Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another machine with Kryptik.t


  • This topic is locked This topic is locked
10 replies to this topic

#1 Ktze Hut

Ktze Hut

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 08 January 2014 - 04:52 AM

Hi,

 

Following cleanup of my laptop with Broni:

 

http://www.bleepingcomputer.com/forums/t/519479/my-computers-infected-with-kryptik/

 

I would like to clean up another of my machines which may be infected.

 

Thanks,

Ktze

 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:44 PM

Posted 08 January 2014 - 10:59 AM

Hi ktze, let's do these ....

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    .
    .
    .
    .
    • Last run ESET.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Ktze Hut

Ktze Hut
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 08 January 2014 - 01:10 PM

Hi boopme, thanks for your help!

 

Attached are the logs:

 

MiniToolBox:

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by limud (administrator) on 08-01-2014 at 19:23:52
Running from "C:\Documents and Settings\limud\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection 2 (Media disconnected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection 2"
 
set address name="Local Area Connection 2" source=dhcp 
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : limud-bce1509c0
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Broadcast
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection 2:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
 
        Physical Address. . . . . . . . . : 94-DE-80-16-0D-84
 
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
 
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...94 de 80 16 0d 84 ...... Realtek PCIe GBE Family Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
  255.255.255.255  255.255.255.255  255.255.255.255               2  1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/15/2013 08:41:50 PM) (Source: ESENT) (User: )
Description: wuauclt (1968) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1022.
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT) (User: )
Description: wuauclt (1968) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" for read / write access failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The open file operation will fail with error -1022 (0xfffffc02).
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT) (User: )
Description: wuauclt (1968) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The delete file operation will fail with error -1022 (0xfffffc02).
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT) (User: )
Description: wuauclt (1968) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The delete file operation will fail with error -1022 (0xfffffc02).
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT) (User: )
Description: wuauclt (1968) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The delete file operation will fail with error -1022 (0xfffffc02).
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT) (User: )
Description: wuauclt (1968) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The delete file operation will fail with error -1022 (0xfffffc02).
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT) (User: )
Description: wuauclt (1968) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The delete file operation will fail with error -1022 (0xfffffc02).
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT) (User: )
Description: wuauclt (1968) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The delete file operation will fail with error -1022 (0xfffffc02).
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT) (User: )
Description: wuauclt (1968) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The delete file operation will fail with error -1022 (0xfffffc02).
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT) (User: )
Description: wuauclt (1968) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The delete file operation will fail with error -1022 (0xfffffc02).
 
 
System errors:
=============
Error: (01/08/2014 07:17:16 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.
 
Error: (01/08/2014 07:17:12 PM) (Source: 0) (User: )
Description: E:
 
Error: (01/08/2014 07:17:12 PM) (Source: 0) (User: )
Description: E:
 
Error: (01/08/2014 07:16:59 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2
 
Error: (01/08/2014 07:16:46 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147500037 (0x80004005).
 
Error: (01/08/2014 07:16:46 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2
 
Error: (01/06/2014 06:03:35 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.
 
Error: (01/06/2014 06:03:31 AM) (Source: 0) (User: )
Description: E:
 
Error: (01/06/2014 06:03:31 AM) (Source: 0) (User: )
Description: E:
 
Error: (01/06/2014 06:03:23 AM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (10/15/2013 08:41:50 PM) (Source: ESENT)(User: )
Description: wuauclt1968C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT)(User: )
Description: wuauclt1968C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT)(User: )
Description: wuauclt1968C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT)(User: )
Description: wuauclt1968C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT)(User: )
Description: wuauclt1968C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT)(User: )
Description: wuauclt1968C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT)(User: )
Description: wuauclt1968C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT)(User: )
Description: wuauclt1968C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT)(User: )
Description: wuauclt1968C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (10/15/2013 08:41:50 PM) (Source: ESENT)(User: )
Description: wuauclt1968C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
 
=========================== Installed Programs ============================
 
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Audition 1.5 (Version: 1.5)
Adobe Reader 9 (Version: 9.0.0)
Advertising Center (Version: 0.0.0.2)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.46)
avast! Free Antivirus (Version: 9.0.2011)
ImagXpress (Version: 7.0.74.0)
Intel® Processor Graphics (Version: 6.14.10.5337)
Menu Templates - Starter Kit (Version: 9.4.6.0)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.12.100)
Nero CoverDesigner Help (Version: 4.4.9.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.4.26.100)
Nero InfoTool (Version: 6.4.12.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero Rescue Agent (Version: 2.4.14.100)
Nero RescueAgent Help (Version: 2.4.4.100)
Nero StartSmart (Version: 9.4.19.100)
Nero StartSmart Help (Version: 9.4.19.100)
NeroExpress (Version: 9.4.26.100)
neroxml (Version: 1.0.0)
Platform (Version: 1.36)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.35.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.6307)
Samsung SCX-4x28 Series
Super-Charger
VIA Platform Device Manager (Version: 1.36)
VLC media player 2.0.1 (Version: 2.0.1)
WebFldrs XP (Version: 9.50.7523)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 11%
Total physical RAM: 3483.08 MB
Available physical RAM: 3071.15 MB
Total Pagefile: 5366.08 MB
Available Pagefile: 5109.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1982.09 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:78.13 GB) (Free:69.58 GB) NTFS
3 Drive e: (New Volume) (Fixed) (Total:387.62 GB) (Free:117.25 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\LIMUD-BCE1509C0
 
Administrator            Guest                    HelpAssistant            
limud                    SUPPORT_388945a0         
 
 
**** End of log ****
 
TDSSKiller:
 
19:25:04.0109 0x00f0  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
19:25:16.0375 0x00f0  ============================================================
19:25:16.0375 0x00f0  Current date / time: 2014/01/08 19:25:16.0375
19:25:16.0375 0x00f0  SystemInfo:
19:25:16.0375 0x00f0  
19:25:16.0375 0x00f0  OS Version: 5.1.2600 ServicePack: 3.0
19:25:16.0375 0x00f0  Product type: Workstation
19:25:16.0375 0x00f0  ComputerName: LIMUD-BCE1509C0
19:25:16.0375 0x00f0  UserName: limud
19:25:16.0375 0x00f0  Windows directory: C:\WINDOWS
19:25:16.0375 0x00f0  System windows directory: C:\WINDOWS
19:25:16.0375 0x00f0  Processor architecture: Intel x86
19:25:16.0375 0x00f0  Number of processors: 4
19:25:16.0375 0x00f0  Page size: 0x1000
19:25:16.0375 0x00f0  Boot type: Normal boot
19:25:16.0375 0x00f0  ============================================================
19:25:17.0671 0x00f0  KLMD registered as C:\WINDOWS\system32\drivers\51229021.sys
19:25:18.0031 0x00f0  System UUID: {1A89BB6C-08A1-9135-F8F2-CA75EE24622A}
19:25:18.0421 0x00f0  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:25:18.0421 0x00f0  ============================================================
19:25:18.0421 0x00f0  \Device\Harddisk0\DR0:
19:25:18.0421 0x00f0  MBR partitions:
19:25:18.0421 0x00f0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
19:25:18.0453 0x00f0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x3073F22A
19:25:18.0453 0x00f0  ============================================================
19:25:18.0484 0x00f0  C: <-> \Device\Harddisk0\DR0\Partition1
19:25:18.0515 0x00f0  E: <-> \Device\Harddisk0\DR0\Partition2
19:25:18.0515 0x00f0  ============================================================
19:25:18.0515 0x00f0  Initialize success
19:25:18.0515 0x00f0  ============================================================
19:25:25.0031 0x0214  ============================================================
19:25:25.0031 0x0214  Scan started
19:25:25.0031 0x0214  Mode: Manual; 
19:25:25.0031 0x0214  ============================================================
19:25:25.0031 0x0214  KSN ping started
19:25:25.0062 0x0214  KSN ping finished: false
19:25:25.0187 0x0214  ================ Scan system memory ========================
19:25:25.0187 0x0214  System memory - ok
19:25:25.0187 0x0214  ================ Scan services =============================
19:25:25.0484 0x0214  Abiosdsk - ok
19:25:25.0484 0x0214  abp480n5 - ok
19:25:25.0515 0x0214  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:25:25.0515 0x0214  ACPI - ok
19:25:25.0562 0x0214  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
19:25:25.0562 0x0214  ACPIEC - ok
19:25:25.0562 0x0214  adpu160m - ok
19:25:25.0593 0x0214  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:25:25.0593 0x0214  aec - ok
19:25:25.0609 0x0214  [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:25:25.0609 0x0214  AFD - ok
19:25:25.0609 0x0214  Aha154x - ok
19:25:25.0625 0x0214  aic78u2 - ok
19:25:25.0625 0x0214  aic78xx - ok
19:25:25.0640 0x0214  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:25:25.0640 0x0214  Alerter - ok
19:25:25.0656 0x0214  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
19:25:25.0656 0x0214  ALG - ok
19:25:25.0656 0x0214  AliIde - ok
19:25:25.0718 0x0214  [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
19:25:25.0765 0x0214  Ambfilt - ok
19:25:25.0765 0x0214  amsint - ok
19:25:25.0796 0x0214  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:25:25.0796 0x0214  AppMgmt - ok
19:25:25.0796 0x0214  asc - ok
19:25:25.0812 0x0214  asc3350p - ok
19:25:25.0812 0x0214  asc3550 - ok
19:25:25.0859 0x0214  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:25:25.0875 0x0214  aspnet_state - ok
19:25:25.0890 0x0214  [ 6F1505608202BBD179095A6A150D103F, 0102548296B89A7036B55D13BE54A44F11C4C98E9B8F8E02C58138D47AF5951E ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
19:25:25.0906 0x0214  aswMonFlt - ok
19:25:25.0906 0x0214  [ B269C41DF93EFF71DF0986BD982D1C46, 78EBDA9D17B0003694748F2BBDFFD31AA02011E5ECAC781B0E62B3F8EC2A02F7 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
19:25:25.0906 0x0214  aswRdr - ok
19:25:25.0921 0x0214  [ F385467DF95D0A73775CB3B076B8B969, D427A5F4FB4D1DAB04AFC29E7EC510844F907ABBA053538995E65747BAD37422 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
19:25:25.0921 0x0214  aswRvrt - ok
19:25:25.0953 0x0214  [ 0F639D0526820BA7872C963813E0EB8D, 2F0B04F09531AF34AF9B9C9746494D963EA58DEF96AB9FDDD86CF31EDB9E19CD ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
19:25:25.0953 0x0214  aswSnx - ok
19:25:25.0968 0x0214  [ 7BA7543EA7936A7ADA615F6DE7C95494, E28EF95A2C05A8303AF8464CCD664821B4B0441D9E30A98BACB53D4C3EE771CE ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
19:25:25.0968 0x0214  aswSP - ok
19:25:26.0000 0x0214  [ 875D2B1054F2ECD8F575D6CBE78DD7BA, D5F9C1F3A5FB248741AEE3764C44A1261358174D77DD2836917D1A97BFCF0146 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
19:25:26.0000 0x0214  aswTdi - ok
19:25:26.0000 0x0214  [ 1B0662514A68C3A42E60D240C5ABEF28, 71301759C135895C72CAED297A669BA58B3F73E0B7E46DB981F6559D5D5E2B89 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
19:25:26.0000 0x0214  aswVmm - ok
19:25:26.0015 0x0214  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:25:26.0015 0x0214  AsyncMac - ok
19:25:26.0031 0x0214  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:25:26.0031 0x0214  atapi - ok
19:25:26.0031 0x0214  Atdisk - ok
19:25:26.0046 0x0214  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:25:26.0046 0x0214  Atmarpc - ok
19:25:26.0062 0x0214  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:25:26.0062 0x0214  AudioSrv - ok
19:25:26.0093 0x0214  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:25:26.0093 0x0214  audstub - ok
19:25:26.0203 0x0214  [ D74884939D53612FD84AC82C59CCFE27, 07BFB34A3748E018C0A674A6253A03FFA522B31AE1942E84B3CC4DDDED9C16A9 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:25:26.0203 0x0214  avast! Antivirus - ok
19:25:26.0234 0x0214  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:25:26.0234 0x0214  Beep - ok
19:25:26.0265 0x0214  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:25:26.0343 0x0214  BITS - ok
19:25:26.0359 0x0214  [ A06CE3399D16DB864F55FAEB1F1927A9, 3430FA8552D91670D9FB0A921C735ADBE2DA7FF108C199DDEEF2FB2E50713AF3 ] Browser         C:\WINDOWS\System32\browser.dll
19:25:26.0375 0x0214  Browser - ok
19:25:26.0390 0x0214  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:25:26.0390 0x0214  cbidf2k - ok
19:25:26.0390 0x0214  cd20xrnt - ok
19:25:26.0390 0x0214  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:25:26.0390 0x0214  Cdaudio - ok
19:25:26.0406 0x0214  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:25:26.0406 0x0214  Cdfs - ok
19:25:26.0421 0x0214  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:25:26.0421 0x0214  Cdrom - ok
19:25:26.0421 0x0214  Changer - ok
19:25:26.0437 0x0214  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:25:26.0453 0x0214  CiSvc - ok
19:25:26.0453 0x0214  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:25:26.0453 0x0214  ClipSrv - ok
19:25:26.0468 0x0214  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:25:26.0484 0x0214  clr_optimization_v2.0.50727_32 - ok
19:25:26.0484 0x0214  CmdIde - ok
19:25:26.0484 0x0214  COMSysApp - ok
19:25:26.0500 0x0214  Cpqarray - ok
19:25:26.0500 0x0214  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:25:26.0515 0x0214  CryptSvc - ok
19:25:26.0515 0x0214  dac2w2k - ok
19:25:26.0515 0x0214  dac960nt - ok
19:25:26.0546 0x0214  [ 2589FE6015A316C0F5D5112B4DA7B509, 2753785BA07A1A7A25E275332F5F9F403F6E8CBF396FD0905D6BA84B98C403A6 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:25:26.0546 0x0214  DcomLaunch - ok
19:25:26.0546 0x0214  DgiVecp - ok
19:25:26.0562 0x0214  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:25:26.0578 0x0214  Dhcp - ok
19:25:26.0578 0x0214  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:25:26.0578 0x0214  Disk - ok
19:25:26.0593 0x0214  dmadmin - ok
19:25:26.0609 0x0214  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:25:26.0625 0x0214  dmboot - ok
19:25:26.0640 0x0214  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:25:26.0640 0x0214  dmio - ok
19:25:26.0687 0x0214  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:25:26.0687 0x0214  dmload - ok
19:25:26.0687 0x0214  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:25:26.0687 0x0214  dmserver - ok
19:25:26.0718 0x0214  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:25:26.0718 0x0214  DMusic - ok
19:25:26.0718 0x0214  [ 474B4DC3983173E4B4C9740B0DAC98A6, C0B1B5B3A87529FFA93BCFCC2BC013A96CAD7F5049ED4D999E8D5D9AC91F95B7 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:25:26.0718 0x0214  Dnscache - ok
19:25:26.0734 0x0214  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:25:26.0734 0x0214  Dot3svc - ok
19:25:26.0734 0x0214  dpti2o - ok
19:25:26.0750 0x0214  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:25:26.0750 0x0214  drmkaud - ok
19:25:26.0765 0x0214  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:25:26.0765 0x0214  EapHost - ok
19:25:26.0781 0x0214  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:25:26.0781 0x0214  ERSvc - ok
19:25:26.0796 0x0214  [ 0E776ED5F7CC9F94299E70461B7B8185, 22750B3829133D1D4BB3CE2FA6247BE2373B5D15A6ED1C8A71673AA1CE7D9530 ] Eventlog        C:\WINDOWS\system32\services.exe
19:25:26.0796 0x0214  Eventlog - ok
19:25:26.0812 0x0214  [ 19A799805B24990867B00C120D300C3A, 3C8CB64BE0508B5136D4F4919DA665AB86366EFFFFDD890A9B27E7CE39DCF098 ] EventSystem     C:\WINDOWS\system32\es.dll
19:25:26.0812 0x0214  EventSystem - ok
19:25:26.0828 0x0214  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:25:26.0828 0x0214  Fastfat - ok
19:25:26.0843 0x0214  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:25:26.0859 0x0214  FastUserSwitchingCompatibility - ok
19:25:26.0875 0x0214  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
19:25:26.0890 0x0214  Fdc - ok
19:25:26.0921 0x0214  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:25:26.0921 0x0214  Fips - ok
19:25:26.0921 0x0214  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
19:25:26.0921 0x0214  Flpydisk - ok
19:25:26.0953 0x0214  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:25:26.0953 0x0214  FltMgr - ok
19:25:26.0984 0x0214  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:25:27.0000 0x0214  FontCache3.0.0.0 - ok
19:25:27.0015 0x0214  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:25:27.0015 0x0214  Fs_Rec - ok
19:25:27.0031 0x0214  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:25:27.0031 0x0214  Ftdisk - ok
19:25:27.0046 0x0214  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:25:27.0046 0x0214  Gpc - ok
19:25:27.0046 0x0214  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:25:27.0062 0x0214  HDAudBus - ok
19:25:27.0109 0x0214  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:25:27.0109 0x0214  helpsvc - ok
19:25:27.0109 0x0214  HidServ - ok
19:25:27.0140 0x0214  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:25:27.0140 0x0214  hidusb - ok
19:25:27.0171 0x0214  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:25:27.0171 0x0214  hkmsvc - ok
19:25:27.0171 0x0214  hpn - ok
19:25:27.0203 0x0214  [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:25:27.0203 0x0214  HTTP - ok
19:25:27.0218 0x0214  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:25:27.0218 0x0214  HTTPFilter - ok
19:25:27.0234 0x0214  i2omgmt - ok
19:25:27.0234 0x0214  i2omp - ok
19:25:27.0234 0x0214  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:25:27.0234 0x0214  i8042prt - ok
19:25:27.0312 0x0214  [ 1FF4488B12A3917A217874BE573C8F2A, 3AD5A08B70BD7FF2407E6DEE9153CBE1B1D79A016B3DFA31280F8A9DEAC77DED ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:25:27.0359 0x0214  ialm - ok
19:25:27.0453 0x0214  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:25:27.0468 0x0214  idsvc - ok
19:25:27.0484 0x0214  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:25:27.0484 0x0214  Imapi - ok
19:25:27.0515 0x0214  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:25:27.0515 0x0214  ImapiService - ok
19:25:27.0515 0x0214  ini910u - ok
19:25:27.0687 0x0214  [ AA1E5CFBF96015E0496D1C1159FB7C41, AA6BB195DD29723C7312ABF62359421B4560ADAB9AA77498DEAE141279D601D6 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:25:27.0765 0x0214  IntcAzAudAddService - ok
19:25:27.0781 0x0214  IntelIde - ok
19:25:27.0796 0x0214  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:25:27.0812 0x0214  intelppm - ok
19:25:27.0828 0x0214  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:25:27.0828 0x0214  Ip6Fw - ok
19:25:27.0843 0x0214  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:25:27.0843 0x0214  IpFilterDriver - ok
19:25:27.0843 0x0214  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:25:27.0843 0x0214  IpInIp - ok
19:25:27.0859 0x0214  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:25:27.0875 0x0214  IpNat - ok
19:25:27.0906 0x0214  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:25:27.0906 0x0214  IPSec - ok
19:25:27.0921 0x0214  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:25:27.0921 0x0214  IRENUM - ok
19:25:27.0953 0x0214  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:25:27.0953 0x0214  isapnp - ok
19:25:27.0984 0x0214  [ 25035D12A369A04605AA0891BAFBA9B0, E25F4BA4C05AFB8D0655597BF24CC4949FA8671A00CF6ED7893DC0B376CE4639 ] KaraokeService  C:\WINDOWS\system32\KaraokeSer.exe
19:25:27.0984 0x0214  KaraokeService - ok
19:25:28.0015 0x0214  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:25:28.0015 0x0214  Kbdclass - ok
19:25:28.0031 0x0214  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:25:28.0031 0x0214  kmixer - ok
19:25:28.0031 0x0214  [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:25:28.0046 0x0214  KSecDD - ok
19:25:28.0046 0x0214  [ D4C96F77715556CE79EB20A43F55AC10, A367BF02FADEF94F085D159B55EEE433C2D054806147584A38BC27571DE62998 ] L1c             C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
19:25:28.0046 0x0214  L1c - ok
19:25:28.0093 0x0214  [ F385F4B02C535BFFE1D70CAB80838123, A1695E161673BCB77CE150C2D98A07FCB454C53F10EEBECD754D2CC40DEAA1E0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
19:25:28.0093 0x0214  LanmanServer - ok
19:25:28.0109 0x0214  [ 1B67B632786FEF1C1BBAEF46C2F3F2E6, 48A6DB1EC7515F0DDD0639AEE3056F32C273B4D541F3647915A32ABA140DA34A ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:25:28.0109 0x0214  lanmanworkstation - ok
19:25:28.0109 0x0214  lbrtfdc - ok
19:25:28.0125 0x0214  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:25:28.0125 0x0214  LmHosts - ok
19:25:28.0140 0x0214  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:25:28.0156 0x0214  Messenger - ok
19:25:28.0171 0x0214  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:25:28.0171 0x0214  mnmdd - ok
19:25:28.0203 0x0214  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:25:28.0203 0x0214  mnmsrvc - ok
19:25:28.0218 0x0214  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:25:28.0218 0x0214  Modem - ok
19:25:28.0265 0x0214  [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
19:25:28.0296 0x0214  Monfilt - ok
19:25:28.0312 0x0214  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:25:28.0312 0x0214  Mouclass - ok
19:25:28.0328 0x0214  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:25:28.0328 0x0214  mouhid - ok
19:25:28.0328 0x0214  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:25:28.0343 0x0214  MountMgr - ok
19:25:28.0343 0x0214  mraid35x - ok
19:25:28.0343 0x0214  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:25:28.0343 0x0214  MRxDAV - ok
19:25:28.0375 0x0214  [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:25:28.0390 0x0214  MRxSmb - ok
19:25:28.0406 0x0214  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
19:25:28.0421 0x0214  MSDTC - ok
19:25:28.0421 0x0214  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:25:28.0421 0x0214  Msfs - ok
19:25:28.0421 0x0214  MSIServer - ok
19:25:28.0453 0x0214  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:25:28.0453 0x0214  MSKSSRV - ok
19:25:28.0453 0x0214  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:25:28.0453 0x0214  MSPCLOCK - ok
19:25:28.0468 0x0214  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:25:28.0468 0x0214  MSPQM - ok
19:25:28.0468 0x0214  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:25:28.0468 0x0214  mssmbios - ok
19:25:28.0484 0x0214  [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:25:28.0484 0x0214  Mup - ok
19:25:28.0500 0x0214  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:25:28.0515 0x0214  napagent - ok
19:25:28.0515 0x0214  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:25:28.0531 0x0214  NDIS - ok
19:25:28.0546 0x0214  [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:25:28.0546 0x0214  NdisTapi - ok
19:25:28.0546 0x0214  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:25:28.0546 0x0214  Ndisuio - ok
19:25:28.0546 0x0214  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:25:28.0546 0x0214  NdisWan - ok
19:25:28.0562 0x0214  [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:25:28.0562 0x0214  NDProxy - ok
19:25:28.0640 0x0214  [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:25:28.0656 0x0214  Nero BackItUp Scheduler 4.0 - ok
19:25:28.0671 0x0214  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:25:28.0671 0x0214  NetBIOS - ok
19:25:28.0703 0x0214  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:25:28.0703 0x0214  NetBT - ok
19:25:28.0718 0x0214  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:25:28.0734 0x0214  NetDDE - ok
19:25:28.0734 0x0214  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:25:28.0734 0x0214  NetDDEdsdm - ok
19:25:28.0750 0x0214  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:25:28.0781 0x0214  Netlogon - ok
19:25:28.0796 0x0214  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
19:25:28.0796 0x0214  Netman - ok
19:25:28.0828 0x0214  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:25:28.0828 0x0214  NetTcpPortSharing - ok
19:25:28.0859 0x0214  [ B4138E99236F0F57D4CF49BAE98A0746, DDEAE046C1165C41F06933E808B143118208B02BB83FA80BEF8F550D4DC78149 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:25:28.0859 0x0214  Nla - ok
19:25:28.0875 0x0214  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:25:28.0875 0x0214  Npfs - ok
19:25:28.0890 0x0214  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:25:28.0906 0x0214  Ntfs - ok
19:25:28.0921 0x0214  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
19:25:28.0921 0x0214  NtLmSsp - ok
19:25:28.0968 0x0214  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:25:28.0968 0x0214  NtmsSvc - ok
19:25:28.0984 0x0214  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:25:28.0984 0x0214  Null - ok
19:25:29.0015 0x0214  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:25:29.0015 0x0214  NwlnkFlt - ok
19:25:29.0015 0x0214  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:25:29.0015 0x0214  NwlnkFwd - ok
19:25:29.0062 0x0214  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:25:29.0062 0x0214  ose - ok
19:25:29.0062 0x0214  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
19:25:29.0078 0x0214  Parport - ok
19:25:29.0078 0x0214  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:25:29.0078 0x0214  PartMgr - ok
19:25:29.0109 0x0214  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:25:29.0109 0x0214  ParVdm - ok
19:25:29.0125 0x0214  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:25:29.0125 0x0214  PCI - ok
19:25:29.0125 0x0214  PCIDump - ok
19:25:29.0125 0x0214  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:25:29.0125 0x0214  PCIIde - ok
19:25:29.0140 0x0214  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:25:29.0156 0x0214  Pcmcia - ok
19:25:29.0156 0x0214  PDCOMP - ok
19:25:29.0156 0x0214  PDFRAME - ok
19:25:29.0156 0x0214  PDRELI - ok
19:25:29.0156 0x0214  PDRFRAME - ok
19:25:29.0156 0x0214  perc2 - ok
19:25:29.0171 0x0214  perc2hib - ok
19:25:29.0187 0x0214  [ 444F122E68DB44C0589227781F3C8B3F, 99581AD22CBD3B647E719E250291C315099B62FDF80671225F0C5A05489D0F91 ] pfc             C:\WINDOWS\system32\drivers\pfc.sys
19:25:29.0187 0x0214  pfc - ok
19:25:29.0203 0x0214  [ 0E776ED5F7CC9F94299E70461B7B8185, 22750B3829133D1D4BB3CE2FA6247BE2373B5D15A6ED1C8A71673AA1CE7D9530 ] PlugPlay        C:\WINDOWS\system32\services.exe
19:25:29.0203 0x0214  PlugPlay - ok
19:25:29.0203 0x0214  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:25:29.0218 0x0214  PolicyAgent - ok
19:25:29.0218 0x0214  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:25:29.0218 0x0214  PptpMiniport - ok
19:25:29.0218 0x0214  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:25:29.0218 0x0214  ProtectedStorage - ok
19:25:29.0218 0x0214  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:25:29.0234 0x0214  PSched - ok
19:25:29.0234 0x0214  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:25:29.0234 0x0214  Ptilink - ok
19:25:29.0234 0x0214  ql1080 - ok
19:25:29.0234 0x0214  Ql10wnt - ok
19:25:29.0234 0x0214  ql12160 - ok
19:25:29.0234 0x0214  ql1240 - ok
19:25:29.0250 0x0214  ql1280 - ok
19:25:29.0250 0x0214  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:25:29.0265 0x0214  RasAcd - ok
19:25:29.0281 0x0214  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:25:29.0296 0x0214  RasAuto - ok
19:25:29.0296 0x0214  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:25:29.0296 0x0214  Rasl2tp - ok
19:25:29.0312 0x0214  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:25:29.0328 0x0214  RasMan - ok
19:25:29.0328 0x0214  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:25:29.0328 0x0214  RasPppoe - ok
19:25:29.0328 0x0214  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:25:29.0328 0x0214  Raspti - ok
19:25:29.0343 0x0214  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:25:29.0343 0x0214  Rdbss - ok
19:25:29.0343 0x0214  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:25:29.0343 0x0214  RDPCDD - ok
19:25:29.0375 0x0214  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:25:29.0375 0x0214  rdpdr - ok
19:25:29.0406 0x0214  [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:25:29.0421 0x0214  RDPWD - ok
19:25:29.0437 0x0214  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:25:29.0453 0x0214  RDSessMgr - ok
19:25:29.0453 0x0214  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:25:29.0453 0x0214  redbook - ok
19:25:29.0468 0x0214  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:25:29.0484 0x0214  RemoteAccess - ok
19:25:29.0500 0x0214  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:25:29.0500 0x0214  RemoteRegistry - ok
19:25:29.0531 0x0214  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:25:29.0531 0x0214  RpcLocator - ok
19:25:29.0546 0x0214  [ 2589FE6015A316C0F5D5112B4DA7B509, 2753785BA07A1A7A25E275332F5F9F403F6E8CBF396FD0905D6BA84B98C403A6 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
19:25:29.0562 0x0214  RpcSs - ok
19:25:29.0578 0x0214  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:25:29.0593 0x0214  RSVP - ok
19:25:29.0625 0x0214  [ 1323BA3CA4E8D863EB00CD81C0AAF356, C1E5C0D4B404BCDD11177466C23898E5A50C50C5A5447B0B88BF9039A2366196 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:25:29.0625 0x0214  RTLE8023xp - ok
19:25:29.0625 0x0214  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:25:29.0625 0x0214  SamSs - ok
19:25:29.0656 0x0214  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:25:29.0671 0x0214  SCardSvr - ok
19:25:29.0687 0x0214  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:25:29.0703 0x0214  Schedule - ok
19:25:29.0718 0x0214  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:25:29.0718 0x0214  Secdrv - ok
19:25:29.0718 0x0214  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:25:29.0734 0x0214  seclogon - ok
19:25:29.0734 0x0214  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
19:25:29.0734 0x0214  SENS - ok
19:25:29.0750 0x0214  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
19:25:29.0750 0x0214  serenum - ok
19:25:29.0750 0x0214  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
19:25:29.0750 0x0214  Serial - ok
19:25:29.0765 0x0214  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:25:29.0765 0x0214  Sfloppy - ok
19:25:29.0765 0x0214  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:25:29.0781 0x0214  SharedAccess - ok
19:25:29.0796 0x0214  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:25:29.0796 0x0214  ShellHWDetection - ok
19:25:29.0796 0x0214  Simbad - ok
19:25:29.0796 0x0214  Sparrow - ok
19:25:29.0828 0x0214  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:25:29.0843 0x0214  splitter - ok
19:25:29.0843 0x0214  [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B, 130D686A220AF97EBF33DD481B79990F259B4EE38DD95A35CD3D0F0517790FF0 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:25:29.0859 0x0214  Spooler - ok
19:25:29.0875 0x0214  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:25:29.0890 0x0214  sr - ok
19:25:29.0890 0x0214  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:25:29.0890 0x0214  srservice - ok
19:25:29.0968 0x0214  [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:25:29.0968 0x0214  Srv - ok
19:25:30.0000 0x0214  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:25:30.0000 0x0214  SSDPSRV - ok
19:25:30.0015 0x0214  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:25:30.0031 0x0214  stisvc - ok
19:25:30.0031 0x0214  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:25:30.0031 0x0214  swenum - ok
19:25:30.0031 0x0214  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:25:30.0046 0x0214  swmidi - ok
19:25:30.0046 0x0214  SwPrv - ok
19:25:30.0046 0x0214  symc810 - ok
19:25:30.0046 0x0214  symc8xx - ok
19:25:30.0046 0x0214  sym_hi - ok
19:25:30.0046 0x0214  sym_u3 - ok
19:25:30.0062 0x0214  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:25:30.0078 0x0214  sysaudio - ok
19:25:30.0093 0x0214  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:25:30.0109 0x0214  SysmonLog - ok
19:25:30.0125 0x0214  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:25:30.0140 0x0214  TapiSrv - ok
19:25:30.0140 0x0214  [ 93EA8D04EC73A85DB02EB8805988F733, 013008E23F5F14E0C836C28524D1181759BAF84530C6331163882A772217F398 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:25:30.0156 0x0214  Tcpip - ok
19:25:30.0171 0x0214  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:25:30.0171 0x0214  TDPIPE - ok
19:25:30.0187 0x0214  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:25:30.0187 0x0214  TDTCP - ok
19:25:30.0187 0x0214  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:25:30.0187 0x0214  TermDD - ok
19:25:30.0187 0x0214  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:25:30.0203 0x0214  TermService - ok
19:25:30.0218 0x0214  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:25:30.0234 0x0214  Themes - ok
19:25:30.0250 0x0214  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
19:25:30.0250 0x0214  TlntSvr - ok
19:25:30.0250 0x0214  TosIde - ok
19:25:30.0265 0x0214  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:25:30.0265 0x0214  TrkWks - ok
19:25:30.0281 0x0214  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:25:30.0281 0x0214  Udfs - ok
19:25:30.0281 0x0214  ultra - ok
19:25:30.0296 0x0214  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:25:30.0312 0x0214  Update - ok
19:25:30.0328 0x0214  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:25:30.0343 0x0214  upnphost - ok
19:25:30.0343 0x0214  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
19:25:30.0343 0x0214  UPS - ok
19:25:30.0375 0x0214  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:25:30.0375 0x0214  usbccgp - ok
19:25:30.0390 0x0214  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:25:30.0406 0x0214  usbehci - ok
19:25:30.0421 0x0214  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:25:30.0421 0x0214  usbhub - ok
19:25:30.0421 0x0214  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:25:30.0421 0x0214  usbprint - ok
19:25:30.0437 0x0214  [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:25:30.0437 0x0214  usbscan - ok
19:25:30.0453 0x0214  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:25:30.0453 0x0214  USBSTOR - ok
19:25:30.0468 0x0214  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:25:30.0468 0x0214  VgaSave - ok
19:25:30.0562 0x0214  [ A11C98A43D7239B1D83DB79707483B1B, D582DC475FC7CF488F51C2C1723964B5123CB2BA0619C67E6F483D6A0403509E ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
19:25:30.0640 0x0214  VIAHdAudAddService - ok
19:25:30.0640 0x0214  ViaIde - ok
19:25:30.0687 0x0214  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:25:30.0687 0x0214  VolSnap - ok
19:25:30.0718 0x0214  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
19:25:30.0718 0x0214  VSS - ok
19:25:30.0734 0x0214  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
19:25:30.0750 0x0214  W32Time - ok
19:25:30.0765 0x0214  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:25:30.0765 0x0214  Wanarp - ok
19:25:30.0765 0x0214  WDICA - ok
19:25:30.0781 0x0214  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:25:30.0796 0x0214  wdmaud - ok
19:25:30.0796 0x0214  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:25:30.0812 0x0214  WebClient - ok
19:25:30.0921 0x0214  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:25:30.0921 0x0214  winmgmt - ok
19:25:30.0953 0x0214  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
19:25:30.0968 0x0214  WmdmPmSN - ok
19:25:31.0000 0x0214  [ BAB489A5FE26F2D0C910CF7AF7E4CF92, 700325258CA7A2BC2D7AA6E3176194D21229BEA76EA37BEAE117BBF87CE4ECD4 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:25:31.0015 0x0214  Wmi - ok
19:25:31.0031 0x0214  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:25:31.0046 0x0214  WmiApSrv - ok
19:25:31.0062 0x0214  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
19:25:31.0062 0x0214  wscsvc - ok
19:25:31.0078 0x0214  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:25:31.0093 0x0214  wuauserv - ok
19:25:31.0109 0x0214  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:25:31.0125 0x0214  WZCSVC - ok
19:25:31.0156 0x0214  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:25:31.0156 0x0214  xmlprov - ok
19:25:31.0156 0x0214  ================ Scan global ===============================
19:25:31.0171 0x0214  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
19:25:31.0187 0x0214  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C, 1ED920E475221228EF215708701EC166A0B1BBCBD236E5B047420EBD0FF1371A ] C:\WINDOWS\system32\winsrv.dll
19:25:31.0203 0x0214  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C, 1ED920E475221228EF215708701EC166A0B1BBCBD236E5B047420EBD0FF1371A ] C:\WINDOWS\system32\winsrv.dll
19:25:31.0218 0x0214  [ 0E776ED5F7CC9F94299E70461B7B8185, 22750B3829133D1D4BB3CE2FA6247BE2373B5D15A6ED1C8A71673AA1CE7D9530 ] C:\WINDOWS\system32\services.exe
19:25:31.0218 0x0214  [ Global ] - ok
19:25:31.0218 0x0214  ================ Scan MBR ==================================
19:25:31.0234 0x0214  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:25:31.0562 0x0214  \Device\Harddisk0\DR0 - ok
19:25:31.0562 0x0214  ================ Scan VBR ==================================
19:25:31.0562 0x0214  [ 536961A02CF648CE39F9F4FF2B056858 ] \Device\Harddisk0\DR0\Partition1
19:25:31.0578 0x0214  \Device\Harddisk0\DR0\Partition1 - ok
19:25:31.0578 0x0214  [ 9FA1B9C444944597E54A9CE3EFBA939E ] \Device\Harddisk0\DR0\Partition2
19:25:31.0578 0x0214  \Device\Harddisk0\DR0\Partition2 - ok
19:25:31.0593 0x0214  AV detected via SS1: avast! Antivirus, 5.0.150996955, enabled, updated
19:25:31.0609 0x0214  Win FW state via NFM: enabled
19:25:31.0609 0x0214  ============================================================
19:25:31.0609 0x0214  Scan finished
19:25:31.0609 0x0214  ============================================================
19:25:31.0609 0x01f0  Detected object count: 0
19:25:31.0609 0x01f0  Actual detected object count: 0
 
ADWCleaner:
 
# AdwCleaner v3.016 - Report created 08/01/2014 at 19:30:02
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : limud - LIMUD-BCE1509C0
# Running from : C:\Documents and Settings\limud\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v6.0.2900.5512
 
 
*************************
 
AdwCleaner[R0].txt - [882 octets] - [08/01/2014 19:27:32]
AdwCleaner[S0].txt - [808 octets] - [08/01/2014 19:30:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [867 octets] ##########
 
JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Microsoft Windows XP x86
Ran by limud on Wed 01/08/2014 at 19:37:02.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\LOG1.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\LOG2.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\LOG3.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\LOG4.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\LOG5.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\LOG6.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\LOG7.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\LOG8.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\LOG9.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\LOGA.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\LOGB.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\LOGC.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\LOGD.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\LOGE.tmp [TDL4 Trace]
Successfully deleted [File] C:\Documents and Settings\All Users\Microsoft\DRM\LOGF.tmp [TDL4 Trace]
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/08/2014 at 19:38:58.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ESET Online:
 
No Log


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:44 PM

Posted 08 January 2014 - 02:43 PM

Did you run anything else prior to this ? I only see some traces left and removed.

By the way ,,, update To Adobe Reader XI, older versions are exploitable by malware.

 

NOTE: UNcheck the Optional Offer

 

Optional offer:
Yes, install Google Chrome as my default browser and Google Toolbar for Internet Explorer.

google_banner_225x66.png


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Ktze Hut

Ktze Hut
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 08 January 2014 - 02:59 PM

I saw strange behavior when inserting into the machine an Olympus digital recorder. I also use the Olympus as a flash drive to transfer files.

 

I copied a file from the Olympus on to another flash drive, and inserted the other flash drive into my laptop (not the machine we are working on. I scanned the laptop with Broni - see above). The laptop's ESET NOD32 quarantined jave.vbs from the flash drive.

 

I ran an Avast scan on the machine we are currently working on, and it quarantined some files.

 

And I posted on BC...



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:44 PM

Posted 08 January 2014 - 03:05 PM

Did you see Kryptik in the ESET scan.

The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the desktop.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Ktze Hut

Ktze Hut
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 08 January 2014 - 03:18 PM

ESET did not create a log, at least it's not in the location you specified...

 

I so see an entry in the registry at: HKCU\Software\Microsoft\Windows\CurrentVersion\Run, as Microsoft describes here:

 

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=VBS/Jenxcus#tab=2

 

the entry's name is jave, type: REG_SZ, data: wscript.exe //B "C:\Documents and Settings\limud\jave.vbs"



#8 Ktze Hut

Ktze Hut
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 08 January 2014 - 03:27 PM

For what it's worth, among other things I dug up:

 

http://community.norton.com/t5/forums/forumtopicprintpage/board-id/Malware/message-id/1501/print-single-message/false/page/1



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:44 PM

Posted 08 January 2014 - 03:48 PM

Hi, if you still see that file in the registry then we did not kill that worm. It is probably protected and needs a deeper look.
Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Ktze Hut

Ktze Hut
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 08 January 2014 - 04:02 PM

All went well, I posted a new topic with the DDS logs.



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:44 PM

Posted 08 January 2014 - 08:29 PM

Thank you

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 5 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users