorry, eset is taking rather a while, some years ago i placed loads of my old files in some zips and they're what's slowing it down.


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:00 PM

Posted 30 December 2013 - 03:45 PM

No problem ..ESET is always much longer.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 rp88

rp88
  • Topic Starter

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:00 AM

Posted 30 December 2013 - 04:56 PM

all logs here at last
 
MiniToolBox by Farbar  Version: 18-12-2013
Ran by Administrator (administrator) on 30-12-2013 at 19:02:50
Running from "C:\Documents and Settings\Administrator\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Windows Mobile-based Internet Sharing Device = Local Area Connection 3 (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
# Interface IP Configuration for "Local Area Connection 3"
 
set address name="Local Area Connection 3" source=dhcp 
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : personal info removed
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Broadcast
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
 
        Physical Address. . . . . . . . . : 00-19-66-27-AF-F6
 
 
 
Ethernet adapter Local Area Connection 3:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Windows Mobile-based Internet Sharing Device #2
 
        Physical Address. . . . . . . . . : 58-2C-80-13-92-63
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.100
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.1
 
        DHCP Server . . . . . . . . . . . : 192.168.1.1
 
        DNS Servers . . . . . . . . . . . : 192.168.1.1
 
                                            192.168.1.1
 
        Lease Obtained. . . . . . . . . . : 30 December 2013 18:50:30
 
        Lease Expires . . . . . . . . . . : 31 December 2013 18:50:30
 
Server:  hi.link
Address:  192.168.1.1
 
Name:    google.com
Addresses:  173.194.113.162, 173.194.113.169, 173.194.113.161, 173.194.113.166
 173.194.113.160, 173.194.113.174, 173.194.113.165, 173.194.113.163, 173.194.113.168
 173.194.113.167, 173.194.113.164
 
 
 
Pinging google.com [173.194.113.162] with 32 bytes of data:
 
 
 
Reply from 173.194.113.162: bytes=32 time=372ms TTL=47
 
Reply from 173.194.113.162: bytes=32 time=461ms TTL=47
 
 
 
Ping statistics for 173.194.113.162:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 372ms, Maximum = 461ms, Average = 416ms
 
Server:  hi.link
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45
 
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
 
 
 
Reply from 98.138.253.109: bytes=32 time=430ms TTL=44
 
Reply from 98.138.253.109: bytes=32 time=430ms TTL=44
 
 
 
Ping statistics for 98.138.253.109:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 430ms, Maximum = 430ms, Average = 430ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 66 27 af f6 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
0x10004 ...58 2c 80 13 92 63 ...... Windows Mobile-based Internet Sharing Device #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.100  25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0    192.168.1.100   192.168.1.100  25
    192.168.1.100  255.255.255.255        127.0.0.1       127.0.0.1  25
    192.168.1.255  255.255.255.255    192.168.1.100   192.168.1.100  25
        224.0.0.0        240.0.0.0    192.168.1.100   192.168.1.100  25
  255.255.255.255  255.255.255.255    192.168.1.100               2  1
  255.255.255.255  255.255.255.255    192.168.1.100   192.168.1.100  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/10/2013 11:53:17 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (12/07/2013 04:54:22 PM) (Source: Application Error) (User: )
Description: Faulting application sketchup.exe, version 8.0.11752.0, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x000046b4.
Processing media-specific event for [sketchup.exe!ws!]
 
Error: (12/07/2013 04:52:10 PM) (Source: Application Error) (User: )
Description: Faulting application sketchup.exe, version 8.0.11752.0, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x000046b4.
Processing media-specific event for [sketchup.exe!ws!]
 
Error: (12/03/2013 08:24:35 PM) (Source: Application Hang) (User: )
Description: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (12/03/2013 08:24:32 PM) (Source: Application Hang) (User: )
Description: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/28/2013 08:05:02 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (11/28/2013 08:04:22 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
 
Error: (11/28/2013 08:04:22 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (11/28/2013 08:04:22 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
 
Error: (11/28/2013 08:04:22 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
 
System errors:
=============
Error: (12/30/2013 06:47:34 PM) (Source: System Error) (User: )
Description: Error code 000000ea, parameter1 85a065b8, parameter2 8694a008, parameter3 865cf8f8, parameter4 00000001.
 
Error: (12/29/2013 00:28:36 AM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 80000004, parameter2 80708ae1, parameter3 a85d7d98, parameter4 00000000.
 
Error: (12/26/2013 03:20:24 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
 
Error: (12/20/2013 04:08:25 PM) (Source: System Error) (User: )
Description: Error code 000000ea, parameter1 86c9c568, parameter2 86acb7f0, parameter3 86a481f0, parameter4 00000001.
 
Error: (12/19/2013 06:06:14 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
 
Error: (12/19/2013 05:37:29 PM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 80000004, parameter2 80708ae1, parameter3 f69c725c, parameter4 00000000.
 
Error: (12/14/2013 05:33:41 PM) (Source: System Error) (User: )
Description: Error code 000000ea, parameter1 86afe720, parameter2 86cae4b0, parameter3 86b5c730, parameter4 00000001.
 
Error: (12/14/2013 00:50:54 AM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 80000004, parameter2 80708ae1, parameter3 f672d0d4, parameter4 00000000.
 

 
 
Microsoft Office Sessions:
=========================
Error: (12/10/2013 11:53:17 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (12/07/2013 04:54:22 PM) (Source: Application Error)(User: )
Description: sketchup.exe8.0.11752.0msvcr80.dll8.0.50727.6195000046b4
 
Error: (12/07/2013 04:52:10 PM) (Source: Application Error)(User: )
Description: sketchup.exe8.0.11752.0msvcr80.dll8.0.50727.6195000046b4
 
Error: (12/03/2013 08:24:35 PM) (Source: Application Hang)(User: )
Description: wmplayer.exe11.0.5721.5145hungapp0.0.0.000000000
 
Error: (12/03/2013 08:24:32 PM) (Source: Application Hang)(User: )
Description: wmplayer.exe11.0.5721.5145hungapp0.0.0.000000000
 
Error: (11/28/2013 08:05:02 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (11/28/2013 08:04:22 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.
 
Error: (11/28/2013 08:04:22 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (11/28/2013 08:04:22 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.
 
Error: (11/28/2013 08:04:22 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
 
=========================== Installed Programs ============================
 
3D Model Screen Saver v1.0
3DVIA player 5.0.0.20 (Version: 5.0.20)
7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Blender (Version: 2.65a-release)
DebugMode Wax 2.0
ESET Online Scanner v3
GIMP 2.8.0 (Version: 2.8.0)
Google Chrome (Version: 31.0.1650.63)
Google SketchUp 8 (Version: 3.0.11752)
Google Update Helper (Version: 1.3.22.3)
Google Updater (Version: 2.4.1536.6592)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Intel® Graphics Media Accelerator Driver
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MeshLab 1.3.2 (Version: 1.3.2)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mobile Broadband HL Service (Version: 22.001.14.01.105)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Nero - Burning Rom (Version: 5.5.9)
NETGEAR WG111v2 wireless USB 2.0 adapter (Version: 1.0.0.133)
Norton AntiVirus (Version: 18.7.1.3)
OLYMPUS Master 2 (Version: 1.0.5)
QuickTime (Version: 7.1.3.100)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver (Version: 1.70)
Realtek High Definition Audio Driver (Version: 5.10.0.5296)
RealUpgrade 1.1 (Version: 1.1.0)
T-Mobile Internet Manager (Version: 11.301.05.06.105)
Tweaking.com - Windows Repair (All in One) (Version: 2.1.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0036.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 63%
Total physical RAM: 1015.23 MB
Available physical RAM: 369.01 MB
Total Pagefile: 2444.44 MB
Available Pagefile: 1932.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.79 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:149.04 GB) (Free:109.37 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\personal info removed
 
Administrator            Guest                    HelpAssistant            
SUPPORT_388945a0         
 
 
**** End of log ****
 
 
tdss killer then gave this colossal log
 
 
 
 
 

19:05:23.0796 0x06d4  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
19:06:58.0343 0x06d4  ============================================================
19:06:58.0343 0x06d4  Current date / time: 2013/12/30 19:06:58.0343
19:06:58.0343 0x06d4  SystemInfo:
19:06:58.0343 0x06d4  
19:06:58.0343 0x06d4  OS Version: 5.1.2600 ServicePack: 3.0
19:06:58.0343 0x06d4  Product type: Workstation
19:06:58.0343 0x06d4  ComputerName: personal info removed
19:06:58.0343 0x06d4  UserName: Administrator
19:06:58.0343 0x06d4  Windows directory: C:\WINDOWS
19:06:58.0343 0x06d4  System windows directory: C:\WINDOWS
19:06:58.0343 0x06d4  Processor architecture: Intel x86
19:06:58.0343 0x06d4  Number of processors: 2
19:06:58.0343 0x06d4  Page size: 0x1000
19:06:58.0343 0x06d4  Boot type: Normal boot
19:06:58.0343 0x06d4  ============================================================
19:07:03.0953 0x06d4  KLMD registered as C:\WINDOWS\system32\drivers\48398729.sys
19:07:06.0078 0x06d4  System UUID: {240F2D97-1A2D-63D4-279C-D55C6DB0D980}
19:07:10.0250 0x06d4  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:07:10.0250 0x06d4  ============================================================
19:07:10.0250 0x06d4  \Device\Harddisk0\DR0:
19:07:10.0265 0x06d4  MBR partitions:
19:07:10.0265 0x06d4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
19:07:10.0265 0x06d4  ============================================================
19:07:10.0296 0x06d4  C: <-> \Device\Harddisk0\DR0\Partition1
19:07:10.0296 0x06d4  ============================================================
19:07:10.0296 0x06d4  Initialize success
19:07:10.0296 0x06d4  ============================================================
19:08:29.0375 0x0880  ============================================================
19:08:29.0375 0x0880  Scan started
19:08:29.0375 0x0880  Mode: Manual; 
19:08:29.0375 0x0880  ============================================================
19:08:29.0375 0x0880  KSN ping started
19:08:34.0296 0x0880  KSN ping finished: true
19:08:35.0015 0x0880  ================ Scan system memory ========================
19:08:35.0015 0x0880  System memory - ok
19:08:35.0015 0x0880  ================ Scan services =============================
19:08:35.0156 0x0880  Abiosdsk - ok
19:08:35.0156 0x0880  abp480n5 - ok
19:08:35.0203 0x0880  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:08:35.0203 0x0880  ACPI - ok
19:08:35.0500 0x0880  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
19:08:35.0500 0x0880  ACPIEC - ok
19:08:35.0609 0x0880  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:08:35.0656 0x0880  AdobeFlashPlayerUpdateSvc - ok
19:08:35.0656 0x0880  adpu160m - ok
19:08:35.0671 0x0880  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:08:35.0687 0x0880  aec - ok
19:08:35.0703 0x0880  [ 30BB1BDE595CA65FD5549462080D94E5, 04BAFCC9445F82A2CAA9852F1B35ECBD18CDD6333E73F6861704E96D740A7C79 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:08:35.0718 0x0880  AegisP - ok
19:08:35.0750 0x0880  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:08:35.0765 0x0880  AFD - ok
19:08:35.0765 0x0880  Aha154x - ok
19:08:35.0765 0x0880  aic78u2 - ok
19:08:35.0781 0x0880  aic78xx - ok
19:08:35.0843 0x0880  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:08:35.0843 0x0880  Alerter - ok
19:08:35.0890 0x0880  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
19:08:35.0921 0x0880  ALG - ok
19:08:35.0921 0x0880  AliIde - ok
19:08:35.0937 0x0880  amsint - ok
19:08:35.0953 0x0880  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:08:35.0968 0x0880  AppMgmt - ok
19:08:35.0984 0x0880  asc - ok
19:08:35.0984 0x0880  asc3350p - ok
19:08:36.0000 0x0880  asc3550 - ok
19:08:36.0109 0x0880  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:08:36.0171 0x0880  aspnet_state - ok
19:08:36.0203 0x0880  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:08:36.0218 0x0880  AsyncMac - ok
19:08:36.0234 0x0880  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:08:36.0250 0x0880  atapi - ok
19:08:36.0250 0x0880  Atdisk - ok
19:08:36.0265 0x0880  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:08:36.0281 0x0880  Atmarpc - ok
19:08:36.0328 0x0880  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:08:36.0343 0x0880  AudioSrv - ok
19:08:36.0375 0x0880  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:08:36.0375 0x0880  audstub - ok
19:08:36.0390 0x0880  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:08:36.0406 0x0880  Beep - ok
19:08:36.0656 0x0880  [ A1C3A9D7993FF1F4775170AE04C7195B, 466288BCCDE52293E72B59A45DBDEC9D6AD0CE1015B4A0835A897FADA71A1017 ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20131203.001\BHDrvx86.sys
19:08:36.0734 0x0880  BHDrvx86 - ok
19:08:36.0796 0x0880  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:08:36.0921 0x0880  BITS - ok
19:08:36.0968 0x0880  [ 70CD6D71FC48BBBD1385D7B35AEADECC, B4F899D3072F4B6CAA9FFED8FD805EC8FB6B5BCF29875553FBBF3B90D3DAA4DF ] BMLoad          C:\WINDOWS\system32\drivers\BMLoad.sys
19:08:36.0984 0x0880  BMLoad - ok
19:08:37.0031 0x0880  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
19:08:37.0046 0x0880  Browser - ok
19:08:37.0093 0x0880  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:08:37.0109 0x0880  cbidf2k - ok
19:08:37.0109 0x0880  cd20xrnt - ok
19:08:37.0125 0x0880  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:08:37.0140 0x0880  Cdaudio - ok
19:08:37.0171 0x0880  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:08:37.0187 0x0880  Cdfs - ok
19:08:37.0218 0x0880  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:08:37.0218 0x0880  Cdrom - ok
19:08:37.0234 0x0880  Changer - ok
19:08:37.0281 0x0880  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:08:37.0281 0x0880  CiSvc - ok
19:08:37.0296 0x0880  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:08:37.0312 0x0880  ClipSrv - ok
19:08:37.0328 0x0880  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:08:37.0390 0x0880  clr_optimization_v2.0.50727_32 - ok
19:08:37.0390 0x0880  CmdIde - ok
19:08:37.0406 0x0880  COMSysApp - ok
19:08:37.0406 0x0880  Cpqarray - ok
19:08:37.0453 0x0880  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:08:37.0468 0x0880  CryptSvc - ok
19:08:37.0515 0x0880  CyberPatrol UpdateService - ok
19:08:37.0515 0x0880  dac2w2k - ok
19:08:37.0531 0x0880  dac960nt - ok
19:08:37.0578 0x0880  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:08:37.0593 0x0880  DcomLaunch - ok
19:08:37.0640 0x0880  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:08:37.0640 0x0880  Dhcp - ok
19:08:37.0671 0x0880  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:08:37.0687 0x0880  Disk - ok
19:08:37.0687 0x0880  dmadmin - ok
19:08:37.0734 0x0880  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:08:37.0781 0x0880  dmboot - ok
19:08:37.0796 0x0880  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:08:37.0812 0x0880  dmio - ok
19:08:37.0828 0x0880  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:08:37.0843 0x0880  dmload - ok
19:08:37.0906 0x0880  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:08:37.0921 0x0880  dmserver - ok
19:08:37.0937 0x0880  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:08:37.0937 0x0880  DMusic - ok
19:08:38.0000 0x0880  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:08:38.0015 0x0880  Dnscache - ok
19:08:38.0078 0x0880  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:08:38.0093 0x0880  Dot3svc - ok
19:08:38.0093 0x0880  dpti2o - ok
19:08:38.0109 0x0880  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:08:38.0109 0x0880  drmkaud - ok
19:08:38.0156 0x0880  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:08:38.0156 0x0880  EapHost - ok
19:08:38.0265 0x0880  [ 08EE8892FD19A6A951F40254E97F6EF3, 76F19B49DDC7B1CD7839BF0DF6A417F2DD756C924931F39291BC1D25A3C6077D ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:08:38.0296 0x0880  eeCtrl - ok
19:08:38.0328 0x0880  [ 050D136C61DBCF36C257206ADBBEC009, 0FD13A4B43534ABF84B637F0749AED30CAF8EB2A50C0ABE70B76608AEE925A30 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:08:38.0343 0x0880  EraserUtilRebootDrv - ok
19:08:38.0375 0x0880  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:08:38.0390 0x0880  ERSvc - ok
19:08:38.0453 0x0880  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
19:08:38.0468 0x0880  Eventlog - ok
19:08:38.0531 0x0880  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
19:08:38.0562 0x0880  EventSystem - ok
19:08:38.0593 0x0880  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7, 9AAF39AA22372FB8582C1422581C08E61444BF843E1CE2E199EB00FBEA6F9C06 ] ew_hwusbdev     C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
19:08:38.0609 0x0880  ew_hwusbdev - ok
19:08:38.0640 0x0880  [ E3B0CD18146F9D51A34969E9BC2458D2, 04CC273F1D7F533A2B9E9CC7EE52D9A0DFC47AEE279579BC8BC830937D2323E9 ] FANTOM          C:\WINDOWS\system32\DRIVERS\fantom.sys
19:08:38.0656 0x0880  FANTOM - ok
19:08:38.0687 0x0880  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:08:38.0703 0x0880  Fastfat - ok
19:08:38.0750 0x0880  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:08:38.0765 0x0880  FastUserSwitchingCompatibility - ok
19:08:38.0796 0x0880  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
19:08:38.0812 0x0880  Fdc - ok
19:08:38.0859 0x0880  [ F8946C6D013FC9E6DB03FBCF32294799, 276C55D9AB9D08E10D6750AC65DB044734BCC1F94073A9D232452457195FC380 ] filtertdidriver C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys
19:08:38.0859 0x0880  filtertdidriver - ok
19:08:38.0906 0x0880  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:08:38.0921 0x0880  Fips - ok
19:08:38.0921 0x0880  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:08:38.0937 0x0880  Flpydisk - ok
19:08:38.0984 0x0880  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:08:39.0000 0x0880  FltMgr - ok
19:08:39.0078 0x0880  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:08:39.0093 0x0880  FontCache3.0.0.0 - ok
19:08:39.0093 0x0880  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:08:39.0109 0x0880  Fs_Rec - ok
19:08:39.0125 0x0880  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:08:39.0140 0x0880  Ftdisk - ok
19:08:39.0187 0x0880  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:08:39.0187 0x0880  Gpc - ok
19:08:39.0312 0x0880  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
19:08:39.0328 0x0880  gupdate - ok
19:08:39.0343 0x0880  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
19:08:39.0343 0x0880  gupdatem - ok
19:08:39.0390 0x0880  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:08:39.0437 0x0880  gusvc - ok
19:08:39.0468 0x0880  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:08:39.0468 0x0880  HDAudBus - ok
19:08:39.0562 0x0880  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:08:39.0578 0x0880  helpsvc - ok
19:08:39.0578 0x0880  HidServ - ok
19:08:39.0625 0x0880  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:08:39.0625 0x0880  HidUsb - ok
19:08:39.0671 0x0880  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:08:39.0671 0x0880  hkmsvc - ok
19:08:39.0687 0x0880  hpn - ok
19:08:39.0734 0x0880  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:08:39.0734 0x0880  HTTP - ok
19:08:39.0750 0x0880  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:08:39.0750 0x0880  HTTPFilter - ok
19:08:39.0796 0x0880  [ 42A64382A0607B80C99C37170911B346, 54914F2C401824546E7F41F10A42FF242177740F5DE3F34EFC2B8F3E8F7C1480 ] huawei_cdcacm   C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys
19:08:39.0812 0x0880  huawei_cdcacm - ok
19:08:39.0859 0x0880  [ F44461E66F1B7DD267957FE9BAA63ED0, 5B51692F1670A43A8C1B9E2EECB4042AB04BA92AAA347405A61D3EA8C478BC5A ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
19:08:39.0875 0x0880  huawei_enumerator - ok
19:08:39.0921 0x0880  HWDeviceService.exe - ok
19:08:39.0921 0x0880  i2omgmt - ok
19:08:39.0937 0x0880  i2omp - ok
19:08:39.0953 0x0880  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:08:39.0968 0x0880  i8042prt - ok
19:08:40.0078 0x0880  [ 6FCB904910DA07C9DC2593D66438FA29, D826C75316735DB325FF74583A5C3FDF16E9790A4D438FB428A2F0841C29623D ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:08:40.0140 0x0880  ialm - ok
19:08:40.0265 0x0880  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:08:40.0312 0x0880  idsvc - ok
19:08:40.0406 0x0880  [ 8F7BDACD076832E8D37351C7B349A72B, 311FBB3C3C46DA03F2097DEFDC065F7C6549565CB490A218C79D1C54D022D29A ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20131227.001\IDSxpx86.sys
19:08:40.0437 0x0880  IDSxpx86 - ok
19:08:40.0468 0x0880  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:08:40.0484 0x0880  Imapi - ok
19:08:40.0531 0x0880  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:08:40.0546 0x0880  ImapiService - ok
19:08:40.0562 0x0880  ini910u - ok
19:08:40.0765 0x0880  [ A5D5B8C427F4B67580FB2B511291A89D, CA879A286A419343BD99E58DBAE58129D346CBFCF24A7A4565C2871343CB1831 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:08:41.0000 0x0880  IntcAzAudAddService - ok
19:08:41.0015 0x0880  IntelIde - ok
19:08:41.0062 0x0880  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:08:41.0062 0x0880  intelppm - ok
19:08:41.0093 0x0880  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
19:08:41.0109 0x0880  Ip6Fw - ok
19:08:41.0140 0x0880  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:08:41.0140 0x0880  IpFilterDriver - ok
19:08:41.0156 0x0880  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:08:41.0171 0x0880  IpInIp - ok
19:08:41.0203 0x0880  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:08:41.0203 0x0880  IpNat - ok
19:08:41.0218 0x0880  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:08:41.0234 0x0880  IPSec - ok
19:08:41.0250 0x0880  [ ACA5E7B54409F9CB5EED97ED0C81120E, 1E22F442EA77596F58D133F1A5887CDC4F3325DD0836D24A665E1D31287ABFF7 ] irda            C:\WINDOWS\system32\DRIVERS\irda.sys
19:08:41.0265 0x0880  irda - ok
19:08:41.0281 0x0880  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:08:41.0281 0x0880  IRENUM - ok
19:08:41.0343 0x0880  [ 49CC4533CE897CB2E93C1E84A818FDE5, F2AC81CDB971F630699616509748DCE133874EFC79B9D6230517B5A4DFBE193D ] Irmon           C:\WINDOWS\System32\irmon.dll
19:08:41.0343 0x0880  Irmon - ok
19:08:41.0390 0x0880  [ 0501F0B9AB08425F8C0EACBDCC04AA32, 7764734BCA35CFF4E60B9F05553DF7500F03CB6A5398826746705FD758AE4D0A ] irsir           C:\WINDOWS\system32\DRIVERS\irsir.sys
19:08:41.0390 0x0880  irsir - ok
19:08:41.0468 0x0880  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:08:41.0468 0x0880  isapnp - ok
19:08:41.0781 0x0880  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:08:41.0968 0x0880  JavaQuickStarterService - ok
19:08:41.0968 0x0880  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:08:42.0000 0x0880  Kbdclass - ok
19:08:42.0062 0x0880  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:08:42.0156 0x0880  kmixer - ok
19:08:42.0203 0x0880  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:08:42.0234 0x0880  KSecDD - ok
19:08:42.0296 0x0880  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:08:42.0312 0x0880  lanmanserver - ok
19:08:42.0421 0x0880  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:08:42.0531 0x0880  lanmanworkstation - ok
19:08:42.0531 0x0880  lbrtfdc - ok
19:08:42.0625 0x0880  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:08:42.0640 0x0880  LmHosts - ok
19:08:42.0859 0x0880  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:08:42.0906 0x0880  MDM - ok
19:08:42.0937 0x0880  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:08:42.0968 0x0880  Messenger - ok
19:08:43.0015 0x0880  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:08:43.0046 0x0880  mnmdd - ok
19:08:43.0156 0x0880  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:08:43.0187 0x0880  mnmsrvc - ok
19:08:43.0312 0x0880  [ 5A78BB029FD8414381FF1315F1E46947, 24EC386E9DD1150F705C6BFB02886E6EC6DB97359236DB998F34FFE1F61B4547 ] Mobile Broadband HL Service C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe
19:08:43.0437 0x0880  Mobile Broadband HL Service - ok
19:08:43.0531 0x0880  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:08:43.0562 0x0880  Modem - ok
19:08:43.0578 0x0880  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:08:43.0593 0x0880  Mouclass - ok
19:08:43.0640 0x0880  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:08:43.0640 0x0880  mouhid - ok
19:08:43.0687 0x0880  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:08:43.0718 0x0880  MountMgr - ok
19:08:43.0796 0x0880  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:08:43.0843 0x0880  MozillaMaintenance - ok
19:08:43.0843 0x0880  mraid35x - ok
19:08:43.0875 0x0880  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:08:43.0890 0x0880  MRxDAV - ok
19:08:43.0968 0x0880  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:08:44.0031 0x0880  MRxSmb - ok
19:08:44.0125 0x0880  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
19:08:44.0156 0x0880  MSDTC - ok
19:08:44.0156 0x0880  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:08:44.0171 0x0880  Msfs - ok
19:08:44.0171 0x0880  MSIServer - ok
19:08:44.0328 0x0880  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:08:44.0328 0x0880  MSKSSRV - ok
19:08:44.0343 0x0880  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:08:44.0343 0x0880  MSPCLOCK - ok
19:08:44.0359 0x0880  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:08:44.0390 0x0880  MSPQM - ok
19:08:44.0453 0x0880  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:08:44.0453 0x0880  mssmbios - ok
19:08:44.0500 0x0880  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:08:44.0515 0x0880  Mup - ok
19:08:44.0671 0x0880  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:08:44.0703 0x0880  napagent - ok
19:08:44.0828 0x0880  [ E78A365CC3E0FBFC018A33DCE01909F8, 0A414BDD8F8FB4BA493B8FBE9EB63377D9BB0A6800C55B2E3500913CF0F96AC6 ] NAV             C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
19:08:44.0875 0x0880  NAV - ok
19:08:45.0078 0x0880  [ 81E928EE3751FAF725C87CC17726C05D, 8AB84270DCB35F239B00FA4B9AC90E9520967B8188085D897F28E994CBF911FB ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20131229.021\NAVENG.SYS
19:08:45.0093 0x0880  NAVENG - ok
19:08:45.0500 0x0880  [ E0C39FA6C76AE8ED53ABF043F35ECDFF, CD2F87D3CB64F3362508D1855B24F40F1C44CF4132E3626971CCF4E7C49E61D6 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20131229.021\NAVEX15.SYS
19:08:45.0562 0x0880  NAVEX15 - ok
19:08:45.0609 0x0880  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:08:45.0625 0x0880  NDIS - ok
19:08:45.0687 0x0880  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:08:45.0687 0x0880  NdisTapi - ok
19:08:45.0703 0x0880  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:08:45.0703 0x0880  Ndisuio - ok
19:08:45.0718 0x0880  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:08:45.0734 0x0880  NdisWan - ok
19:08:45.0796 0x0880  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:08:45.0796 0x0880  NDProxy - ok
19:08:45.0812 0x0880  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:08:45.0828 0x0880  NetBIOS - ok
19:08:45.0843 0x0880  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:08:45.0859 0x0880  NetBT - ok
19:08:45.0906 0x0880  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:08:45.0921 0x0880  NetDDE - ok
19:08:45.0937 0x0880  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:08:45.0937 0x0880  NetDDEdsdm - ok
19:08:45.0984 0x0880  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:08:45.0984 0x0880  Netlogon - ok
19:08:46.0000 0x0880  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
19:08:46.0031 0x0880  Netman - ok
19:08:46.0078 0x0880  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:46.0109 0x0880  NetTcpPortSharing - ok
19:08:46.0156 0x0880  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:08:46.0171 0x0880  Nla - ok
19:08:46.0218 0x0880  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:08:46.0218 0x0880  Npfs - ok
19:08:46.0281 0x0880  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:08:46.0312 0x0880  Ntfs - ok
19:08:46.0343 0x0880  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
19:08:46.0343 0x0880  NtLmSsp - ok
19:08:46.0406 0x0880  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:08:46.0437 0x0880  NtmsSvc - ok
19:08:46.0468 0x0880  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:08:46.0468 0x0880  Null - ok
19:08:46.0515 0x0880  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:08:46.0515 0x0880  NwlnkFlt - ok
19:08:46.0531 0x0880  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:08:46.0546 0x0880  NwlnkFwd - ok
19:08:46.0578 0x0880  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:08:46.0593 0x0880  ose - ok
19:08:46.0640 0x0880  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
19:08:46.0656 0x0880  Parport - ok
19:08:46.0671 0x0880  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:08:46.0687 0x0880  PartMgr - ok
19:08:46.0734 0x0880  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:08:46.0750 0x0880  ParVdm - ok
19:08:46.0750 0x0880  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:08:46.0765 0x0880  PCI - ok
19:08:46.0765 0x0880  PCIDump - ok
19:08:46.0796 0x0880  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:08:46.0812 0x0880  PCIIde - ok
19:08:46.0843 0x0880  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:08:46.0859 0x0880  Pcmcia - ok
19:08:46.0859 0x0880  PDCOMP - ok
19:08:46.0875 0x0880  PDFRAME - ok
19:08:46.0875 0x0880  PDRELI - ok
19:08:46.0875 0x0880  PDRFRAME - ok
19:08:46.0890 0x0880  perc2 - ok
19:08:46.0890 0x0880  perc2hib - ok
19:08:46.0921 0x0880  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
19:08:46.0921 0x0880  PlugPlay - ok
19:08:46.0937 0x0880  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:08:46.0937 0x0880  PolicyAgent - ok
19:08:47.0000 0x0880  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:08:47.0000 0x0880  PptpMiniport - ok
19:08:47.0015 0x0880  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:08:47.0015 0x0880  ProtectedStorage - ok
19:08:47.0015 0x0880  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:08:47.0031 0x0880  PSched - ok
19:08:47.0062 0x0880  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:08:47.0078 0x0880  Ptilink - ok
19:08:47.0078 0x0880  ql1080 - ok
19:08:47.0078 0x0880  Ql10wnt - ok
19:08:47.0093 0x0880  ql12160 - ok
19:08:47.0093 0x0880  ql1240 - ok
19:08:47.0093 0x0880  ql1280 - ok
19:08:47.0109 0x0880  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:08:47.0125 0x0880  RasAcd - ok
19:08:47.0171 0x0880  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:08:47.0187 0x0880  RasAuto - ok
19:08:47.0250 0x0880  [ 0207D26DDF796A193CCD9F83047BB5FC, 13613036BCB869FBD7229A0FE25D324710308385D8C35E5D990A40E52BE040DF ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
19:08:47.0265 0x0880  Rasirda - ok
19:08:47.0265 0x0880  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:08:47.0281 0x0880  Rasl2tp - ok
19:08:47.0343 0x0880  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:08:47.0359 0x0880  RasMan - ok
19:08:47.0375 0x0880  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:08:47.0390 0x0880  RasPppoe - ok
19:08:47.0390 0x0880  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:08:47.0406 0x0880  Raspti - ok
19:08:47.0437 0x0880  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:08:47.0453 0x0880  Rdbss - ok
19:08:47.0468 0x0880  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:08:47.0484 0x0880  RDPCDD - ok
19:08:47.0500 0x0880  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:08:47.0515 0x0880  rdpdr - ok
19:08:47.0562 0x0880  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:08:47.0578 0x0880  RDPWD - ok
19:08:47.0593 0x0880  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:08:47.0625 0x0880  RDSessMgr - ok
19:08:47.0671 0x0880  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:08:47.0687 0x0880  redbook - ok
19:08:47.0734 0x0880  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:08:47.0734 0x0880  RemoteAccess - ok
19:08:47.0781 0x0880  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:08:47.0796 0x0880  RemoteRegistry - ok
19:08:47.0828 0x0880  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:08:47.0843 0x0880  RpcLocator - ok
19:08:47.0890 0x0880  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
19:08:47.0890 0x0880  RpcSs - ok
19:08:47.0937 0x0880  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:08:47.0953 0x0880  RSVP - ok
19:08:48.0000 0x0880  [ 7F0413BDD7D53EB4C7A371E7F6F84DF1, 41F9E4EC1204183C4D820AB1B764CC416ECF896BAAFA61DB8EB970BEE1BFEF18 ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
19:08:48.0015 0x0880  RTL8023xp - ok
19:08:48.0046 0x0880  [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:08:48.0062 0x0880  rtl8139 - ok
19:08:48.0078 0x0880  [ 463B8AC0130ADF01A85DAEBF646B3DB3, 7CD0DF4EF275F9B3311B8C3294D869E647D46F4873B0F79EDBAD056C08126FE0 ] RTLWUSB         C:\WINDOWS\system32\DRIVERS\wg111v2.sys
19:08:48.0109 0x0880  RTLWUSB - ok
19:08:48.0140 0x0880  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:08:48.0140 0x0880  SamSs - ok
19:08:48.0171 0x0880  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:08:48.0187 0x0880  SCardSvr - ok
19:08:48.0265 0x0880  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:08:48.0281 0x0880  Schedule - ok
19:08:48.0328 0x0880  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:08:48.0343 0x0880  Secdrv - ok
19:08:48.0375 0x0880  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:08:48.0390 0x0880  seclogon - ok
19:08:48.0390 0x0880  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
19:08:48.0406 0x0880  SENS - ok
19:08:48.0468 0x0880  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
19:08:48.0484 0x0880  serenum - ok
19:08:48.0484 0x0880  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
19:08:48.0500 0x0880  Serial - ok
19:08:48.0531 0x0880  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:08:48.0531 0x0880  Sfloppy - ok
19:08:48.0609 0x0880  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:08:48.0640 0x0880  SharedAccess - ok
19:08:48.0671 0x0880  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:08:48.0671 0x0880  ShellHWDetection - ok
19:08:48.0687 0x0880  Simbad - ok
19:08:48.0687 0x0880  Sparrow - ok
19:08:48.0687 0x0880  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:08:48.0703 0x0880  splitter - ok
19:08:48.0750 0x0880  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:08:48.0765 0x0880  Spooler - ok
19:08:48.0781 0x0880  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:08:48.0796 0x0880  sr - ok
19:08:48.0859 0x0880  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:08:48.0875 0x0880  srservice - ok
19:08:49.0000 0x0880  [ 83726CF02ECED69138948083E06B6EAC, 30E3A3F1D0EC941585657F180F8C4E9DD3A531410E2A8FCC4D89C7D0F87F6D25 ] SRTSP           C:\WINDOWS\System32\Drivers\NAV\1207010.003\SRTSP.SYS
19:08:49.0093 0x0880  SRTSP - ok
19:08:49.0093 0x0880  [ 4E7EAB2E5615D39CF1F1DF9C71E5E225, 18EE7D8AB8A04C1BF9C8A011D086E442EF1BB2272C2272638A2223289803B4BD ] SRTSPX          C:\WINDOWS\system32\drivers\NAV\1207010.003\SRTSPX.SYS
19:08:49.0109 0x0880  SRTSPX - ok
19:08:49.0171 0x0880  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:08:49.0203 0x0880  Srv - ok
19:08:49.0234 0x0880  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:08:49.0250 0x0880  SSDPSRV - ok
19:08:49.0296 0x0880  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:08:49.0328 0x0880  stisvc - ok
19:08:49.0375 0x0880  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:08:49.0406 0x0880  swenum - ok
19:08:49.0437 0x0880  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:08:49.0453 0x0880  swmidi - ok
19:08:49.0453 0x0880  SwPrv - ok
19:08:49.0468 0x0880  symc810 - ok
19:08:49.0468 0x0880  symc8xx - ok
19:08:49.0546 0x0880  [ 9BBEB8C6258E72D62E7560E6667AAD39, 23B90D925465FE7AF22D685FFEC3A51D438AE545DC3EC8AEF5F528379937F53D ] SymDS           C:\WINDOWS\system32\drivers\NAV\1207010.003\SYMDS.SYS
19:08:49.0593 0x0880  SymDS - ok
19:08:49.0640 0x0880  [ D5C02629C02A820A7E71BCA3D44294A3, 8E2200284ACB55576DB263655596E5CED32CDEDDFF604595128E05430D932CC2 ] SymEFA          C:\WINDOWS\system32\drivers\NAV\1207010.003\SYMEFA.SYS
19:08:49.0687 0x0880  SymEFA - ok
19:08:49.0750 0x0880  [ AB33C3B196197CA467CBDDA717860DBA, B4A0AE96AB2BFB5309B035651E2BCE4BE339FE58CC282124BF625313714D97EB ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:08:49.0765 0x0880  SymEvent - ok
19:08:49.0796 0x0880  [ A73399804D5D4A8B20BA60FCF70C9F1F, 1697B961FBAFA9EE9D0AE52229342A619404AB5C390D6E3CA12E4966C822E19E ] SymIRON         C:\WINDOWS\system32\drivers\NAV\1207010.003\Ironx86.SYS
19:08:49.0812 0x0880  SymIRON - ok
19:08:49.0843 0x0880  [ 336CACE58F0359D5CBB1AE6B8A2FB205, 219B021EBFBE02E6B56D406C10AEB76CC9812860CBAE9334948A89399068207E ] SYMTDI          C:\WINDOWS\System32\Drivers\NAV\1207010.003\SYMTDI.SYS
19:08:49.0859 0x0880  SYMTDI - ok
19:08:49.0875 0x0880  sym_hi - ok
19:08:49.0875 0x0880  sym_u3 - ok
19:08:49.0890 0x0880  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:08:49.0906 0x0880  sysaudio - ok
19:08:49.0953 0x0880  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:08:49.0968 0x0880  SysmonLog - ok
19:08:50.0000 0x0880  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:08:50.0031 0x0880  TapiSrv - ok
19:08:50.0093 0x0880  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:08:50.0125 0x0880  Tcpip - ok
19:08:50.0125 0x0880  [ 74905EBCBB8CBDB1F3C0B1778BBCB4BC, D869FDFD98B9C972933FB6B7C521BB6181A47698D27D53CBEF329EE26C12F1BA ] tcpipBM         C:\WINDOWS\system32\drivers\tcpipBM.sys
19:08:50.0140 0x0880  tcpipBM - ok
19:08:50.0187 0x0880  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:08:50.0203 0x0880  TDPIPE - ok
19:08:50.0250 0x0880  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:08:50.0250 0x0880  TDTCP - ok
19:08:50.0296 0x0880  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:08:50.0296 0x0880  TermDD - ok
19:08:50.0375 0x0880  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:08:50.0406 0x0880  TermService - ok
19:08:50.0421 0x0880  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:08:50.0437 0x0880  Themes - ok
19:08:50.0468 0x0880  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
19:08:50.0484 0x0880  TlntSvr - ok
19:08:50.0500 0x0880  TosIde - ok
19:08:50.0546 0x0880  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:08:50.0562 0x0880  TrkWks - ok
19:08:50.0593 0x0880  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:08:50.0609 0x0880  Udfs - ok
19:08:50.0609 0x0880  ultra - ok
19:08:50.0671 0x0880  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:08:50.0703 0x0880  Update - ok
19:08:50.0734 0x0880  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:08:50.0750 0x0880  upnphost - ok
19:08:50.0765 0x0880  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
19:08:50.0781 0x0880  UPS - ok
19:08:50.0812 0x0880  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:08:50.0828 0x0880  usbccgp - ok
19:08:50.0875 0x0880  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:08:50.0875 0x0880  usbehci - ok
19:08:50.0953 0x0880  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:08:50.0953 0x0880  usbhub - ok
19:08:50.0984 0x0880  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:08:51.0000 0x0880  usbprint - ok
19:08:51.0015 0x0880  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:08:51.0015 0x0880  USBSTOR - ok
19:08:51.0062 0x0880  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:08:51.0062 0x0880  usbuhci - ok
19:08:51.0125 0x0880  [ B4D7B7AD8A9F7C063C5CC3E2C1A0724E, CFA47A71403419CA7C94333B4F7766DFC97C5DCDBC3AD1B106044B93C979A5C5 ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
19:08:51.0125 0x0880  usb_rndisx - ok
19:08:51.0140 0x0880  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:08:51.0140 0x0880  VgaSave - ok
19:08:51.0156 0x0880  ViaIde - ok
19:08:51.0171 0x0880  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:08:51.0187 0x0880  VolSnap - ok
19:08:51.0250 0x0880  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
19:08:51.0265 0x0880  VSS - ok
19:08:51.0312 0x0880  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
19:08:51.0343 0x0880  W32Time - ok
19:08:51.0375 0x0880  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:08:51.0390 0x0880  Wanarp - ok
19:08:51.0468 0x0880  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
19:08:51.0500 0x0880  Wdf01000 - ok
19:08:51.0515 0x0880  WDICA - ok
19:08:51.0531 0x0880  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:08:51.0546 0x0880  wdmaud - ok
19:08:51.0546 0x0880  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:08:51.0562 0x0880  WebClient - ok
19:08:51.0671 0x0880  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:08:51.0687 0x0880  winmgmt - ok
19:08:51.0734 0x0880  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:08:51.0750 0x0880  WmdmPmSN - ok
19:08:51.0828 0x0880  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:08:51.0843 0x0880  Wmi - ok
19:08:51.0875 0x0880  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:08:51.0890 0x0880  WmiApSrv - ok
19:08:51.0984 0x0880  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
19:08:52.0062 0x0880  WMPNetworkSvc - ok
19:08:52.0093 0x0880  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:08:52.0093 0x0880  WS2IFSL - ok
19:08:52.0140 0x0880  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
19:08:52.0156 0x0880  wscsvc - ok
19:08:52.0187 0x0880  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:08:52.0218 0x0880  wuauserv - ok
19:08:52.0250 0x0880  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:08:52.0265 0x0880  WudfPf - ok
19:08:52.0296 0x0880  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:08:52.0312 0x0880  WudfRd - ok
19:08:52.0375 0x0880  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
19:08:52.0375 0x0880  WudfSvc - ok
19:08:52.0437 0x0880  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:08:52.0484 0x0880  WZCSVC - ok
19:08:52.0515 0x0880  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:08:52.0531 0x0880  xmlprov - ok
19:08:52.0546 0x0880  ================ Scan global ===============================
19:08:52.0578 0x0880  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
19:08:52.0640 0x0880  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
19:08:52.0703 0x0880  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
19:08:52.0718 0x0880  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
19:08:52.0734 0x0880  [ Global ] - ok
19:08:52.0734 0x0880  ================ Scan MBR ==================================
19:08:52.0765 0x0880  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:08:52.0921 0x0880  \Device\Harddisk0\DR0 - ok
19:08:52.0921 0x0880  ================ Scan VBR ==================================
19:08:52.0921 0x0880  [ F4D9034F1E08549A7E8854E27DD79552 ] \Device\Harddisk0\DR0\Partition1
19:08:52.0921 0x0880  \Device\Harddisk0\DR0\Partition1 - ok
19:08:52.0921 0x0880  Waiting for KSN requests completion. In queue: 156
19:08:53.0921 0x0880  Waiting for KSN requests completion. In queue: 156
19:08:54.0921 0x0880  Waiting for KSN requests completion. In queue: 156
19:08:55.0921 0x0880  Waiting for KSN requests completion. In queue: 156
19:08:56.0921 0x0880  Waiting for KSN requests completion. In queue: 156
19:08:57.0921 0x0880  Waiting for KSN requests completion. In queue: 156
19:08:59.0078 0x0880  AV detected via SS1: Norton AntiVirus, 18.7.1.3, enabled, updated
19:08:59.0093 0x0880  Win FW state via NFM: enabled
19:09:01.0625 0x0880  ============================================================
19:09:01.0625 0x0880  Scan finished
19:09:01.0625 0x0880  ============================================================
19:09:01.0625 0x0768  Detected object count: 0
19:09:01.0625 0x0768  Actual detected object count: 0
 
 
 
 
 
then adw cleaner log
 

# AdwCleaner v3.016 - Report created 30/12/2013 at 19:16:05
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - personal info removed
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\aapoq783.default-1370116933015\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3369 octets] - [01/12/2013 00:58:44]
AdwCleaner[R1].txt - [2992 octets] - [02/12/2013 18:23:44]
AdwCleaner[R2].txt - [3052 octets] - [02/12/2013 18:33:32]
AdwCleaner[R3].txt - [1326 octets] - [30/12/2013 19:13:45]
AdwCleaner[S0].txt - [3542 octets] - [01/12/2013 01:08:18]
AdwCleaner[S1].txt - [3141 octets] - [02/12/2013 18:34:31]
AdwCleaner[S2].txt - [1247 octets] - [30/12/2013 19:16:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1307 octets] ##########
 
 
 
 
jrt log
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 30/12/2013 at 19:20:18.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/12/2013 at 19:25:33.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
eset did NOT produce a log but gave the message
 
"scan results, step 4 out of 4
no threats found
scanned files 60254
infected files 0
cleaned files 0
total scan time 02:13:25
scan status finished"
 
 
 
do these logs confirm if the suspect files are an infection or not??
thank you
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:00 PM

Posted 30 December 2013 - 05:12 PM

Ok, I checked your logs and info on the files and yours look goo. You are OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 rp88

rp88
  • Topic Starter

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:00 AM

Posted 30 December 2013 - 05:13 PM

that was nice and quick. thanks. so you can now be sure i'm not infected, what were those files then?

thanks.


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#15 rp88

rp88
  • Topic Starter

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:00 AM

Posted 30 December 2013 - 06:45 PM

so  can you now be sure i'm not infected, what were those files then?

thanks


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users