Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system being shutdown by ntauthority\system


  • This topic is locked This topic is locked
5 replies to this topic

#1 amgesq

amgesq

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 11 January 2014 - 02:16 PM

Hello.  At the suggestion of my sister, a regular bleepingcomputer user, I am asking for some help.  Not sure if I am infected or if my 10yo computer is finally developing a glitch.  Been trying to solve this for a week.  Here’s my story; please excuse the length , but I want to explain not only the problem but also what I have done to try to fix it.

 

Computer is a Dell Dimension 4600; OS is Windows XP Professional; antivirus software is Norton Internet Security (although my subscription is up in a couple weeks and I will not be using it going forward, although I haven’t yet uninstalled it.).

 

Last week as I was on my computer connected to the internet (I think I was on facebook, but it may have been another site), I got the following message on my screen in a separate box titled System Shutdown.  “This system is shutting down.  Please save all work in progress and log off.  Any unsaved changes will be lost.  This shutdown was initiated by NTAUTHORITY\SYSTEM.  Time before shutdown [varies between 30 seconds or 60 seconds].  Then the box has a “Message” which reads:  “Windows must now restart because the DC COM Server Process Launcher service terminated unexpectedly”

 

The system restarted and I figured it was a one time glitch.  However I got the message again and it shutdown again after a time.  I am one of those persons who has Windows Task Manager open all the time so I can monitor what’s going on (even if I don't understand what a lot of teh processes are), and discovered that one of the svchost.exe processes seems to be the problem.  I noted that it used an ever-increasing amount of my CPU and memory.  When I terminated that process, I got the same System Shutdown message. 

 

I tried a system restore to several prior dates (going as far back as a month) and couldn’t restore.  (This has been the case on other occasions; system restore almost never works for me).  Norton hadn’t found anything except tracking cookies in a long time.  During my attempts to figure out what was the problem, I discovered the problem only happens when I am connected to the internet.  While the problematic svchost.exe pops up on every restart, if I am not connected to the internet it doesn’t cause problems and use up CPU and memory.  As soon as I connect, then it goes up and eventually I get the system shuts message and it restarts.  (I now connect and disconnct by unplugging my DSL line from my modem.)

 

So I contacted my sister, who has had success  fixing her and others computers.  She suggested I download Malwarebytes (MWBytes) and Microsoft Security Essentials (MSE).  She also said to turn off Norton, as it may interfere with the other 2 programs.  I couldn’t DL from my computer b/c my settings prevent most exe files from being downloaded.  (I have tried several changes to my settings to fix this and been unable to do so.  This is not a new issue.)  So I went to the public library and DL’d them onto a flash drive.  I installed MWBytes, and ran quick and full scans, both before updating and after connecting to the internet and updating.  Not much was found.  I can post those logs if you’d like.  The first attempt at installing MSE didn’t work b/c it wasn’t a 32-bit program.  When I found the right one, I ran scans;  It, too, didn’t find anything.  I also set up MSE to be my virus protection instead of Norton.

 

My Norton was set up to run a full system scan every night at 3:00am.  I forgot to stop this and on Jan 5, got a message that Norton had found Bloodound.malPE.  I quarantined it.  But the problem wasn’t solved.

 

Since shortly after discovering the problem, I have not used my home computer to visit any financial sites or any other sites that require a log-in.  This includes my yahoo email.  I have been doing these things from the library.  I will check bleepingcomputer from my home cmputer.

 

Any help would be welcome.

 

Andy

 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:23 AM

Posted 16 January 2014 - 06:57 PM

Hi Andy -

Sorry we were late in responding, but we have been very busy, and often a "simple" post is not answered.

 

Infection
This Trojan is typically distributed using a number of means common to many other well-known threats. Namely it has been observed to be spread by fake blogs rigged with URLs to sensational videos that "must be seen" or bogus blog or forum comments with similar baits. The Trojan may also be found in fake Torrent files and P2P downloads, cracks and warez Web sites, and also hacked legitimate and fake Web sites rigged with exploits for various vulnerabilities allowing for what is known as a "drive-by download" to occur.

 

I will only ask you to perform 1 scan, and depending on the result, if we may ask you to repost in another area.

 

Download TDSSKiller and save it to your desktop.

  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt.
    Please copy and paste the contents of that file here.

 

 

Thanks -



#3 amgesq

amgesq
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 16 January 2014 - 09:45 PM

Ran the TDSS scan;  was very quick; nothing was found; here is the report.  Thanks.

 

20:29:24.0046 0x0928  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
20:29:48.0703 0x0928  ============================================================
20:29:48.0703 0x0928  Current date / time: 2014/01/16 20:29:48.0703
20:29:48.0703 0x0928  SystemInfo:
20:29:48.0703 0x0928 
20:29:48.0703 0x0928  OS Version: 5.1.2600 ServicePack: 3.0
20:29:48.0703 0x0928  Product type: Workstation
20:29:48.0703 0x0928  ComputerName: OWNER-MMW299YXA
20:29:48.0703 0x0928  UserName: Administrator
20:29:48.0703 0x0928  Windows directory: C:\WINDOWS
20:29:48.0703 0x0928  System windows directory: C:\WINDOWS
20:29:48.0703 0x0928  Processor architecture: Intel x86
20:29:48.0703 0x0928  Number of processors: 1
20:29:48.0703 0x0928  Page size: 0x1000
20:29:48.0703 0x0928  Boot type: Normal boot
20:29:48.0703 0x0928  ============================================================
20:29:51.0734 0x0928  KLMD registered as C:\WINDOWS\system32\drivers\20225331.sys
20:29:52.0546 0x0928  System UUID: {FEC6991E-3CBC-5236-916F-BDD41E45BF00}
20:29:54.0546 0x0928  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:29:54.0593 0x0928  Drive \Device\Harddisk1\DR4 - Size: 0x3C6C00000 (15.11 Gb), SectorSize: 0x200, Cylinders: 0x7B3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:29:54.0593 0x0928  ============================================================
20:29:54.0593 0x0928  \Device\Harddisk0\DR0:
20:29:54.0593 0x0928  MBR partitions:
20:29:54.0593 0x0928  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
20:29:54.0593 0x0928  \Device\Harddisk1\DR4:
20:29:54.0593 0x0928  MBR partitions:
20:29:54.0593 0x0928  \Device\Harddisk1\DR4\Partition1: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x1E35FD0
20:29:54.0593 0x0928  ============================================================
20:29:54.0703 0x0928  C: <-> \Device\Harddisk0\DR0\Partition1
20:29:54.0703 0x0928  ============================================================
20:29:54.0703 0x0928  Initialize success
20:29:54.0703 0x0928  ============================================================
20:30:04.0343 0x18d0  ============================================================
20:30:04.0343 0x18d0  Scan started
20:30:04.0343 0x18d0  Mode: Manual;
20:30:04.0343 0x18d0  ============================================================
20:30:04.0343 0x18d0  KSN ping started
20:30:07.0093 0x18d0  KSN ping finished: true
20:30:07.0875 0x18d0  ================ Scan system memory ========================
20:30:07.0890 0x18d0  System memory - ok
20:30:07.0890 0x18d0  ================ Scan services =============================
20:30:11.0062 0x18d0  Abiosdsk - ok
20:30:11.0078 0x18d0  abp480n5 - ok
20:30:11.0421 0x18d0  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:30:11.0437 0x18d0  ACPI - ok
20:30:11.0734 0x18d0  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:30:11.0734 0x18d0  ACPIEC - ok
20:30:11.0750 0x18d0  adpu160m - ok
20:30:11.0796 0x18d0  [ 11C04B17ED2ABBB4833694BCD644AC90, 4F50E672B8C1CA951EF1E01E969C73968BDB656889849859881333ECD3751A24 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
20:30:11.0796 0x18d0  aeaudio - ok
20:30:11.0828 0x18d0  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:30:11.0828 0x18d0  aec - ok
20:30:11.0890 0x18d0  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:30:11.0906 0x18d0  AFD - ok
20:30:11.0906 0x18d0  Aha154x - ok
20:30:11.0921 0x18d0  aic78u2 - ok
20:30:11.0937 0x18d0  aic78xx - ok
20:30:11.0984 0x18d0  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:30:12.0000 0x18d0  Alerter - ok
20:30:12.0031 0x18d0  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
20:30:12.0046 0x18d0  ALG - ok
20:30:12.0046 0x18d0  AliIde - ok
20:30:12.0062 0x18d0  amsint - ok
20:30:12.0140 0x18d0  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
20:30:12.0140 0x18d0  AppMgmt - ok
20:30:12.0156 0x18d0  asc - ok
20:30:12.0171 0x18d0  asc3350p - ok
20:30:12.0187 0x18d0  asc3550 - ok
20:30:12.0375 0x18d0  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:30:12.0390 0x18d0  aspnet_state - ok
20:30:12.0437 0x18d0  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:30:12.0453 0x18d0  AsyncMac - ok
20:30:12.0468 0x18d0  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:30:12.0468 0x18d0  atapi - ok
20:30:12.0484 0x18d0  Atdisk - ok
20:30:12.0500 0x18d0  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:30:12.0531 0x18d0  Atmarpc - ok
20:30:12.0578 0x18d0  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:30:12.0578 0x18d0  AudioSrv - ok
20:30:12.0640 0x18d0  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:30:12.0640 0x18d0  audstub - ok
20:30:12.0703 0x18d0  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:30:12.0703 0x18d0  Beep - ok
20:30:12.0812 0x18d0  [ 76154FA6A742C613B44BB636B1A7C057, 541B43549294049C1C0E8293C1AB41A11A2035473AD7E8C441BAEE0B53AFC2A7 ] BHDrvx86        C:\WINDOWS\System32\Drivers\NIS\1008030.006\BHDrvx86.sys
20:30:12.0828 0x18d0  BHDrvx86 - ok
20:30:12.0890 0x18d0  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\System32\qmgr.dll
20:30:12.0953 0x18d0  BITS - ok
20:30:13.0000 0x18d0  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
20:30:13.0015 0x18d0  Browser - ok
20:30:13.0062 0x18d0  [ 92A964547B96D697E5E9ED43B4297F5A, 01A84802B68253FF093EAFED5B85DE716BB85EBD080D92D4814B6FB39286CD24 ] BrScnUsb        C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
20:30:13.0078 0x18d0  BrScnUsb - ok
20:30:13.0125 0x18d0  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:30:13.0140 0x18d0  cbidf2k - ok
20:30:13.0171 0x18d0  [ 3182B846490DC4D71FABD4A8CB6B73EA, 88BEF9E906BEE0BB2DD6DF3F3091151BC5739EA7C9970637EFFB8B8FE458F2F9 ] ccHP            C:\WINDOWS\System32\Drivers\NIS\1008030.006\ccHPx86.sys
20:30:13.0203 0x18d0  ccHP - ok
20:30:13.0218 0x18d0  cd20xrnt - ok
20:30:13.0265 0x18d0  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:30:13.0281 0x18d0  Cdaudio - ok
20:30:13.0328 0x18d0  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:30:13.0343 0x18d0  Cdfs - ok
20:30:13.0359 0x18d0  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:30:13.0375 0x18d0  Cdrom - ok
20:30:13.0390 0x18d0  Changer - ok
20:30:13.0453 0x18d0  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:30:13.0453 0x18d0  CiSvc - ok
20:30:13.0484 0x18d0  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:30:13.0484 0x18d0  ClipSrv - ok
20:30:13.0515 0x18d0  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:30:13.0546 0x18d0  clr_optimization_v2.0.50727_32 - ok
20:30:13.0750 0x18d0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:30:13.0765 0x18d0  clr_optimization_v4.0.30319_32 - ok
20:30:13.0781 0x18d0  CmdIde - ok
20:30:13.0796 0x18d0  COMSysApp - ok
20:30:13.0812 0x18d0  Cpqarray - ok
20:30:13.0890 0x18d0  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:30:13.0890 0x18d0  CryptSvc - ok
20:30:13.0906 0x18d0  dac2w2k - ok
20:30:13.0906 0x18d0  dac960nt - ok
20:30:14.0078 0x18d0  [ 0F4E82A1BCC9B139CAA9157D85CECC9C, 244A9CE557E3BF6D457B736D31A4A16EE50C8CBD80E234FA2FC83670F07197D4 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:30:14.0203 0x18d0  DcomLaunch - ok
20:30:14.0281 0x18d0  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:30:14.0281 0x18d0  Dhcp - ok
20:30:14.0359 0x18d0  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:30:14.0359 0x18d0  Disk - ok
20:30:14.0375 0x18d0  dmadmin - ok
20:30:14.0421 0x18d0  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:30:14.0468 0x18d0  dmboot - ok
20:30:14.0484 0x18d0  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:30:14.0484 0x18d0  dmio - ok
20:30:14.0515 0x18d0  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:30:14.0531 0x18d0  dmload - ok
20:30:14.0562 0x18d0  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:30:14.0578 0x18d0  dmserver - ok
20:30:14.0609 0x18d0  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:30:14.0609 0x18d0  DMusic - ok
20:30:14.0671 0x18d0  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:30:14.0671 0x18d0  Dnscache - ok
20:30:14.0734 0x18d0  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:30:14.0750 0x18d0  Dot3svc - ok
20:30:14.0750 0x18d0  dpti2o - ok
20:30:14.0781 0x18d0  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:30:14.0781 0x18d0  drmkaud - ok
20:30:14.0843 0x18d0  [ 98B46B331404A951CABAD8B4877E1276, DC683271BFF3BCC40D656E8190A4BA25E76B5876FE3C22C66ED789068C7017A7 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:30:14.0859 0x18d0  E100B - ok
20:30:14.0906 0x18d0  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:30:14.0906 0x18d0  EapHost - ok
20:30:15.0156 0x18d0  [ 08EE8892FD19A6A951F40254E97F6EF3, 76F19B49DDC7B1CD7839BF0DF6A417F2DD756C924931F39291BC1D25A3C6077D ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:30:15.0187 0x18d0  eeCtrl - ok
20:30:15.0218 0x18d0  [ 050D136C61DBCF36C257206ADBBEC009, 0FD13A4B43534ABF84B637F0749AED30CAF8EB2A50C0ABE70B76608AEE925A30 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:30:15.0234 0x18d0  EraserUtilRebootDrv - ok
20:30:15.0265 0x18d0  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:30:15.0281 0x18d0  ERSvc - ok
20:30:15.0343 0x18d0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
20:30:15.0343 0x18d0  Eventlog - ok
20:30:15.0390 0x18d0  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\System32\es.dll
20:30:15.0406 0x18d0  EventSystem - ok
20:30:15.0500 0x18d0  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:30:15.0562 0x18d0  Fastfat - ok
20:30:15.0625 0x18d0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:30:15.0656 0x18d0  FastUserSwitchingCompatibility - ok
20:30:15.0703 0x18d0  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
20:30:15.0703 0x18d0  Fdc - ok
20:30:15.0718 0x18d0  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:30:15.0734 0x18d0  Fips - ok
20:30:15.0781 0x18d0  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:30:15.0781 0x18d0  Flpydisk - ok
20:30:15.0859 0x18d0  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:30:15.0859 0x18d0  FltMgr - ok
20:30:15.0953 0x18d0  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:30:15.0984 0x18d0  FontCache3.0.0.0 - ok
20:30:16.0000 0x18d0  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:30:16.0062 0x18d0  Fs_Rec - ok
20:30:16.0093 0x18d0  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:30:16.0109 0x18d0  Ftdisk - ok
20:30:16.0187 0x18d0  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:30:16.0203 0x18d0  Gpc - ok
20:30:16.0296 0x18d0  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:30:16.0296 0x18d0  helpsvc - ok
20:30:16.0312 0x18d0  HidServ - ok
20:30:16.0328 0x18d0  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:30:16.0343 0x18d0  HidUsb - ok
20:30:16.0406 0x18d0  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:30:16.0421 0x18d0  hkmsvc - ok
20:30:16.0421 0x18d0  hpn - ok
20:30:16.0484 0x18d0  [ 77E4FF0B73BC0AEAAF39BF0C8104231F, A5D35FCD9E52003D990EB97DF1634DE9B516647C8DAAD3152550CD875DBBDA82 ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
20:30:16.0515 0x18d0  HSFHWBS2 - ok
20:30:16.0578 0x18d0  [ 60E1604729A15EF4A3B05F298427B3B1, 139DE473F645A300DD436B4AA8359A23FCE3BB9688B6B597E89F8ADBC36A71B9 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:30:16.0625 0x18d0  HSF_DP - ok
20:30:16.0703 0x18d0  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:30:16.0718 0x18d0  HTTP - ok
20:30:16.0968 0x18d0  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:30:16.0984 0x18d0  HTTPFilter - ok
20:30:16.0984 0x18d0  i2omgmt - ok
20:30:17.0015 0x18d0  i2omp - ok
20:30:17.0062 0x18d0  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:30:17.0078 0x18d0  i8042prt - ok
20:30:17.0140 0x18d0  [ 1406D6EF4436AEE970EFE13193123965, 3FE530FCB3EE499A7CF8826DCEB42D1B3684A989CC1FC70C952514C7FCA34B43 ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:30:17.0156 0x18d0  ialm - ok
20:30:17.0296 0x18d0  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:30:17.0375 0x18d0  idsvc - ok
20:30:17.0781 0x18d0  [ 8F7BDACD076832E8D37351C7B349A72B, 311FBB3C3C46DA03F2097DEFDC065F7C6549565CB490A218C79D1C54D022D29A ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20140102.001\IDSxpx86.sys
20:30:17.0828 0x18d0  IDSxpx86 - ok
20:30:17.0843 0x18d0  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:30:17.0843 0x18d0  Imapi - ok
20:30:17.0890 0x18d0  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\System32\imapi.exe
20:30:17.0906 0x18d0  ImapiService - ok
20:30:17.0906 0x18d0  ini910u - ok
20:30:17.0921 0x18d0  IntelIde - ok
20:30:18.0015 0x18d0  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:30:18.0015 0x18d0  intelppm - ok
20:30:18.0031 0x18d0  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
20:30:18.0046 0x18d0  ip6fw - ok
20:30:18.0093 0x18d0  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:30:18.0109 0x18d0  IpFilterDriver - ok
20:30:18.0125 0x18d0  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:30:18.0140 0x18d0  IpInIp - ok
20:30:18.0156 0x18d0  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:30:18.0171 0x18d0  IpNat - ok
20:30:18.0218 0x18d0  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:30:18.0218 0x18d0  IPSec - ok
20:30:18.0234 0x18d0  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:30:18.0234 0x18d0  IRENUM - ok
20:30:18.0265 0x18d0  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:30:18.0265 0x18d0  isapnp - ok
20:30:18.0265 0x18d0  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:30:18.0281 0x18d0  Kbdclass - ok
20:30:18.0296 0x18d0  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:30:18.0312 0x18d0  kmixer - ok
20:30:18.0343 0x18d0  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:30:18.0359 0x18d0  KSecDD - ok
20:30:18.0390 0x18d0  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:30:18.0390 0x18d0  lanmanserver - ok
20:30:18.0421 0x18d0  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:30:18.0562 0x18d0  lanmanworkstation - ok
20:30:18.0578 0x18d0  lbrtfdc - ok
20:30:18.0640 0x18d0  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:30:18.0640 0x18d0  LmHosts - ok
20:30:18.0765 0x18d0  [ F8B823414A22DBF3BEC10DCAA5F93CD8, 651C7521033439C0AA9006F1AC2CF376B1588CE781BEE4D10B7622FA3D055F6C ] McciCMService   C:\Program Files\Common Files\Motive\McciCMService.exe
20:30:18.0812 0x18d0  McciCMService - ok
20:30:18.0859 0x18d0  [ EEAEA6514BA7C9D273B5E87C4E1AAB30, 3B724C6A8867B1B7A45D832150E0CFAC1004D3B972A2A7BFDD2ADDDB2488BB1E ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:30:18.0875 0x18d0  mdmxsdk - ok
20:30:18.0890 0x18d0  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:30:18.0921 0x18d0  Messenger - ok
20:30:18.0953 0x18d0  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:30:18.0953 0x18d0  mnmdd - ok
20:30:19.0031 0x18d0  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
20:30:19.0031 0x18d0  mnmsrvc - ok
20:30:19.0046 0x18d0  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:30:19.0062 0x18d0  Modem - ok
20:30:19.0093 0x18d0  [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:30:19.0093 0x18d0  MODEMCSA - ok
20:30:19.0109 0x18d0  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:30:19.0125 0x18d0  Mouclass - ok
20:30:19.0156 0x18d0  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:30:19.0156 0x18d0  mouhid - ok
20:30:19.0437 0x18d0  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:30:19.0437 0x18d0  MountMgr - ok
20:30:19.0500 0x18d0  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:30:19.0515 0x18d0  MpFilter - ok
20:30:19.0515 0x18d0  mraid35x - ok
20:30:19.0546 0x18d0  [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
20:30:19.0546 0x18d0  MREMP50 - ok
20:30:19.0562 0x18d0  MREMPR5 - ok
20:30:19.0578 0x18d0  MRENDIS5 - ok
20:30:19.0593 0x18d0  [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
20:30:19.0593 0x18d0  MRESP50 - ok
20:30:19.0671 0x18d0  [ 6075DE2AD531F6E30C9995DFDA22001F, BC4D6C6273928502A68F3F6862CD3F1FF98ED82121F37E85CE54D23AAE04DE84 ] mrtRate         C:\WINDOWS\system32\drivers\mrtRate.sys
20:30:19.0671 0x18d0  mrtRate - ok
20:30:19.0687 0x18d0  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:30:19.0703 0x18d0  MRxDAV - ok
20:30:19.0781 0x18d0  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:30:19.0812 0x18d0  MRxSmb - ok
20:30:19.0843 0x18d0  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
20:30:19.0843 0x18d0  MSDTC - ok
20:30:19.0890 0x18d0  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:30:19.0890 0x18d0  Msfs - ok
20:30:19.0906 0x18d0  MSIServer - ok
20:30:19.0921 0x18d0  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:30:19.0937 0x18d0  MSKSSRV - ok
20:30:20.0031 0x18d0  [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:30:20.0031 0x18d0  MsMpSvc - ok
20:30:20.0046 0x18d0  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:30:20.0062 0x18d0  MSPCLOCK - ok
20:30:20.0078 0x18d0  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:30:20.0078 0x18d0  MSPQM - ok
20:30:20.0125 0x18d0  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:30:20.0140 0x18d0  mssmbios - ok
20:30:20.0203 0x18d0  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:30:20.0218 0x18d0  Mup - ok
20:30:20.0250 0x18d0  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:30:20.0265 0x18d0  napagent - ok
20:30:20.0359 0x18d0  [ 81E928EE3751FAF725C87CC17726C05D, 8AB84270DCB35F239B00FA4B9AC90E9520967B8188085D897F28E994CBF911FB ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20140103.001\NAVENG.SYS
20:30:20.0421 0x18d0  NAVENG - ok
20:30:20.0828 0x18d0  [ E0C39FA6C76AE8ED53ABF043F35ECDFF, CD2F87D3CB64F3362508D1855B24F40F1C44CF4132E3626971CCF4E7C49E61D6 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20140103.001\NAVEX15.SYS
20:30:20.0906 0x18d0  NAVEX15 - ok
20:30:21.0015 0x18d0  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:30:21.0031 0x18d0  NDIS - ok
20:30:21.0093 0x18d0  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:30:21.0109 0x18d0  NdisTapi - ok
20:30:21.0125 0x18d0  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:30:21.0140 0x18d0  Ndisuio - ok
20:30:21.0171 0x18d0  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:30:21.0171 0x18d0  NdisWan - ok
20:30:21.0234 0x18d0  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:30:21.0250 0x18d0  NDProxy - ok
20:30:21.0343 0x18d0  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:30:21.0343 0x18d0  NetBIOS - ok
20:30:24.0500 0x18d0  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:30:24.0671 0x18d0  NetBT - ok
20:30:24.0890 0x18d0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:30:25.0015 0x18d0  NetDDE - ok
20:30:25.0109 0x18d0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:30:25.0109 0x18d0  NetDDEdsdm - ok
20:30:25.0234 0x18d0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\System32\lsass.exe
20:30:25.0250 0x18d0  Netlogon - ok
20:30:25.0390 0x18d0  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
20:30:25.0406 0x18d0  Netman - ok
20:30:25.0484 0x18d0  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:30:25.0500 0x18d0  NetTcpPortSharing - ok
20:30:25.0562 0x18d0  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:30:25.0562 0x18d0  Nla - ok
20:30:25.0796 0x18d0  [ 64C89DB40949FD0E7C8FF303676A91F1, A3E5DC71DFF0E04EC398ED26ED5B4A81F938533E710CFCEAA99DF585C0AA79C9 ] Norton Internet Security C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
20:30:25.0796 0x18d0  Norton Internet Security - ok
20:30:25.0859 0x18d0  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:30:25.0890 0x18d0  Npfs - ok
20:30:25.0937 0x18d0  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:30:25.0953 0x18d0  Ntfs - ok
20:30:26.0000 0x18d0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
20:30:26.0000 0x18d0  NtLmSsp - ok
20:30:26.0078 0x18d0  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:30:26.0093 0x18d0  NtmsSvc - ok
20:30:26.0125 0x18d0  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:30:26.0125 0x18d0  Null - ok
20:30:26.0187 0x18d0  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:30:26.0203 0x18d0  NwlnkFlt - ok
20:30:26.0218 0x18d0  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:30:26.0234 0x18d0  NwlnkFwd - ok
20:30:26.0390 0x18d0  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:30:26.0406 0x18d0  odserv - ok
20:30:26.0453 0x18d0  [ CEC7E2C6C1FA00C7AB2F5434F848AE51, 399CF962689652F6B3906F40D20EE7BBDA856CD56031A65C5A1E8718016FCE90 ] OMCI            C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
20:30:26.0468 0x18d0  OMCI - ok
20:30:26.0531 0x18d0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:30:26.0562 0x18d0  ose - ok
20:30:26.0593 0x18d0  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
20:30:26.0609 0x18d0  Parport - ok
20:30:26.0625 0x18d0  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:30:26.0625 0x18d0  PartMgr - ok
20:30:26.0687 0x18d0  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:30:26.0687 0x18d0  ParVdm - ok
20:30:26.0718 0x18d0  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:30:26.0718 0x18d0  PCI - ok
20:30:26.0734 0x18d0  PCIDump - ok
20:30:26.0781 0x18d0  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:30:26.0828 0x18d0  PCIIde - ok
20:30:26.0859 0x18d0  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:30:26.0859 0x18d0  Pcmcia - ok
20:30:26.0875 0x18d0  PDCOMP - ok
20:30:26.0890 0x18d0  PDFRAME - ok
20:30:26.0906 0x18d0  PDRELI - ok
20:30:26.0921 0x18d0  PDRFRAME - ok
20:30:26.0937 0x18d0  perc2 - ok
20:30:26.0953 0x18d0  perc2hib - ok
20:30:27.0093 0x18d0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
20:30:27.0093 0x18d0  PlugPlay - ok
20:30:27.0140 0x18d0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\System32\lsass.exe
20:30:27.0140 0x18d0  PolicyAgent - ok
20:30:27.0187 0x18d0  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:30:27.0187 0x18d0  PptpMiniport - ok
20:30:27.0218 0x18d0  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
20:30:27.0218 0x18d0  Processor - ok
20:30:27.0234 0x18d0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:30:27.0234 0x18d0  ProtectedStorage - ok
20:30:27.0265 0x18d0  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:30:27.0265 0x18d0  PSched - ok
20:30:27.0328 0x18d0  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:30:27.0328 0x18d0  Ptilink - ok
20:30:27.0343 0x18d0  ql1080 - ok
20:30:27.0359 0x18d0  Ql10wnt - ok
20:30:27.0375 0x18d0  ql12160 - ok
20:30:27.0390 0x18d0  ql1240 - ok
20:30:27.0406 0x18d0  ql1280 - ok
20:30:27.0453 0x18d0  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:30:27.0453 0x18d0  RasAcd - ok
20:30:27.0515 0x18d0  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:30:27.0531 0x18d0  RasAuto - ok
20:30:27.0562 0x18d0  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:30:27.0578 0x18d0  Rasl2tp - ok
20:30:27.0671 0x18d0  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:30:27.0703 0x18d0  RasMan - ok
20:30:27.0718 0x18d0  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:30:27.0718 0x18d0  RasPppoe - ok
20:30:27.0765 0x18d0  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:30:27.0765 0x18d0  Raspti - ok
20:30:27.0828 0x18d0  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:30:27.0843 0x18d0  Rdbss - ok
20:30:27.0859 0x18d0  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:30:27.0859 0x18d0  RDPCDD - ok
20:30:27.0890 0x18d0  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:30:27.0890 0x18d0  rdpdr - ok
20:30:27.0984 0x18d0  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:30:27.0984 0x18d0  RDPWD - ok
20:30:28.0046 0x18d0  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:30:28.0062 0x18d0  RDSessMgr - ok
20:30:28.0156 0x18d0  [ 89525CC2DBAD44F7199B9CC188B3F9C5, 09708EFA65BC1CCF92E6F2E143FCF88C645B1633AFE0DED833CDF945CB077D8C ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
20:30:28.0171 0x18d0  RealNetworks Downloader Resolver Service - ok
20:30:28.0187 0x18d0  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:30:28.0187 0x18d0  redbook - ok
20:30:28.0265 0x18d0  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:30:28.0265 0x18d0  RemoteAccess - ok
20:30:28.0328 0x18d0  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:30:28.0328 0x18d0  RemoteRegistry - ok
20:30:28.0343 0x18d0  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\System32\locator.exe
20:30:28.0343 0x18d0  RpcLocator - ok
20:30:28.0390 0x18d0  [ 0F4E82A1BCC9B139CAA9157D85CECC9C, 244A9CE557E3BF6D457B736D31A4A16EE50C8CBD80E234FA2FC83670F07197D4 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:30:28.0406 0x18d0  RpcSs - ok
20:30:28.0437 0x18d0  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\System32\rsvp.exe
20:30:28.0453 0x18d0  RSVP - ok
20:30:28.0500 0x18d0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:30:28.0500 0x18d0  SamSs - ok
20:30:28.0546 0x18d0  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:30:28.0562 0x18d0  SCardSvr - ok
20:30:28.0640 0x18d0  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:30:28.0640 0x18d0  Schedule - ok
20:30:28.0718 0x18d0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:30:28.0718 0x18d0  Secdrv - ok
20:30:28.0781 0x18d0  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:30:28.0781 0x18d0  seclogon - ok
20:30:28.0843 0x18d0  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
20:30:28.0843 0x18d0  SENS - ok
20:30:28.0875 0x18d0  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
20:30:28.0875 0x18d0  serenum - ok
20:30:28.0890 0x18d0  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
20:30:28.0906 0x18d0  Serial - ok
20:30:29.0015 0x18d0  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:30:29.0031 0x18d0  Sfloppy - ok
20:30:29.0109 0x18d0  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:30:29.0125 0x18d0  SharedAccess - ok
20:30:29.0171 0x18d0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:30:29.0171 0x18d0  ShellHWDetection - ok
20:30:29.0187 0x18d0  Simbad - ok
20:30:29.0296 0x18d0  [ 5018A9DB5EB62E3EDB3110F82F556285, 5C90FF4609F6FC77C91FD820DF73C43A7FD72533B8522C78067E7F1EBB09FA65 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
20:30:29.0328 0x18d0  smwdm - ok
20:30:29.0359 0x18d0  Sparrow - ok
20:30:29.0375 0x18d0  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:30:29.0375 0x18d0  splitter - ok
20:30:29.0437 0x18d0  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:30:29.0453 0x18d0  Spooler - ok
20:30:29.0484 0x18d0  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:30:29.0484 0x18d0  sr - ok
20:30:29.0781 0x18d0  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\System32\srsvc.dll
20:30:29.0796 0x18d0  srservice - ok
20:30:29.0875 0x18d0  [ E81F6CAEAB9AD5732E94C07C97866AA2, 240BF5D080D0DA57598E9A95FBCE450A3B8760275056E6C335BCEFD8A3F1B062 ] SRTSP           C:\WINDOWS\System32\Drivers\NIS\1008030.006\SRTSP.SYS
20:30:29.0890 0x18d0  SRTSP - ok
20:30:29.0921 0x18d0  [ E28DE499D942B08058BFFAC69D4122B6, 79C4F716FA12B855FDD99B11ABD662D38CBC5DEAF96FE50C26F6EA2142C66471 ] SRTSPX          C:\WINDOWS\system32\drivers\NIS\1008030.006\SRTSPX.SYS
20:30:29.0921 0x18d0  SRTSPX - ok
20:30:30.0000 0x18d0  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:30:30.0015 0x18d0  Srv - ok
20:30:30.0078 0x18d0  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:30:30.0093 0x18d0  SSDPSRV - ok
20:30:30.0140 0x18d0  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:30:30.0156 0x18d0  stisvc - ok
20:30:30.0187 0x18d0  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:30:30.0203 0x18d0  swenum - ok
20:30:30.0218 0x18d0  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:30:30.0218 0x18d0  swmidi - ok
20:30:30.0234 0x18d0  SwPrv - ok
20:30:30.0250 0x18d0  symc810 - ok
20:30:30.0281 0x18d0  symc8xx - ok
20:30:30.0296 0x18d0  SYMDNS - ok
20:30:30.0390 0x18d0  [ D0885F6E24259A6C65E68D6AD749910A, 8F1F951BE85823BB8D5FB01A9958EC08E56FF5111FFD3463989237CBA94DCB55 ] SymEFA          C:\WINDOWS\system32\drivers\NIS\1008030.006\SYMEFA.SYS
20:30:30.0500 0x18d0  SymEFA - ok
20:30:30.0562 0x18d0  [ A54FF04BD6E75DC4D8CB6F3E352635E0, D9577628E1DC70AFFEA237B0F885C266A36BDACB67F34B525111A7A941CA7BE3 ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:30:30.0578 0x18d0  SymEvent - ok
20:30:30.0687 0x18d0  [ A8C45C36309EE066F9191E511F88ED76, 54E73F91C07DEA95A485F5BC466DD7B752428920E474B4DBEC0B44E3E2BCFB9F ] SYMFW           C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMFW.SYS
20:30:30.0687 0x18d0  SYMFW - ok
20:30:30.0734 0x18d0  [ F4DB00BC0C25BE3E05D4BBB8637CC3A3, 261DC527A58E08C61372A626A1446398434D9D528F190F30CFA3BC3D102D339A ] SYMIDS          C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMIDS.SYS
20:30:30.0734 0x18d0  SYMIDS - ok
20:30:30.0843 0x18d0  [ C6DB9F873B09C63F5CB1DE10C08BF6F9, 011E134ED798C4CD4C4F26C44817A1D3EFEC34DDCD06A06ABCCD9088ABFFED77 ] SymIM           C:\WINDOWS\system32\DRIVERS\SymIM.sys
20:30:30.0859 0x18d0  SymIM - ok
20:30:30.0875 0x18d0  [ C6DB9F873B09C63F5CB1DE10C08BF6F9, 011E134ED798C4CD4C4F26C44817A1D3EFEC34DDCD06A06ABCCD9088ABFFED77 ] SymIMMP         C:\WINDOWS\system32\DRIVERS\SymIM.sys
20:30:30.0875 0x18d0  SymIMMP - ok
20:30:30.0921 0x18d0  [ 06A8ECFC68D61A26A67F0E96FF1CA9CC, 25EAF59B523F802D58DB05C1A4C40E4C3A9DFEA766309F1709674AA913379EAC ] SYMNDIS         C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMNDIS.SYS
20:30:30.0953 0x18d0  SYMNDIS - ok
20:30:30.0968 0x18d0  SYMREDRV - ok
20:30:31.0015 0x18d0  [ 26BC80EC79D7BA478249C266CBDF17B4, C80E2E00AAA6E941E5C6CAB09DD29B1C6FD0896B7682B1970209B0DD4DD85200 ] SYMTDI          C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMTDI.SYS
20:30:31.0031 0x18d0  SYMTDI - ok
20:30:31.0062 0x18d0  sym_hi - ok
20:30:31.0078 0x18d0  sym_u3 - ok
20:30:31.0171 0x18d0  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:30:31.0171 0x18d0  sysaudio - ok
20:30:31.0234 0x18d0  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:30:31.0250 0x18d0  SysmonLog - ok
20:30:31.0312 0x18d0  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:30:31.0343 0x18d0  TapiSrv - ok
20:30:31.0375 0x18d0  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:30:31.0390 0x18d0  Tcpip - ok
20:30:31.0453 0x18d0  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:30:31.0453 0x18d0  TDPIPE - ok
20:30:31.0484 0x18d0  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:30:31.0500 0x18d0  TDTCP - ok
20:30:31.0531 0x18d0  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:30:31.0531 0x18d0  TermDD - ok
20:30:31.0609 0x18d0  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
20:30:31.0625 0x18d0  TermService - ok
20:30:31.0703 0x18d0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:30:31.0703 0x18d0  Themes - ok
20:30:31.0765 0x18d0  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
20:30:31.0781 0x18d0  TlntSvr - ok
20:30:31.0796 0x18d0  TosIde - ok
20:30:31.0859 0x18d0  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:30:31.0875 0x18d0  TrkWks - ok
20:30:31.0937 0x18d0  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:30:32.0000 0x18d0  Udfs - ok
20:30:32.0015 0x18d0  ultra - ok
20:30:32.0093 0x18d0  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:30:32.0125 0x18d0  Update - ok
20:30:32.0187 0x18d0  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:30:32.0187 0x18d0  upnphost - ok
20:30:32.0234 0x18d0  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
20:30:32.0234 0x18d0  UPS - ok
20:30:32.0296 0x18d0  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:30:32.0296 0x18d0  usbccgp - ok
20:30:32.0359 0x18d0  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:30:32.0359 0x18d0  usbehci - ok
20:30:32.0390 0x18d0  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:30:32.0406 0x18d0  usbhub - ok
20:30:32.0421 0x18d0  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:30:32.0421 0x18d0  usbprint - ok
20:30:32.0453 0x18d0  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:30:32.0453 0x18d0  USBSTOR - ok
20:30:32.0531 0x18d0  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:30:32.0531 0x18d0  usbuhci - ok
20:30:32.0546 0x18d0  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:30:32.0546 0x18d0  VgaSave - ok
20:30:32.0562 0x18d0  ViaIde - ok
20:30:32.0640 0x18d0  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:30:32.0640 0x18d0  VolSnap - ok
20:30:32.0765 0x18d0  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
20:30:32.0812 0x18d0  VSS - ok
20:30:33.0000 0x18d0  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\System32\w32time.dll
20:30:33.0046 0x18d0  W32Time - ok
20:30:33.0109 0x18d0  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:30:33.0140 0x18d0  Wanarp - ok
20:30:33.0156 0x18d0  WDICA - ok
20:30:33.0265 0x18d0  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:30:33.0296 0x18d0  wdmaud - ok
20:30:33.0359 0x18d0  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:30:33.0375 0x18d0  WebClient - ok
20:30:33.0421 0x18d0  [ F59ED5A43B988A18EF582BB07B2327A7, E870821C9C4E31D3B05049FBA5D81358F9C30E6A67F600D4EA3A5736CA344028 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:30:33.0453 0x18d0  winachsf - ok
20:30:33.0656 0x18d0  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:30:33.0687 0x18d0  winmgmt - ok
20:30:33.0812 0x18d0  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:30:33.0843 0x18d0  WmdmPmSN - ok
20:30:33.0906 0x18d0  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
20:30:33.0937 0x18d0  Wmi - ok
20:30:34.0015 0x18d0  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:30:34.0015 0x18d0  WmiApSrv - ok
20:30:34.0140 0x18d0  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
20:30:34.0187 0x18d0  WMPNetworkSvc - ok
20:30:34.0312 0x18d0  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:30:34.0375 0x18d0  WPFFontCache_v0400 - ok
20:30:34.0437 0x18d0  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:30:34.0468 0x18d0  wscsvc - ok
20:30:34.0531 0x18d0  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:30:34.0562 0x18d0  wuauserv - ok
20:30:34.0625 0x18d0  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:30:34.0625 0x18d0  WudfPf - ok
20:30:34.0656 0x18d0  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:30:34.0656 0x18d0  WudfRd - ok
20:30:34.0703 0x18d0  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:30:34.0703 0x18d0  WudfSvc - ok
20:30:34.0796 0x18d0  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:30:34.0812 0x18d0  WZCSVC - ok
20:30:34.0859 0x18d0  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:30:34.0859 0x18d0  xmlprov - ok
20:30:34.0937 0x18d0  [ FD1F4E9CF06C71C8D73A24ACF18D8296, 808941E9D1C389B9F4662FA3187766D64A09E41CBEC3A1DB44D6569AEEBF2F7F ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
20:30:34.0953 0x18d0  {6080A529-897E-4629-A488-ABA0C29B635E} - ok
20:30:34.0984 0x18d0  [ D4D7331D33D1FA73E588E5CE0D90A4C1, 428FAFFBA7CF57CD5902DC365DF0E05D5B5F4619A7A97B1BA6F4FBD269984A25 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
20:30:35.0000 0x18d0  {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
20:30:35.0000 0x18d0  ================ Scan global ===============================
20:30:35.0062 0x18d0  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
20:30:35.0125 0x18d0  [ 8C7DCA4B158BF16894120786A7A5F366, E232E82B45412A636F936567036CB966F28F5C3730982145B8A8239B485E4A7E ] C:\WINDOWS\system32\winsrv.dll
20:30:35.0171 0x18d0  [ 8C7DCA4B158BF16894120786A7A5F366, E232E82B45412A636F936567036CB966F28F5C3730982145B8A8239B485E4A7E ] C:\WINDOWS\system32\winsrv.dll
20:30:35.0218 0x18d0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
20:30:35.0218 0x18d0  [ Global ] - ok
20:30:35.0234 0x18d0  ================ Scan MBR ==================================
20:30:35.0265 0x18d0  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:30:35.0656 0x18d0  \Device\Harddisk0\DR0 - ok
20:30:35.0671 0x18d0  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR4
20:30:35.0671 0x18d0  \Device\Harddisk1\DR4 - ok
20:30:35.0687 0x18d0  ================ Scan VBR ==================================
20:30:35.0687 0x18d0  [ 89D17D4B17C2F7E506775071BF3EB24D ] \Device\Harddisk0\DR0\Partition1
20:30:35.0687 0x18d0  \Device\Harddisk0\DR0\Partition1 - ok
20:30:35.0703 0x18d0  [ BB5618933D94247A0840F5CA7E64A92E ] \Device\Harddisk1\DR4\Partition1
20:30:35.0718 0x18d0  \Device\Harddisk1\DR4\Partition1 - ok
20:30:36.0265 0x18d0  Win FW state via NFM: disabled
20:30:36.0265 0x18d0  ============================================================
20:30:36.0265 0x18d0  Scan finished
20:30:36.0265 0x18d0  ============================================================
20:30:36.0296 0x18c8  Detected object count: 0
20:30:36.0296 0x18c8  Actual detected object count: 0
 



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:23 AM

Posted 16 January 2014 - 10:02 PM

Sorry for the brief replies, but please regard this as Severe -

 

Bloodhound.MalPE is a heuristic detection used to detect threats associated with the Backdoor.Tidserv family.
For more information, please see the following resource: Backdoor.Tidserv

 

This is basically a Backdoor Trojan that I am not able to remove -

I would change all passwords used on the computer, and not use the system for banking until you do.

 

As you are badly infected, please follow the instructions in the Preparation Guide starting at Step #6.

 

NOTE :If you are unable to complete any step, please post the topic and leave a full description of your problems

 

When you have done that, start a new topic and post the required logs to  Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.

 

Please Use Copy / Paste for your responses, and Do Not Attach them unless your helper requests this.

 

 If Help Bot responds to your topic, please follow his Step #1 so the team will be notified.

 

 After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

Thank You -



#5 amgesq

amgesq
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:23 AM

Posted 17 January 2014 - 12:17 AM

Thanks Aussie Addict.  I started a new thread as yo uinsructed.  Here is the URL:  http://www.bleepingcomputer.com/forums/t/521091/maybe-bloodoundmalpe;-dc-com-server-process-launcher-service-terminated-unexpec/

 

Thanks for your help.  Hope it's cooler in Victoria than it is in Melbourne.

 

Andy



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:23 AM

Posted 17 January 2014 - 02:25 AM

Thanks Andy -

Geelong just outside of Melbourne - 45C today, and a cool change 35C just hit -

 

Please be patient and the Malware Removal Crew will be along as quick as they can -

 

Regards -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users