Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zombie Surfing, Hijack, Unknown Virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 cnstevens

cnstevens

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 30 March 2014 - 09:31 PM

Hello,

 

Recently my computer started just surfing on its own without any browser. It just starts popping up on a series of websites many with various versions of question-search.com or some other "whatever"-search.com on its own. It will start from basic windows or interrupt while we are on Netflix or just about anytime it wants unless it is turned off or unplugged from the internet.

 

It ends up hogging up to 100% of CPU usage when viewed on the task manager. I ran Spybot, MalwareBytes, AdwCleaner and HitmanPro (build 216 whatever that means). All to no avail. I got rid of Somoto or something like that and tons of other malware/uselessware but my computer is still a zombie.

 

It seems to be surfing directly from Windows Explorer folders somehow and not from I-explorer.

 

I posted in another forum and "bloopme" posted some instructions for 'DDS' and to post the information here. DDS produced only the attach.txt log and never did create a dds.txt log so I cannot include that. I am attaching the attach.txt and some screen shots that I managed to get. 

 

Thanks

Chris

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 PM

Posted 31 March 2014 - 04:09 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 cnstevens

cnstevens
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 03 April 2014 - 07:08 AM

Hello Marius,

 

Please keep this thread open. I have been keeping the problem  computer turned off all week. I will complete the instruction set tonight or tomorrow. I work very long hours and have not been able to do it.

 

Thank You,

Chris

 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 PM

Posted 04 April 2014 - 02:21 AM

OK


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 cnstevens

cnstevens
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 04 April 2014 - 06:26 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Administrator (administrator) on MACHIN1 on 04-04-2014 18:20:42
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33673216 2009-08-28] (VIA Technologies, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1409082233-790525478-1417001333-500\...409d6c4515e9\InprocServer32: [Default-shell32] C:\RECYCLER\S-1-5-21-1409082233-790525478-1417001333-500\$cdfe0b2e77623d0b4816fe375f2e5ce2\n. ATTENTION! ====> ZeroAccess?
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll => c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll File Not Found
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Java Deployment Toolkit 7.0.50.5) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-04]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-04]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-04]
CHR Extension: (DuckDuckGo Home Page) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ljkalbbbffedallekgkdheknngopfhif [2013-07-01]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-04]
CHR HKLM\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Documents and Settings\Administrator\Local Settings\Application Data\ilividmoviestoolbarha\GC\toolbar.crx [2013-02-04]
CHR HKLM\...\Chrome\Extension: [edfllcfghbogdahicgpcmnmkgpcmdjeo] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\edfllcfghbogdahicgpcmnmkgpcmdjeo.crx [2013-06-05]
CHR HKCU\...\Chrome\Extension: [edfllcfghbogdahicgpcmnmkgpcmdjeo] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\edfllcfghbogdahicgpcmnmkgpcmdjeo.crx [2013-06-05]
 
========================== Services (Whitelisted) =================
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2014-03-30] ()
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [39424 2009-08-05] (Atheros Communications, Inc.)
S3 libusb0; C:\WINDOWS\System32\DRIVERS\libusb0.sys [28160 2009-07-07] (http://libusb-win32.sourceforge.net)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-03-30] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [724736 2009-10-06] (Ralink Technology, Corp.)
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [1390976 2009-08-17] (VIA Technologies, Inc.)
S4 IntelIde; No ImagePath
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-04 18:20 - 2014-04-04 18:20 - 00000000 ____D () C:\FRST
2014-04-04 18:13 - 2014-04-04 18:13 - 00000000 ____D () C:\WINDOWS\LastGood
2014-04-04 18:10 - 2014-04-04 18:14 - 00000000 ____D () C:\c3ba9c224ea16cef5ef40f72
2014-03-30 21:27 - 2014-03-30 21:27 - 00000000 ___HD () C:\WINDOWS\PIF
2014-03-30 20:10 - 2014-03-30 20:27 - 00007823 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-03-30 19:57 - 2014-03-30 19:57 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-03-30 15:06 - 2014-03-30 15:06 - 00030976 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-03-30 15:02 - 2014-03-30 15:02 - 00003686 _____ () C:\WINDOWS\system32\.crusader
2014-03-30 14:08 - 2014-03-30 15:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-03-30 13:53 - 2014-03-30 14:29 - 00000000 ____D () C:\AdwCleaner
2014-03-30 13:36 - 2014-03-30 13:36 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-03-29 15:44 - 2014-03-29 15:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Oracle
2014-03-29 15:42 - 2014-03-29 15:42 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-03-29 15:42 - 2014-03-29 15:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-03-29 15:42 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-03-29 15:42 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-03-29 15:42 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-03-29 15:42 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-03-29 15:42 - 2013-12-18 20:46 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-03-29 15:39 - 2014-03-29 15:42 - 00005724 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-03-26 20:22 - 2014-04-04 18:08 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-26 20:22 - 2014-03-26 21:56 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-26 20:11 - 2014-03-26 20:11 - 00004089 _____ () C:\WINDOWS\KB2934207.log
2014-03-26 20:11 - 2014-03-26 20:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-26 17:52 - 2014-02-25 20:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-26 17:52 - 2014-02-25 20:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-25 22:08 - 2014-03-30 21:24 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-16 10:54 - 2014-03-16 10:54 - 00132274 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-16 10:54 - 2014-03-16 10:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-16 10:54 - 2014-03-16 10:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-15 14:42 - 2014-03-16 10:54 - 00129888 _____ () C:\WINDOWS\KB2930275.log
2014-03-15 14:42 - 2014-03-16 10:54 - 00128484 _____ () C:\WINDOWS\KB2929961.log
 
==================== One Month Modified Files and Folders =======
 
2014-04-04 18:20 - 2014-04-04 18:20 - 00000000 ____D () C:\FRST
2014-04-04 18:16 - 2013-02-01 19:21 - 01490844 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-04 18:14 - 2014-04-04 18:10 - 00000000 ____D () C:\c3ba9c224ea16cef5ef40f72
2014-04-04 18:14 - 2013-02-02 18:06 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
2014-04-04 18:14 - 2013-02-02 18:05 - 00001698 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-04 18:13 - 2014-04-04 18:13 - 00000000 ____D () C:\WINDOWS\LastGood
2014-04-04 18:13 - 2013-02-02 18:05 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-04 18:08 - 2014-03-26 20:22 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-04 18:08 - 2013-02-04 20:07 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 18:08 - 2013-02-04 20:07 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-04 18:08 - 2013-02-01 19:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-04 18:08 - 2013-02-01 13:17 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-04 18:08 - 2013-02-01 13:17 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-04-04 18:08 - 2001-08-23 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-01 20:59 - 2013-02-01 19:25 - 00032634 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-01 20:59 - 2013-02-01 19:25 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-03-30 21:35 - 2013-02-09 22:30 - 00000386 _____ () C:\WINDOWS\Tasks\LexmarkPUDCTask.job
2014-03-30 21:30 - 2013-02-26 20:59 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-03-30 21:27 - 2014-03-30 21:27 - 00000000 ___HD () C:\WINDOWS\PIF
2014-03-30 21:24 - 2014-03-25 22:08 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-30 20:38 - 2013-06-13 20:38 - 00000418 _____ () C:\WINDOWS\Tasks\At1.job
2014-03-30 20:27 - 2014-03-30 20:10 - 00007823 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-03-30 19:57 - 2014-03-30 19:57 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-03-30 15:06 - 2014-03-30 15:06 - 00030976 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-03-30 15:02 - 2014-03-30 15:02 - 00003686 _____ () C:\WINDOWS\system32\.crusader
2014-03-30 15:02 - 2014-03-30 14:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-03-30 14:29 - 2014-03-30 13:53 - 00000000 ____D () C:\AdwCleaner
2014-03-30 13:36 - 2014-03-30 13:36 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-03-29 15:44 - 2014-03-29 15:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Oracle
2014-03-29 15:42 - 2014-03-29 15:42 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-03-29 15:42 - 2014-03-29 15:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-03-29 15:42 - 2014-03-29 15:39 - 00005724 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-03-29 15:42 - 2013-08-07 23:39 - 00000000 ____D () C:\Program Files\Java
2014-03-28 21:47 - 2013-03-13 13:16 - 00324493 _____ () C:\WINDOWS\setupapi.log
2014-03-28 21:47 - 2013-02-01 13:13 - 00175955 _____ () C:\WINDOWS\setupact.log
2014-03-27 13:44 - 2013-06-19 22:39 - 00002863 _____ () C:\WINDOWS\wininit.ini
2014-03-27 11:53 - 2013-06-12 22:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2839229$
2014-03-27 06:55 - 2014-03-01 13:10 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\IWsoft
2014-03-26 21:56 - 2014-03-26 20:22 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-26 20:27 - 2013-02-01 13:14 - 00509828 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-26 20:11 - 2014-03-26 20:11 - 00004089 _____ () C:\WINDOWS\KB2934207.log
2014-03-26 20:11 - 2014-03-26 20:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-26 20:11 - 2013-02-01 13:14 - 01312911 _____ () C:\WINDOWS\iis6.log
2014-03-26 20:11 - 2013-02-01 13:14 - 01186305 _____ () C:\WINDOWS\FaxSetup.log
2014-03-26 20:11 - 2013-02-01 13:14 - 00613209 _____ () C:\WINDOWS\ocgen.log
2014-03-26 20:11 - 2013-02-01 13:14 - 00546894 _____ () C:\WINDOWS\tsoc.log
2014-03-26 20:11 - 2013-02-01 13:14 - 00407583 _____ () C:\WINDOWS\comsetup.log
2014-03-26 20:11 - 2013-02-01 13:14 - 00367326 _____ () C:\WINDOWS\msmqinst.log
2014-03-26 20:11 - 2013-02-01 13:14 - 00245085 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-26 20:11 - 2013-02-01 13:14 - 00208560 _____ () C:\WINDOWS\netfxocm.log
2014-03-26 20:11 - 2013-02-01 13:14 - 00082237 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-26 20:11 - 2013-02-01 13:14 - 00065865 _____ () C:\WINDOWS\ocmsn.log
2014-03-26 20:11 - 2013-02-01 13:14 - 00060342 _____ () C:\WINDOWS\tabletoc.log
2014-03-26 20:11 - 2013-02-01 13:14 - 00059581 _____ () C:\WINDOWS\msgsocm.log
2014-03-26 20:11 - 2013-02-01 13:14 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-23 18:48 - 2013-02-03 11:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-03-23 18:40 - 2013-02-08 21:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\dvdcss
2014-03-18 00:10 - 2013-07-24 21:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 00:08 - 2013-02-02 17:19 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-16 11:10 - 2013-02-03 23:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 11:10 - 2013-02-01 13:13 - 00120544 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-16 10:54 - 2014-03-16 10:54 - 00132274 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-16 10:54 - 2014-03-16 10:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-16 10:54 - 2014-03-16 10:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-16 10:54 - 2014-03-15 14:42 - 00129888 _____ () C:\WINDOWS\KB2930275.log
2014-03-16 10:54 - 2014-03-15 14:42 - 00128484 _____ () C:\WINDOWS\KB2929961.log
2014-03-16 10:54 - 2013-02-02 16:47 - 00089583 _____ () C:\WINDOWS\updspapi.log
2014-03-16 10:54 - 2013-02-01 13:14 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-16 10:53 - 2013-02-03 23:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-15 21:35 - 2013-02-09 21:51 - 00000000 ____D () C:\Documents and Settings\All Users\LexmarkUpdate
2014-03-15 14:53 - 2014-02-09 16:04 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
 
ZeroAccess:
C:\RECYCLER\S-1-5-18\$cdfe0b2e77623d0b4816fe375f2e5ce2
 
Files to move or delete:
====================
C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Administrator\random.dat
C:\Windows\Tasks\At1.job
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\APNSetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\FastFreeConverterUpdt_v5.5.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\MybabylonTB.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\propsys.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\vcredist_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Administrator at 2014-04-04 18:21:56
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 
==================== Installed Programs ======================
 
ABBYY FineReader 9.0 Sprint (HKLM\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.595.5857 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.00.595.5857 - ABBYY) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
Garmin ANT Agent (HKLM\...\{2CEDDEB4-7AB5-440E-A8B0-4EF9B1727DBD}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
InfraRecorder (HKLM\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lexmark S510 Series Uninstaller (HKLM\...\Lexmark S510 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.5.0 - Ralink)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
31-12-2013 05:00:42 Software Distribution Service 3.0
31-12-2013 19:22:35 Software Distribution Service 3.0
01-01-2014 01:24:20 Software Distribution Service 3.0
02-01-2014 04:17:34 System Checkpoint
02-01-2014 05:00:34 Software Distribution Service 3.0
03-01-2014 06:21:09 Software Distribution Service 3.0
04-01-2014 07:00:34 System Checkpoint
04-01-2014 07:44:15 Software Distribution Service 3.0
07-01-2014 05:56:43 Software Distribution Service 3.0
08-01-2014 04:52:34 Software Distribution Service 3.0
09-01-2014 05:27:07 System Checkpoint
09-01-2014 06:03:02 Software Distribution Service 3.0
10-01-2014 04:09:42 Software Distribution Service 3.0
11-01-2014 06:18:23 Software Distribution Service 3.0
12-01-2014 09:00:15 Software Distribution Service 3.0
12-01-2014 09:28:40 Software Distribution Service 3.0
13-01-2014 02:39:05 Software Distribution Service 3.0
13-01-2014 09:00:15 Software Distribution Service 3.0
13-01-2014 09:27:01 Software Distribution Service 3.0
14-01-2014 07:01:06 Software Distribution Service 3.0
15-01-2014 05:21:10 Software Distribution Service 3.0
17-01-2014 05:48:12 System Checkpoint
17-01-2014 09:00:14 Software Distribution Service 3.0
17-01-2014 12:12:05 Software Distribution Service 3.0
20-01-2014 23:40:50 System Checkpoint
21-01-2014 03:35:15 Software Distribution Service 3.0
22-01-2014 06:04:25 Software Distribution Service 3.0
25-01-2014 19:27:06 System Checkpoint
26-01-2014 04:28:01 Software Distribution Service 3.0
27-01-2014 17:54:45 System Checkpoint
28-01-2014 06:01:23 Software Distribution Service 3.0
30-01-2014 19:29:33 System Checkpoint
31-01-2014 04:48:48 Software Distribution Service 3.0
01-02-2014 06:58:25 Software Distribution Service 3.0
02-02-2014 07:20:01 System Checkpoint
02-02-2014 09:00:14 Software Distribution Service 3.0
03-02-2014 09:00:14 Software Distribution Service 3.0
04-02-2014 03:59:40 Software Distribution Service 3.0
05-02-2014 09:00:15 Software Distribution Service 3.0
05-02-2014 14:12:42 Software Distribution Service 3.0
06-02-2014 05:26:27 Software Distribution Service 3.0
07-02-2014 06:24:41 Software Distribution Service 3.0
08-02-2014 07:24:05 Software Distribution Service 3.0
09-02-2014 03:50:22 Software Distribution Service 3.0
10-02-2014 14:02:46 Software Distribution Service 3.0
11-02-2014 04:50:43 Software Distribution Service 3.0
12-02-2014 04:41:16 Software Distribution Service 3.0
13-02-2014 04:53:36 System Checkpoint
13-02-2014 05:56:39 Software Distribution Service 3.0
14-02-2014 06:29:03 Software Distribution Service 3.0
15-02-2014 03:21:59 Software Distribution Service 3.0
16-02-2014 07:07:46 Software Distribution Service 3.0
17-02-2014 05:29:35 Software Distribution Service 3.0
18-02-2014 03:31:36 Software Distribution Service 3.0
19-02-2014 01:43:26 Software Distribution Service 3.0
19-02-2014 06:48:42 Software Distribution Service 3.0
20-02-2014 04:39:48 Software Distribution Service 3.0
21-02-2014 05:43:15 Software Distribution Service 3.0
22-02-2014 04:40:29 Software Distribution Service 3.0
23-02-2014 05:07:06 System Checkpoint
23-02-2014 09:00:14 Software Distribution Service 3.0
24-02-2014 09:00:14 Software Distribution Service 3.0
25-02-2014 09:00:14 Software Distribution Service 3.0
26-02-2014 09:00:14 Software Distribution Service 3.0
27-02-2014 05:17:12 Software Distribution Service 3.0
28-02-2014 04:46:02 Software Distribution Service 3.0
01-03-2014 05:49:52 Software Distribution Service 3.0
02-03-2014 05:01:54 Software Distribution Service 3.0
03-03-2014 02:59:48 Software Distribution Service 3.0
04-03-2014 03:35:25 Software Distribution Service 3.0
05-03-2014 01:28:27 Software Distribution Service 3.0
07-03-2014 05:09:47 Software Distribution Service 3.0
08-03-2014 04:22:03 Software Distribution Service 3.0
09-03-2014 03:17:07 Software Distribution Service 3.0
10-03-2014 05:49:48 Software Distribution Service 3.0
15-03-2014 21:07:24 System Checkpoint
16-03-2014 15:53:07 Software Distribution Service 3.0
17-03-2014 02:47:04 Software Distribution Service 3.0
18-03-2014 05:08:32 Software Distribution Service 3.0
19-03-2014 04:06:00 Software Distribution Service 3.0
21-03-2014 00:14:23 System Checkpoint
21-03-2014 21:10:51 Software Distribution Service 3.0
22-03-2014 02:51:12 Software Distribution Service 3.0
23-03-2014 05:39:51 Software Distribution Service 3.0
23-03-2014 14:34:38 Software Distribution Service 3.0
24-03-2014 08:00:14 Software Distribution Service 3.0
24-03-2014 11:34:56 Software Distribution Service 3.0
25-03-2014 21:23:34 System Checkpoint
26-03-2014 03:14:04 Software Distribution Service 3.0
27-03-2014 01:10:21 Software Distribution Service 3.0
27-03-2014 08:00:36 Software Distribution Service 3.0
28-03-2014 01:18:39 Software Distribution Service 3.0
29-03-2014 02:10:28 System Checkpoint
29-03-2014 03:31:49 Software Distribution Service 3.0
29-03-2014 17:23:37 Software Distribution Service 3.0
29-03-2014 20:39:13 Installed Java 7 Update 51
30-03-2014 08:00:31 Software Distribution Service 3.0
04-04-2014 23:10:10 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
2001-08-23 07:00 - 2013-06-19 22:18 - 00449723 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\ADMINI~1\APPLIC~1\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\LexmarkPUDCTask.job => C:\Program Files\Lexmark\ProductUpdate\lmprodupdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-15 14:53 - 2014-03-14 19:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 14:53 - 2014-03-14 19:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 14:53 - 2014-03-14 19:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 14:53 - 2014-03-14 19:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2008-04-14 05:41 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 05:42 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\WINDOWS\pss\OpenOffice.org 3.4.1.lnkStartup
MSCONFIG\startupreg: ABBYY Screenshot Reader Bonus => "C:\Program Files\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe" -autorun
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ANT Agent => C:\Program Files\Garmin\ANT Agent\ANT Agent.exe
MSCONFIG\startupreg: LMab1err => "C:\Program Files\Lexmark\ErrorApp\LMab1err.exe"
MSCONFIG\startupreg: LMADHmon => "C:\Program Files\Lexmark S510 Series\LMADHmon.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: SDP => C:\Program Files\FilesFrog Update Checker\update_checker.exe /auto 
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/30/2014 07:40:12 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.2.223.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL
 
Error: (03/30/2014 07:39:46 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/30/2014 05:31:38 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000673be.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (03/30/2014 01:24:39 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 33.0.1750.154, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/30/2014 01:07:28 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/30/2014 01:06:44 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/30/2014 03:00:51 AM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x8004FF88
Description:.  0x8004FF88.
 
Error: (03/30/2014 03:00:51 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes,
 
Error: (03/29/2014 00:23:58 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x8004FF88
Description:.  0x8004FF88.
 
Error: (03/29/2014 00:23:56 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes,
 
 
System errors:
=============
Error: (04/04/2014 06:09:05 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (04/04/2014 06:09:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (04/01/2014 08:58:41 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (04/01/2014 08:58:41 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (03/30/2014 09:30:18 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort3
 
Error: (03/30/2014 09:19:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (03/30/2014 09:19:59 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (03/30/2014 09:13:08 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort3
 
Error: (03/30/2014 09:02:30 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort3
 
Error: (03/30/2014 09:02:24 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort3
 
 
Microsoft Office Sessions:
=========================
Error: (03/30/2014 07:40:12 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.2.223.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL
 
Error: (03/30/2014 07:39:46 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (03/30/2014 05:31:38 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512ntdll.dll5.1.2600.6055000673be
 
Error: (03/30/2014 01:24:39 PM) (Source: Application Hang)(User: )
Description: chrome.exe33.0.1750.154hungapp0.0.0.000000000
 
Error: (03/30/2014 01:07:28 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000
 
Error: (03/30/2014 01:06:44 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (03/30/2014 03:00:51 AM) (Source: Microsoft Security Client Setup)(User: )
Description: HRESULT:0x8004FF88
Description:.  0x8004FF88.
 
Error: (03/30/2014 03:00:51 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes, (NULL)(NULL)(NULL)
 
Error: (03/29/2014 00:23:58 PM) (Source: Microsoft Security Client Setup)(User: )
Description: HRESULT:0x8004FF88
Description:.  0x8004FF88.
 
Error: (03/29/2014 00:23:56 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes, (NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 49%
Total physical RAM: 2038 MB
Available physical RAM: 1038.71 MB
Total Pagefile: 3930.85 MB
Available Pagefile: 2941.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.5 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.04 GB) (Free:129.05 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 3FBA3FBA)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 cnstevens

cnstevens
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 04 April 2014 - 06:51 PM

18:31:38.0671 0x146c  TDSS rootkit removing tool 3.0.0.28 Apr  4 2014 12:43:10
18:33:23.0390 0x146c  ============================================================
18:33:23.0390 0x146c  Current date / time: 2014/04/04 18:33:23.0390
18:33:23.0390 0x146c  SystemInfo:
18:33:23.0390 0x146c  
18:33:23.0390 0x146c  OS Version: 5.1.2600 ServicePack: 3.0
18:33:23.0390 0x146c  Product type: Workstation
18:33:23.0390 0x146c  ComputerName: MACHIN1
18:33:23.0390 0x146c  UserName: Administrator
18:33:23.0390 0x146c  Windows directory: C:\WINDOWS
18:33:23.0390 0x146c  System windows directory: C:\WINDOWS
18:33:23.0390 0x146c  Processor architecture: Intel x86
18:33:23.0390 0x146c  Number of processors: 4
18:33:23.0390 0x146c  Page size: 0x1000
18:33:23.0390 0x146c  Boot type: Normal boot
18:33:23.0390 0x146c  ============================================================
18:33:30.0578 0x146c  KLMD registered as C:\WINDOWS\system32\drivers\20857881.sys
18:33:32.0484 0x146c  System UUID: {07D8B594-31F4-2BB9-F843-E1B7526AC3A4}
18:33:39.0875 0x146c  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:33:39.0921 0x146c  ============================================================
18:33:39.0921 0x146c  \Device\Harddisk0\DR0:
18:33:39.0921 0x146c  MBR partitions:
18:33:39.0921 0x146c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
18:33:39.0921 0x146c  ============================================================
18:33:40.0015 0x146c  C: <-> \Device\Harddisk0\DR0\Partition1
18:33:40.0015 0x146c  ============================================================
18:33:40.0015 0x146c  Initialize success
18:33:40.0015 0x146c  ============================================================
18:33:58.0406 0x12c8  ============================================================
18:33:58.0421 0x12c8  Scan started
18:33:58.0421 0x12c8  Mode: Manual; 
18:33:58.0421 0x12c8  ============================================================
18:33:58.0421 0x12c8  KSN ping started
18:34:13.0593 0x12c8  KSN ping finished: true
18:34:17.0078 0x12c8  ================ Scan system memory ========================
18:34:17.0078 0x12c8  System memory - ok
18:34:17.0078 0x12c8  ================ Scan services =============================
18:34:17.0734 0x12c8  [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
18:34:18.0125 0x12c8  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
18:34:20.0015 0x12c8  Abiosdsk - ok
18:34:20.0031 0x12c8  abp480n5 - ok
18:34:20.0125 0x12c8  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:34:21.0500 0x12c8  ACPI - ok
18:34:21.0828 0x12c8  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
18:34:21.0843 0x12c8  ACPIEC - ok
18:34:21.0843 0x12c8  adpu160m - ok
18:34:22.0109 0x12c8  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
18:34:22.0171 0x12c8  aec - ok
18:34:22.0250 0x12c8  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
18:34:22.0265 0x12c8  AFD - ok
18:34:22.0265 0x12c8  Aha154x - ok
18:34:22.0281 0x12c8  aic78u2 - ok
18:34:22.0296 0x12c8  aic78xx - ok
18:34:22.0375 0x12c8  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
18:34:22.0859 0x12c8  Alerter - ok
18:34:23.0250 0x12c8  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
18:34:23.0390 0x12c8  ALG - ok
18:34:23.0406 0x12c8  AliIde - ok
18:34:23.0421 0x12c8  amsint - ok
18:34:23.0562 0x12c8  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
18:34:24.0531 0x12c8  AppMgmt - ok
18:34:24.0546 0x12c8  asc - ok
18:34:24.0609 0x12c8  asc3350p - ok
18:34:24.0609 0x12c8  asc3550 - ok
18:34:25.0906 0x12c8  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:34:27.0000 0x12c8  aspnet_state - ok
18:34:27.0093 0x12c8  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:34:27.0125 0x12c8  AsyncMac - ok
18:34:27.0171 0x12c8  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
18:34:27.0171 0x12c8  atapi - ok
18:34:27.0187 0x12c8  Atdisk - ok
18:34:27.0296 0x12c8  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:34:27.0359 0x12c8  Atmarpc - ok
18:34:27.0390 0x12c8  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
18:34:27.0437 0x12c8  AudioSrv - ok
18:34:27.0468 0x12c8  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
18:34:27.0500 0x12c8  audstub - ok
18:34:27.0546 0x12c8  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
18:34:27.0703 0x12c8  Beep - ok
18:34:27.0984 0x12c8  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
18:34:28.0687 0x12c8  BITS - ok
18:34:28.0812 0x12c8  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
18:34:28.0859 0x12c8  Browser - ok
18:34:28.0953 0x12c8  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
18:34:28.0984 0x12c8  cbidf2k - ok
18:34:28.0984 0x12c8  cd20xrnt - ok
18:34:29.0015 0x12c8  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
18:34:29.0062 0x12c8  Cdaudio - ok
18:34:29.0125 0x12c8  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
18:34:29.0187 0x12c8  Cdfs - ok
18:34:29.0281 0x12c8  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:34:29.0343 0x12c8  Cdrom - ok
18:34:29.0359 0x12c8  Changer - ok
18:34:29.0375 0x12c8  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
18:34:29.0421 0x12c8  CiSvc - ok
18:34:29.0453 0x12c8  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
18:34:29.0546 0x12c8  ClipSrv - ok
18:34:29.0734 0x12c8  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:34:30.0343 0x12c8  clr_optimization_v2.0.50727_32 - ok
18:34:30.0359 0x12c8  CmdIde - ok
18:34:30.0359 0x12c8  COMSysApp - ok
18:34:30.0390 0x12c8  Cpqarray - ok
18:34:30.0687 0x12c8  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
18:34:30.0750 0x12c8  CryptSvc - ok
18:34:30.0765 0x12c8  dac2w2k - ok
18:34:30.0765 0x12c8  dac960nt - ok
18:34:31.0187 0x12c8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
18:34:31.0562 0x12c8  DcomLaunch - ok
18:34:31.0687 0x12c8  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
18:34:32.0546 0x12c8  Dhcp - ok
18:34:32.0625 0x12c8  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
18:34:32.0656 0x12c8  Disk - ok
18:34:32.0671 0x12c8  dmadmin - ok
18:34:33.0343 0x12c8  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
18:34:34.0125 0x12c8  dmboot - ok
18:34:34.0265 0x12c8  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
18:34:34.0671 0x12c8  dmio - ok
18:34:34.0703 0x12c8  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
18:34:34.0828 0x12c8  dmload - ok
18:34:34.0921 0x12c8  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
18:34:34.0953 0x12c8  dmserver - ok
18:34:35.0031 0x12c8  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
18:34:35.0078 0x12c8  DMusic - ok
18:34:35.0156 0x12c8  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
18:34:35.0156 0x12c8  Dnscache - ok
18:34:35.0281 0x12c8  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
18:34:35.0500 0x12c8  Dot3svc - ok
18:34:35.0546 0x12c8  dpti2o - ok
18:34:35.0671 0x12c8  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
18:34:35.0687 0x12c8  drmkaud - ok
18:34:35.0765 0x12c8  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
18:34:36.0671 0x12c8  EapHost - ok
18:34:36.0781 0x12c8  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
18:34:36.0953 0x12c8  ERSvc - ok
18:34:37.0171 0x12c8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
18:34:37.0343 0x12c8  Eventlog - ok
18:34:37.0875 0x12c8  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
18:34:38.0953 0x12c8  EventSystem - ok
18:34:39.0062 0x12c8  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
18:34:39.0703 0x12c8  Fastfat - ok
18:34:39.0781 0x12c8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:34:39.0843 0x12c8  FastUserSwitchingCompatibility - ok
18:34:39.0890 0x12c8  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
18:34:39.0921 0x12c8  Fdc - ok
18:34:39.0968 0x12c8  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
18:34:40.0015 0x12c8  Fips - ok
18:34:40.0046 0x12c8  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:34:40.0078 0x12c8  Flpydisk - ok
18:34:40.0187 0x12c8  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:34:40.0265 0x12c8  FltMgr - ok
18:34:40.0343 0x12c8  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:34:40.0468 0x12c8  FontCache3.0.0.0 - ok
18:34:40.0500 0x12c8  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:34:41.0250 0x12c8  Fs_Rec - ok
18:34:41.0328 0x12c8  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:34:41.0406 0x12c8  Ftdisk - ok
18:34:41.0468 0x12c8  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:34:41.0546 0x12c8  Gpc - ok
18:34:41.0671 0x12c8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
18:34:42.0078 0x12c8  gupdate - ok
18:34:42.0125 0x12c8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
18:34:42.0203 0x12c8  gupdatem - ok
18:34:42.0328 0x12c8  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:34:42.0375 0x12c8  HDAudBus - ok
18:34:42.0468 0x12c8  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:34:42.0531 0x12c8  helpsvc - ok
18:34:42.0812 0x12c8  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
18:34:43.0187 0x12c8  HidServ - ok
18:34:43.0312 0x12c8  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:34:43.0343 0x12c8  hidusb - ok
18:34:43.0515 0x12c8  [ CE77439BAF613019D6B7658292D1E4A6, EF0BCD841FB884F409102DED41EEB4B9E093B3B2FF9C2D932CE581767D892007 ] hitmanpro37     C:\WINDOWS\system32\drivers\hitmanpro37.sys
18:34:43.0515 0x12c8  hitmanpro37 - ok
18:34:43.0625 0x12c8  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
18:34:43.0859 0x12c8  hkmsvc - ok
18:34:43.0859 0x12c8  hpn - ok
18:34:43.0968 0x12c8  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
18:34:43.0984 0x12c8  HTTP - ok
18:34:44.0125 0x12c8  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
18:34:44.0171 0x12c8  HTTPFilter - ok
18:34:44.0171 0x12c8  i2omgmt - ok
18:34:44.0187 0x12c8  i2omp - ok
18:34:44.0296 0x12c8  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:34:44.0343 0x12c8  i8042prt - ok
18:34:48.0531 0x12c8  [ 9ACB03875CFE068D5CC0E98FB2CF7017, EF07C774A286B587979B8C0071AB90ABFEBD1CB4CD4F2E58A4EEE83C3D969BE5 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:34:52.0453 0x12c8  ialm - ok
18:34:52.0828 0x12c8  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:34:53.0953 0x12c8  idsvc - ok
18:34:54.0109 0x12c8  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
18:34:54.0609 0x12c8  Imapi - ok
18:34:54.0890 0x12c8  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
18:34:55.0093 0x12c8  ImapiService - ok
18:34:55.0109 0x12c8  ini910u - ok
18:34:55.0140 0x12c8  IntelIde - ok
18:34:55.0218 0x12c8  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:34:55.0281 0x12c8  intelppm - ok
18:34:55.0359 0x12c8  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:34:55.0421 0x12c8  Ip6Fw - ok
18:34:55.0484 0x12c8  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:34:55.0531 0x12c8  IpFilterDriver - ok
18:34:55.0812 0x12c8  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:34:55.0875 0x12c8  IpInIp - ok
18:34:56.0031 0x12c8  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:34:56.0968 0x12c8  IpNat - ok
18:34:57.0062 0x12c8  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:34:57.0125 0x12c8  IPSec - ok
18:34:57.0187 0x12c8  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
18:34:57.0218 0x12c8  IRENUM - ok
18:34:57.0390 0x12c8  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:34:57.0828 0x12c8  isapnp - ok
18:34:58.0109 0x12c8  [ B9436A665A8621073A12338B16D7BFD4, 1F1CB4758768BF7B7DDB27BF9DA944D869B561ABF7EC39CEC059044E10C1EA88 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
18:34:58.0234 0x12c8  JavaQuickStarterService - ok
18:34:58.0312 0x12c8  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:34:58.0359 0x12c8  Kbdclass - ok
18:34:58.0500 0x12c8  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:34:59.0265 0x12c8  kbdhid - ok
18:34:59.0375 0x12c8  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
18:34:59.0390 0x12c8  kmixer - ok
18:34:59.0500 0x12c8  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
18:34:59.0500 0x12c8  KSecDD - ok
18:34:59.0765 0x12c8  [ 080CF8720A306A64F7A09D1226491791, B75EAD1846FFA65D386A55BFEE2CF94CBE02BE01DACCD336A8153DD58016E8AE ] L1e             C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
18:34:59.0796 0x12c8  L1e - ok
18:34:59.0875 0x12c8  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
18:34:59.0937 0x12c8  LanmanServer - ok
18:35:00.0078 0x12c8  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:35:00.0984 0x12c8  lanmanworkstation - ok
18:35:01.0000 0x12c8  lbrtfdc - ok
18:35:01.0125 0x12c8  [ 03E12DBFACF1AEB86C553B0DB488FB81, 56AAACA1A32B819530D85AE3BBE6D178421DEDDD04498716974842415A1E2960 ] libusb0         C:\WINDOWS\system32\DRIVERS\libusb0.sys
18:35:01.0312 0x12c8  libusb0 - ok
18:35:01.0375 0x12c8  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
18:35:01.0421 0x12c8  LmHosts - ok
18:35:01.0796 0x12c8  [ 0DB7527DB188C7D967A37BB51BBF3963, 3812E26626EC49BE61B0B8DA5FE6E838C0FEF8A08363C239F64E6CCA0BA949D5 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
18:35:02.0203 0x12c8  MBAMSwissArmy - ok
18:35:02.0765 0x12c8  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
18:35:03.0078 0x12c8  Messenger - ok
18:35:03.0218 0x12c8  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
18:35:03.0250 0x12c8  mnmdd - ok
18:35:03.0421 0x12c8  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
18:35:04.0000 0x12c8  mnmsrvc - ok
18:35:04.0062 0x12c8  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
18:35:04.0171 0x12c8  Modem - ok
18:35:04.0203 0x12c8  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:35:04.0250 0x12c8  Mouclass - ok
18:35:04.0328 0x12c8  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:35:04.0375 0x12c8  mouhid - ok
18:35:04.0484 0x12c8  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
18:35:04.0531 0x12c8  MountMgr - ok
18:35:04.0890 0x12c8  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:35:04.0906 0x12c8  MpFilter - ok
18:35:04.0921 0x12c8  mraid35x - ok
18:35:05.0234 0x12c8  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:35:05.0234 0x12c8  MRxDAV - ok
18:35:06.0015 0x12c8  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:35:07.0718 0x12c8  MRxSmb - ok
18:35:07.0828 0x12c8  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
18:35:07.0890 0x12c8  MSDTC - ok
18:35:08.0046 0x12c8  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
18:35:08.0609 0x12c8  Msfs - ok
18:35:08.0625 0x12c8  MSIServer - ok
18:35:08.0671 0x12c8  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:35:08.0687 0x12c8  MSKSSRV - ok
18:35:08.0796 0x12c8  [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:35:08.0859 0x12c8  MsMpSvc - ok
18:35:08.0921 0x12c8  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:35:08.0953 0x12c8  MSPCLOCK - ok
18:35:09.0125 0x12c8  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
18:35:09.0703 0x12c8  MSPQM - ok
18:35:09.0765 0x12c8  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:35:09.0890 0x12c8  mssmbios - ok
18:35:09.0937 0x12c8  [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:35:10.0046 0x12c8  MTsensor - ok
18:35:10.0156 0x12c8  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
18:35:10.0156 0x12c8  Mup - ok
18:35:10.0484 0x12c8  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
18:35:11.0609 0x12c8  napagent - ok
18:35:11.0734 0x12c8  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
18:35:11.0968 0x12c8  NDIS - ok
18:35:12.0062 0x12c8  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:35:12.0062 0x12c8  NdisTapi - ok
18:35:12.0125 0x12c8  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:35:12.0156 0x12c8  Ndisuio - ok
18:35:12.0203 0x12c8  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:35:12.0328 0x12c8  NdisWan - ok
18:35:12.0390 0x12c8  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
18:35:12.0390 0x12c8  NDProxy - ok
18:35:12.0453 0x12c8  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
18:35:12.0500 0x12c8  NetBIOS - ok
18:35:12.0828 0x12c8  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
18:35:13.0640 0x12c8  NetBT - ok
18:35:13.0703 0x12c8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
18:35:13.0953 0x12c8  NetDDE - ok
18:35:14.0015 0x12c8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
18:35:14.0312 0x12c8  NetDDEdsdm - ok
18:35:14.0406 0x12c8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
18:35:14.0421 0x12c8  Netlogon - ok
18:35:14.0578 0x12c8  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
18:35:15.0109 0x12c8  Netman - ok
18:35:15.0218 0x12c8  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:35:15.0500 0x12c8  NetTcpPortSharing - ok
18:35:15.0890 0x12c8  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
18:35:15.0906 0x12c8  Nla - ok
18:35:15.0968 0x12c8  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
18:35:16.0031 0x12c8  Npfs - ok
18:35:16.0562 0x12c8  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
18:35:17.0312 0x12c8  Ntfs - ok
18:35:17.0343 0x12c8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
18:35:17.0343 0x12c8  NtLmSsp - ok
18:35:17.0656 0x12c8  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
18:35:18.0171 0x12c8  NtmsSvc - ok
18:35:18.0234 0x12c8  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
18:35:18.0250 0x12c8  Null - ok
18:35:18.0312 0x12c8  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:35:18.0437 0x12c8  NwlnkFlt - ok
18:35:18.0484 0x12c8  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:35:18.0750 0x12c8  NwlnkFwd - ok
18:35:18.0843 0x12c8  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
18:35:18.0890 0x12c8  Parport - ok
18:35:18.0921 0x12c8  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
18:35:18.0968 0x12c8  PartMgr - ok
18:35:19.0015 0x12c8  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
18:35:19.0046 0x12c8  ParVdm - ok
18:35:19.0093 0x12c8  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
18:35:19.0171 0x12c8  PCI - ok
18:35:19.0187 0x12c8  PCIDump - ok
18:35:19.0234 0x12c8  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
18:35:19.0250 0x12c8  PCIIde - ok
18:35:19.0375 0x12c8  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
18:35:19.0421 0x12c8  Pcmcia - ok
18:35:19.0453 0x12c8  PDCOMP - ok
18:35:19.0484 0x12c8  PDFRAME - ok
18:35:19.0500 0x12c8  PDRELI - ok
18:35:19.0515 0x12c8  PDRFRAME - ok
18:35:19.0531 0x12c8  perc2 - ok
18:35:19.0546 0x12c8  perc2hib - ok
18:35:19.0718 0x12c8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
18:35:19.0734 0x12c8  PlugPlay - ok
18:35:19.0765 0x12c8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
18:35:19.0765 0x12c8  PolicyAgent - ok
18:35:19.0968 0x12c8  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:35:20.0015 0x12c8  PptpMiniport - ok
18:35:20.0046 0x12c8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:35:20.0046 0x12c8  ProtectedStorage - ok
18:35:20.0109 0x12c8  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
18:35:20.0187 0x12c8  PSched - ok
18:35:20.0218 0x12c8  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:35:20.0281 0x12c8  Ptilink - ok
18:35:20.0281 0x12c8  ql1080 - ok
18:35:20.0312 0x12c8  Ql10wnt - ok
18:35:20.0343 0x12c8  ql12160 - ok
18:35:20.0359 0x12c8  ql1240 - ok
18:35:20.0375 0x12c8  ql1280 - ok
18:35:20.0406 0x12c8  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:35:20.0406 0x12c8  RasAcd - ok
18:35:20.0546 0x12c8  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
18:35:21.0500 0x12c8  RasAuto - ok
18:35:21.0562 0x12c8  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:35:21.0750 0x12c8  Rasl2tp - ok
18:35:21.0875 0x12c8  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
18:35:22.0562 0x12c8  RasMan - ok
18:35:22.0656 0x12c8  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:35:22.0687 0x12c8  RasPppoe - ok
18:35:22.0734 0x12c8  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
18:35:22.0781 0x12c8  Raspti - ok
18:35:23.0171 0x12c8  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:35:23.0703 0x12c8  Rdbss - ok
18:35:23.0765 0x12c8  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:35:23.0828 0x12c8  RDPCDD - ok
18:35:24.0015 0x12c8  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:35:24.0031 0x12c8  rdpdr - ok
18:35:24.0171 0x12c8  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
18:35:24.0171 0x12c8  RDPWD - ok
18:35:24.0390 0x12c8  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
18:35:25.0375 0x12c8  RDSessMgr - ok
18:35:25.0484 0x12c8  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
18:35:25.0593 0x12c8  redbook - ok
18:35:25.0765 0x12c8  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
18:35:25.0906 0x12c8  RemoteAccess - ok
18:35:25.0968 0x12c8  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
18:35:26.0625 0x12c8  RemoteRegistry - ok
18:35:26.0718 0x12c8  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
18:35:27.0171 0x12c8  RpcLocator - ok
18:35:27.0453 0x12c8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
18:35:27.0468 0x12c8  RpcSs - ok
18:35:27.0843 0x12c8  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
18:35:29.0171 0x12c8  RSVP - ok
18:35:29.0671 0x12c8  [ 84BEAF4A13A36CB9BB0663DF9089CEA2, FAD68F354491E90C81854815A363174440893729856032DB6B6254BEB1A1F856 ] rt2870          C:\WINDOWS\system32\DRIVERS\rt2870.sys
18:35:30.0390 0x12c8  rt2870 - ok
18:35:30.0437 0x12c8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
18:35:30.0437 0x12c8  SamSs - ok
18:35:30.0546 0x12c8  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
18:35:31.0453 0x12c8  SCardSvr - ok
18:35:31.0578 0x12c8  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
18:35:32.0203 0x12c8  Schedule - ok
18:35:32.0281 0x12c8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:35:32.0359 0x12c8  Secdrv - ok
18:35:32.0406 0x12c8  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
18:35:32.0531 0x12c8  seclogon - ok
18:35:32.0765 0x12c8  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
18:35:33.0375 0x12c8  SENS - ok
18:35:33.0406 0x12c8  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
18:35:33.0437 0x12c8  serenum - ok
18:35:33.0562 0x12c8  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
18:35:33.0671 0x12c8  Serial - ok
18:35:33.0921 0x12c8  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
18:35:33.0984 0x12c8  Sfloppy - ok
18:35:34.0171 0x12c8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:35:34.0171 0x12c8  ShellHWDetection - ok
18:35:34.0187 0x12c8  Simbad - ok
18:35:34.0203 0x12c8  Sparrow - ok
18:35:34.0296 0x12c8  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
18:35:34.0312 0x12c8  splitter - ok
18:35:34.0859 0x12c8  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
18:35:34.0906 0x12c8  Spooler - ok
18:35:34.0968 0x12c8  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
18:35:36.0093 0x12c8  sr - ok
18:35:36.0265 0x12c8  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
18:35:36.0625 0x12c8  srservice - ok
18:35:36.0921 0x12c8  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
18:35:37.0046 0x12c8  Srv - ok
18:35:37.0125 0x12c8  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
18:35:37.0218 0x12c8  SSDPSRV - ok
18:35:37.0421 0x12c8  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
18:35:38.0328 0x12c8  stisvc - ok
18:35:38.0406 0x12c8  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
18:35:38.0562 0x12c8  swenum - ok
18:35:39.0031 0x12c8  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
18:35:39.0093 0x12c8  swmidi - ok
18:35:39.0093 0x12c8  SwPrv - ok
18:35:39.0125 0x12c8  symc810 - ok
18:35:39.0171 0x12c8  symc8xx - ok
18:35:39.0218 0x12c8  sym_hi - ok
18:35:39.0234 0x12c8  sym_u3 - ok
18:35:39.0375 0x12c8  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
18:35:39.0421 0x12c8  sysaudio - ok
18:35:39.0562 0x12c8  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
18:35:39.0718 0x12c8  SysmonLog - ok
18:35:39.0843 0x12c8  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
18:35:40.0109 0x12c8  TapiSrv - ok
18:35:40.0359 0x12c8  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:35:41.0609 0x12c8  Tcpip - ok
18:35:41.0671 0x12c8  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
18:35:41.0671 0x12c8  TDPIPE - ok
18:35:41.0703 0x12c8  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
18:35:41.0718 0x12c8  TDTCP - ok
18:35:41.0765 0x12c8  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
18:35:41.0765 0x12c8  TermDD - ok
18:35:42.0000 0x12c8  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
18:35:42.0250 0x12c8  TermService - ok
18:35:42.0343 0x12c8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
18:35:42.0359 0x12c8  Themes - ok
18:35:42.0437 0x12c8  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
18:35:42.0531 0x12c8  TlntSvr - ok
18:35:42.0531 0x12c8  TosIde - ok
18:35:42.0609 0x12c8  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
18:35:43.0375 0x12c8  TrkWks - ok
18:35:43.0421 0x12c8  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
18:35:43.0812 0x12c8  Udfs - ok
18:35:43.0812 0x12c8  ultra - ok
18:35:44.0562 0x12c8  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
18:35:44.0859 0x12c8  Update - ok
18:35:45.0062 0x12c8  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
18:35:45.0187 0x12c8  upnphost - ok
18:35:45.0234 0x12c8  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
18:35:45.0343 0x12c8  UPS - ok
18:35:45.0437 0x12c8  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:35:45.0437 0x12c8  usbccgp - ok
18:35:45.0562 0x12c8  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:35:45.0562 0x12c8  usbehci - ok
18:35:45.0734 0x12c8  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:35:45.0796 0x12c8  usbhub - ok
18:35:45.0875 0x12c8  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:35:46.0765 0x12c8  usbprint - ok
18:35:46.0812 0x12c8  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:35:46.0828 0x12c8  usbscan - ok
18:35:46.0968 0x12c8  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:35:46.0984 0x12c8  USBSTOR - ok
18:35:47.0421 0x12c8  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:35:47.0453 0x12c8  usbuhci - ok
18:35:47.0500 0x12c8  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
18:35:47.0515 0x12c8  VgaSave - ok
18:35:48.0593 0x12c8  [ 8586D10602FF4994E0F56A13A47D2B28, 47837E8A02F29719A7C2E54E7A93558C967C0CD7EF57D8F1B558A61699C4B4C7 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
18:35:50.0359 0x12c8  VIAHdAudAddService - ok
18:35:50.0375 0x12c8  ViaIde - ok
18:35:50.0453 0x12c8  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
18:35:50.0531 0x12c8  VolSnap - ok
18:35:51.0046 0x12c8  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
18:35:51.0296 0x12c8  VSS - ok
18:35:51.0406 0x12c8  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
18:35:52.0625 0x12c8  W32Time - ok
18:35:52.0656 0x12c8  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:35:52.0796 0x12c8  Wanarp - ok
18:35:52.0812 0x12c8  WDICA - ok
18:35:52.0875 0x12c8  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
18:35:52.0953 0x12c8  wdmaud - ok
18:35:53.0031 0x12c8  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
18:35:53.0171 0x12c8  WebClient - ok
18:35:53.0359 0x12c8  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
18:35:54.0062 0x12c8  winmgmt - ok
18:35:54.0187 0x12c8  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
18:35:54.0250 0x12c8  WmdmPmSN - ok
18:35:54.0796 0x12c8  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
18:35:54.0843 0x12c8  Wmi - ok
18:35:55.0015 0x12c8  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:35:55.0156 0x12c8  WmiApSrv - ok
18:35:56.0390 0x12c8  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
18:35:58.0031 0x12c8  WMPNetworkSvc - ok
18:35:58.0156 0x12c8  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
18:35:58.0218 0x12c8  wuauserv - ok
18:35:58.0312 0x12c8  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:36:00.0921 0x12c8  WudfPf - ok
18:36:00.0968 0x12c8  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:36:01.0250 0x12c8  WudfRd - ok
18:36:01.0328 0x12c8  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
18:36:01.0390 0x12c8  WudfSvc - ok
18:36:01.0718 0x12c8  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
18:36:02.0671 0x12c8  WZCSVC - ok
18:36:02.0781 0x12c8  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
18:36:03.0234 0x12c8  xmlprov - ok
18:36:03.0265 0x12c8  ================ Scan global ===============================
18:36:03.0328 0x12c8  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
18:36:03.0796 0x12c8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
18:36:04.0218 0x12c8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
18:36:04.0312 0x12c8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
18:36:04.0328 0x12c8  [ Global ] - ok
18:36:04.0328 0x12c8  ================ Scan MBR ==================================
18:36:04.0375 0x12c8  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:36:05.0312 0x12c8  \Device\Harddisk0\DR0 - ok
18:36:05.0312 0x12c8  ================ Scan VBR ==================================
18:36:05.0328 0x12c8  [ D552BE65A163487CD483F8904542B7A0 ] \Device\Harddisk0\DR0\Partition1
18:36:05.0359 0x12c8  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
18:36:05.0359 0x12c8  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
18:36:12.0421 0x12c8  Waiting for KSN requests completion. In queue: 144
18:36:14.0546 0x12c8  AV detected via SS1: Microsoft Security Essentials, 4.4.0304.0, enabled, updated
18:36:15.0765 0x12c8  ============================================================
18:36:15.0765 0x12c8  Scan finished
18:36:15.0765 0x12c8  ============================================================
18:36:15.0796 0x12bc  Detected object count: 1
18:36:15.0796 0x12bc  Actual detected object count: 1
18:39:09.0187 0x12bc  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - skipped by user
18:39:09.0187 0x12bc  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Skip 
18:40:31.0984 0x0864  Deinitialize success
 

Attached Files



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 PM

Posted 07 April 2014 - 02:46 AM

Fix with TDSS-Killer

Please read and follow these instructions carefully.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • When the scan is finished, select copy to quarantine for the following entry.

    Rootkit.Boot.Cidox.b
  • Hit continue.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 cnstevens

cnstevens
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 07 April 2014 - 05:09 PM

Several files showed up in relation to updating TDSSKiller - I will post them here and then post the actual good log in the next post.

 

01:43.0645 0x02c8  TDSS rootkit removing tool 3.0.0.28 Apr  4 2014 12:43:10
14:01:58.0523 0x02c8  Perform update action was selected
14:01:58.0523 0x028c  Deinitialize success
 
 
 
14:07:13.0008 0x0d70  TDSS rootkit removing tool 3.0.0.28 Apr  4 2014 12:43:10
14:07:15.0227 0x0d70  Perform update action was selected
14:07:15.0227 0x0e9c  Deinitialize success
 
 
 
14:08:03.0489 0x0c84  TDSS rootkit removing tool 3.0.0.30 Apr  7 2014 15:39:12
14:08:09.0085 0x0c84  ============================================================
14:08:09.0085 0x0c84  Current date / time: 2014/04/07 14:08:09.0085
14:08:09.0085 0x0c84  SystemInfo:
14:08:09.0085 0x0c84  
14:08:09.0085 0x0c84  OS Version: 5.1.2600 ServicePack: 3.0
14:08:09.0085 0x0c84  Product type: Workstation
14:08:09.0085 0x0c84  ComputerName: MACHIN1
14:08:09.0085 0x0c84  UserName: Administrator
14:08:09.0085 0x0c84  Windows directory: C:\WINDOWS
14:08:09.0085 0x0c84  System windows directory: C:\WINDOWS
14:08:09.0085 0x0c84  Processor architecture: Intel x86
14:08:09.0085 0x0c84  Number of processors: 4
14:08:09.0085 0x0c84  Page size: 0x1000
14:08:09.0085 0x0c84  Boot type: Normal boot
14:08:09.0085 0x0c84  ============================================================
14:08:13.0789 0x0c84  KLMD registered as C:\WINDOWS\system32\drivers\24011203.sys
14:08:15.0336 0x0c84  System UUID: {07D8B594-31F4-2BB9-F843-E1B7526AC3A4}
14:08:20.0431 0x0c84  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:08:20.0478 0x0c84  ============================================================
14:08:20.0478 0x0c84  \Device\Harddisk0\DR0:
14:08:20.0478 0x0c84  MBR partitions:
14:08:20.0478 0x0c84  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
14:08:20.0478 0x0c84  ============================================================
14:08:20.0634 0x0c84  C: <-> \Device\Harddisk0\DR0\Partition1
14:08:20.0634 0x0c84  ============================================================
14:08:20.0634 0x0c84  Initialize success
14:08:20.0634 0x0c84  ============================================================
14:08:42.0484 0x0384  Deinitialize success
 
 
 
14:08:46.0860 0x0ecc  TDSS rootkit removing tool 3.0.0.28 Apr  4 2014 12:43:10
14:08:49.0892 0x0ecc  Perform update action was selected
14:08:49.0892 0x0ed4  Deinitialize success
 
 
 
14:09:28.0495 0x0c30  TDSS rootkit removing tool 3.0.0.28 Apr  4 2014 12:43:10
14:09:31.0293 0x0c30  Perform update action was selected
14:09:31.0308 0x0f10  Deinitialize success
 

14:11:32.0839 0x0914  TDSS rootkit removing tool 3.0.0.30 Apr  7 2014 15:39:12
14:11:36.0418 0x0914  ============================================================
14:11:36.0418 0x0914  Current date / time: 2014/04/07 14:11:36.0418
14:11:36.0418 0x0914  SystemInfo:
14:11:36.0418 0x0914  
14:11:36.0418 0x0914  OS Version: 5.1.2600 ServicePack: 3.0
14:11:36.0418 0x0914  Product type: Workstation
14:11:36.0418 0x0914  ComputerName: MACHIN1
14:11:36.0418 0x0914  UserName: Administrator
14:11:36.0418 0x0914  Windows directory: C:\WINDOWS
14:11:36.0418 0x0914  System windows directory: C:\WINDOWS
14:11:36.0418 0x0914  Processor architecture: Intel x86
14:11:36.0418 0x0914  Number of processors: 4
14:11:36.0418 0x0914  Page size: 0x1000
14:11:36.0418 0x0914  Boot type: Normal boot
14:11:36.0418 0x0914  ============================================================
14:11:43.0185 0x0914  KLMD registered as C:\WINDOWS\system32\drivers\07107941.sys
14:11:44.0685 0x0914  System UUID: {07D8B594-31F4-2BB9-F843-E1B7526AC3A4}
14:11:49.0655 0x0914  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:11:49.0655 0x0914  ============================================================
14:11:49.0655 0x0914  \Device\Harddisk0\DR0:
14:11:49.0655 0x0914  MBR partitions:
14:11:49.0655 0x0914  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
14:11:49.0655 0x0914  ============================================================
14:11:49.0702 0x0914  C: <-> \Device\Harddisk0\DR0\Partition1
14:11:49.0702 0x0914  ============================================================
14:11:49.0702 0x0914  Initialize success
14:11:49.0702 0x0914  ============================================================
14:12:08.0848 0x0a10  ============================================================
14:12:08.0848 0x0a10  Scan started
14:12:08.0848 0x0a10  Mode: Manual; 
14:12:08.0848 0x0a10  ============================================================
14:12:08.0848 0x0a10  KSN ping started
14:12:21.0116 0x0a10  KSN ping finished: true
14:12:31.0291 0x0a10  ================ Scan system memory ========================
14:12:31.0306 0x0a10  System memory - ok
14:12:31.0306 0x0a10  ================ Scan services =============================
14:12:32.0244 0x0a10  [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
14:12:32.0760 0x0a10  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
14:12:34.0120 0x0a10  Abiosdsk - ok
14:12:34.0120 0x0a10  abp480n5 - ok
14:12:34.0260 0x0a10  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:12:34.0323 0x0a10  ACPI - ok
14:12:34.0401 0x0a10  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:12:34.0448 0x0a10  ACPIEC - ok
14:12:34.0448 0x0a10  adpu160m - ok
14:12:34.0588 0x0a10  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:12:34.0729 0x0a10  aec - ok
14:12:34.0870 0x0a10  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:12:34.0885 0x0a10  AFD - ok
14:12:34.0901 0x0a10  Aha154x - ok
14:12:34.0901 0x0a10  aic78u2 - ok
14:12:34.0901 0x0a10  aic78xx - ok
14:12:34.0979 0x0a10  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:12:35.0089 0x0a10  Alerter - ok
14:12:35.0151 0x0a10  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
14:12:35.0245 0x0a10  ALG - ok
14:12:35.0245 0x0a10  AliIde - ok
14:12:35.0245 0x0a10  amsint - ok
14:12:35.0385 0x0a10  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:12:35.0604 0x0a10  AppMgmt - ok
14:12:35.0604 0x0a10  asc - ok
14:12:35.0604 0x0a10  asc3350p - ok
14:12:35.0620 0x0a10  asc3550 - ok
14:12:35.0917 0x0a10  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:12:35.0932 0x0a10  aspnet_state - ok
14:12:36.0042 0x0a10  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:12:36.0104 0x0a10  AsyncMac - ok
14:12:36.0167 0x0a10  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:12:36.0183 0x0a10  atapi - ok
14:12:36.0183 0x0a10  Atdisk - ok
14:12:36.0229 0x0a10  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:12:36.0339 0x0a10  Atmarpc - ok
14:12:36.0417 0x0a10  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:12:36.0464 0x0a10  AudioSrv - ok
14:12:36.0589 0x0a10  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:12:36.0636 0x0a10  audstub - ok
14:12:36.0745 0x0a10  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:12:36.0776 0x0a10  Beep - ok
14:12:37.0073 0x0a10  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:12:37.0917 0x0a10  BITS - ok
14:12:38.0167 0x0a10  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
14:12:38.0214 0x0a10  Browser - ok
14:12:38.0324 0x0a10  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:12:38.0355 0x0a10  cbidf2k - ok
14:12:38.0371 0x0a10  cd20xrnt - ok
14:12:38.0433 0x0a10  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:12:38.0480 0x0a10  Cdaudio - ok
14:12:38.0574 0x0a10  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:12:38.0668 0x0a10  Cdfs - ok
14:12:38.0855 0x0a10  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:12:39.0105 0x0a10  Cdrom - ok
14:12:39.0308 0x0a10  Changer - ok
14:12:39.0668 0x0a10  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:12:39.0840 0x0a10  CiSvc - ok
14:12:39.0855 0x0a10  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:12:39.0949 0x0a10  ClipSrv - ok
14:12:40.0199 0x0a10  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:12:40.0418 0x0a10  clr_optimization_v2.0.50727_32 - ok
14:12:40.0574 0x0a10  CmdIde - ok
14:12:40.0746 0x0a10  COMSysApp - ok
14:12:40.0762 0x0a10  Cpqarray - ok
14:12:40.0981 0x0a10  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:12:41.0043 0x0a10  CryptSvc - ok
14:12:41.0043 0x0a10  dac2w2k - ok
14:12:41.0059 0x0a10  dac960nt - ok
14:12:41.0403 0x0a10  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:12:41.0481 0x0a10  DcomLaunch - ok
14:12:41.0668 0x0a10  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:12:41.0731 0x0a10  Dhcp - ok
14:12:41.0918 0x0a10  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:12:41.0996 0x0a10  Disk - ok
14:12:42.0200 0x0a10  dmadmin - ok
14:12:43.0122 0x0a10  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:12:43.0638 0x0a10  dmboot - ok
14:12:43.0950 0x0a10  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:12:44.0106 0x0a10  dmio - ok
14:12:44.0200 0x0a10  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:12:44.0247 0x0a10  dmload - ok
14:12:44.0325 0x0a10  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:12:44.0403 0x0a10  dmserver - ok
14:12:44.0513 0x0a10  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:12:44.0638 0x0a10  DMusic - ok
14:12:44.0747 0x0a10  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:12:44.0778 0x0a10  Dnscache - ok
14:12:45.0154 0x0a10  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:12:45.0294 0x0a10  Dot3svc - ok
14:12:45.0341 0x0a10  dpti2o - ok
14:12:45.0497 0x0a10  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:12:45.0529 0x0a10  drmkaud - ok
14:12:45.0654 0x0a10  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:12:45.0716 0x0a10  EapHost - ok
14:12:45.0935 0x0a10  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:12:46.0060 0x0a10  ERSvc - ok
14:12:46.0248 0x0a10  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
14:12:46.0294 0x0a10  Eventlog - ok
14:12:46.0529 0x0a10  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
14:12:46.0654 0x0a10  EventSystem - ok
14:12:46.0873 0x0a10  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:12:47.0091 0x0a10  Fastfat - ok
14:12:47.0263 0x0a10  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:12:47.0310 0x0a10  FastUserSwitchingCompatibility - ok
14:12:47.0435 0x0a10  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:12:47.0513 0x0a10  Fdc - ok
14:12:47.0576 0x0a10  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:12:47.0639 0x0a10  Fips - ok
14:12:47.0779 0x0a10  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:12:47.0842 0x0a10  Flpydisk - ok
14:12:48.0123 0x0a10  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:12:48.0248 0x0a10  FltMgr - ok
14:12:48.0498 0x0a10  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:12:48.0545 0x0a10  FontCache3.0.0.0 - ok
14:12:48.0639 0x0a10  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:12:48.0686 0x0a10  Fs_Rec - ok
14:12:48.0842 0x0a10  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:12:49.0076 0x0a10  Ftdisk - ok
14:12:49.0201 0x0a10  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:12:49.0280 0x0a10  Gpc - ok
14:12:49.0561 0x0a10  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:12:49.0702 0x0a10  gupdate - ok
14:12:49.0764 0x0a10  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:12:49.0827 0x0a10  gupdatem - ok
14:12:49.0952 0x0a10  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:12:49.0983 0x0a10  HDAudBus - ok
14:12:50.0264 0x0a10  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:12:50.0327 0x0a10  helpsvc - ok
14:12:50.0405 0x0a10  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
14:12:50.0436 0x0a10  HidServ - ok
14:12:50.0467 0x0a10  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:12:50.0983 0x0a10  hidusb - ok
14:12:51.0061 0x0a10  [ CE77439BAF613019D6B7658292D1E4A6, EF0BCD841FB884F409102DED41EEB4B9E093B3B2FF9C2D932CE581767D892007 ] hitmanpro37     C:\WINDOWS\system32\drivers\hitmanpro37.sys
14:12:51.0124 0x0a10  hitmanpro37 - ok
14:12:51.0202 0x0a10  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:12:51.0296 0x0a10  hkmsvc - ok
14:12:51.0311 0x0a10  hpn - ok
14:12:51.0905 0x0a10  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:12:52.0202 0x0a10  HTTP - ok
14:12:52.0280 0x0a10  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:12:52.0499 0x0a10  HTTPFilter - ok
14:12:52.0499 0x0a10  i2omgmt - ok
14:12:52.0515 0x0a10  i2omp - ok
14:12:52.0890 0x0a10  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:12:53.0015 0x0a10  i8042prt - ok
14:13:07.0190 0x0a10  [ 9ACB03875CFE068D5CC0E98FB2CF7017, EF07C774A286B587979B8C0071AB90ABFEBD1CB4CD4F2E58A4EEE83C3D969BE5 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:13:13.0161 0x0a10  ialm - ok
14:13:13.0504 0x0a10  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:13:14.0583 0x0a10  idsvc - ok
14:13:15.0224 0x0a10  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:13:15.0520 0x0a10  Imapi - ok
14:13:15.0974 0x0a10  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:13:16.0614 0x0a10  ImapiService - ok
14:13:16.0614 0x0a10  ini910u - ok
14:13:16.0614 0x0a10  IntelIde - ok
14:13:16.0771 0x0a10  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:13:16.0833 0x0a10  intelppm - ok
14:13:16.0974 0x0a10  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:13:17.0287 0x0a10  Ip6Fw - ok
14:13:17.0380 0x0a10  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:13:17.0568 0x0a10  IpFilterDriver - ok
14:13:17.0818 0x0a10  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:13:19.0350 0x0a10  IpInIp - ok
14:13:19.0490 0x0a10  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:13:20.0178 0x0a10  IpNat - ok
14:13:23.0351 0x0a10  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:13:27.0508 0x0a10  IPSec - ok
14:13:27.0774 0x0a10  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:13:28.0774 0x0a10  IRENUM - ok
14:13:28.0883 0x0a10  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:13:29.0930 0x0a10  isapnp - ok
14:13:32.0400 0x0a10  [ B9436A665A8621073A12338B16D7BFD4, 1F1CB4758768BF7B7DDB27BF9DA944D869B561ABF7EC39CEC059044E10C1EA88 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:13:32.0900 0x0a10  JavaQuickStarterService - ok
14:13:32.0994 0x0a10  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:13:33.0165 0x0a10  Kbdclass - ok
14:13:33.0212 0x0a10  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:13:33.0291 0x0a10  kbdhid - ok
14:13:33.0384 0x0a10  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:13:33.0759 0x0a10  kmixer - ok
14:13:33.0838 0x0a10  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:13:34.0103 0x0a10  KSecDD - ok
14:13:34.0213 0x0a10  [ 080CF8720A306A64F7A09D1226491791, B75EAD1846FFA65D386A55BFEE2CF94CBE02BE01DACCD336A8153DD58016E8AE ] L1e             C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
14:13:34.0385 0x0a10  L1e - ok
14:13:34.0447 0x0a10  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
14:13:34.0838 0x0a10  LanmanServer - ok
14:13:34.0932 0x0a10  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:13:35.0213 0x0a10  lanmanworkstation - ok
14:13:35.0213 0x0a10  lbrtfdc - ok
14:13:35.0260 0x0a10  [ 03E12DBFACF1AEB86C553B0DB488FB81, 56AAACA1A32B819530D85AE3BBE6D178421DEDDD04498716974842415A1E2960 ] libusb0         C:\WINDOWS\system32\DRIVERS\libusb0.sys
14:13:35.0400 0x0a10  libusb0 - ok
14:13:35.0463 0x0a10  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:13:35.0697 0x0a10  LmHosts - ok
14:13:35.0744 0x0a10  [ 0DB7527DB188C7D967A37BB51BBF3963, 3812E26626EC49BE61B0B8DA5FE6E838C0FEF8A08363C239F64E6CCA0BA949D5 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
14:13:35.0885 0x0a10  MBAMSwissArmy - ok
14:13:35.0916 0x0a10  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:13:36.0198 0x0a10  Messenger - ok
14:13:36.0244 0x0a10  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:13:36.0291 0x0a10  mnmdd - ok
14:13:36.0385 0x0a10  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:13:36.0729 0x0a10  mnmsrvc - ok
14:13:36.0791 0x0a10  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:13:36.0870 0x0a10  Modem - ok
14:13:36.0948 0x0a10  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:13:37.0135 0x0a10  Mouclass - ok
14:13:37.0166 0x0a10  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:13:37.0182 0x0a10  mouhid - ok
14:13:37.0307 0x0a10  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:13:37.0432 0x0a10  MountMgr - ok
14:13:37.0542 0x0a10  [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:13:37.0682 0x0a10  MpFilter - ok
14:13:37.0698 0x0a10  mraid35x - ok
14:13:37.0839 0x0a10  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:13:37.0932 0x0a10  MRxDAV - ok
14:13:38.0182 0x0a10  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:13:38.0323 0x0a10  MRxSmb - ok
14:13:38.0370 0x0a10  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:13:38.0542 0x0a10  MSDTC - ok
14:13:38.0557 0x0a10  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:13:38.0698 0x0a10  Msfs - ok
14:13:38.0698 0x0a10  MSIServer - ok
14:13:38.0761 0x0a10  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:13:38.0792 0x0a10  MSKSSRV - ok
14:13:38.0886 0x0a10  [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:13:39.0042 0x0a10  MsMpSvc - ok
14:13:39.0089 0x0a10  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:13:39.0323 0x0a10  MSPCLOCK - ok
14:13:39.0386 0x0a10  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:13:39.0480 0x0a10  MSPQM - ok
14:13:39.0558 0x0a10  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:13:39.0714 0x0a10  mssmbios - ok
14:13:39.0761 0x0a10  [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ASACPI.sys
14:13:39.0808 0x0a10  MTsensor - ok
14:13:39.0948 0x0a10  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:13:40.0167 0x0a10  Mup - ok
14:13:40.0355 0x0a10  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:13:40.0886 0x0a10  napagent - ok
14:13:41.0042 0x0a10  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:13:42.0199 0x0a10  NDIS - ok
14:13:42.0449 0x0a10  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:13:42.0637 0x0a10  NdisTapi - ok
14:13:43.0152 0x0a10  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:13:43.0262 0x0a10  Ndisuio - ok
14:13:43.0340 0x0a10  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:13:43.0465 0x0a10  NdisWan - ok
14:13:43.0543 0x0a10  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:13:43.0574 0x0a10  NDProxy - ok
14:13:43.0699 0x0a10  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:13:45.0028 0x0a10  NetBIOS - ok
14:13:45.0122 0x0a10  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:13:45.0465 0x0a10  NetBT - ok
14:13:45.0606 0x0a10  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:13:45.0872 0x0a10  NetDDE - ok
14:13:46.0278 0x0a10  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:13:46.0403 0x0a10  NetDDEdsdm - ok
14:13:46.0575 0x0a10  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:13:46.0747 0x0a10  Netlogon - ok
14:13:47.0278 0x0a10  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
14:13:47.0591 0x0a10  Netman - ok
14:13:47.0700 0x0a10  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:13:48.0154 0x0a10  NetTcpPortSharing - ok
14:13:48.0341 0x0a10  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:13:48.0341 0x0a10  Nla - ok
14:13:48.0419 0x0a10  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:13:48.0482 0x0a10  Npfs - ok
14:13:48.0810 0x0a10  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:13:49.0466 0x0a10  Ntfs - ok
14:13:49.0498 0x0a10  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:13:49.0607 0x0a10  NtLmSsp - ok
14:13:50.0138 0x0a10  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:13:50.0529 0x0a10  NtmsSvc - ok
14:13:50.0560 0x0a10  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:13:50.0639 0x0a10  Null - ok
14:13:50.0764 0x0a10  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:13:50.0795 0x0a10  NwlnkFlt - ok
14:13:50.0811 0x0a10  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:13:50.0857 0x0a10  NwlnkFwd - ok
14:13:50.0936 0x0a10  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:13:51.0076 0x0a10  Parport - ok
14:13:51.0154 0x0a10  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:13:51.0358 0x0a10  PartMgr - ok
14:13:51.0404 0x0a10  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:13:51.0576 0x0a10  ParVdm - ok
14:13:51.0592 0x0a10  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:13:51.0717 0x0a10  PCI - ok
14:13:51.0717 0x0a10  PCIDump - ok
14:13:51.0717 0x0a10  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:13:51.0842 0x0a10  PCIIde - ok
14:13:51.0951 0x0a10  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:13:52.0342 0x0a10  Pcmcia - ok
14:13:52.0358 0x0a10  PDCOMP - ok
14:13:52.0358 0x0a10  PDFRAME - ok
14:13:52.0358 0x0a10  PDRELI - ok
14:13:52.0373 0x0a10  PDRFRAME - ok
14:13:52.0373 0x0a10  perc2 - ok
14:13:52.0373 0x0a10  perc2hib - ok
14:13:52.0452 0x0a10  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:13:52.0483 0x0a10  PlugPlay - ok
14:13:52.0498 0x0a10  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:13:52.0498 0x0a10  PolicyAgent - ok
14:13:52.0561 0x0a10  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:13:52.0811 0x0a10  PptpMiniport - ok
14:13:52.0842 0x0a10  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:13:53.0045 0x0a10  ProtectedStorage - ok
14:13:53.0202 0x0a10  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:13:53.0421 0x0a10  PSched - ok
14:13:53.0467 0x0a10  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:13:53.0514 0x0a10  Ptilink - ok
14:13:53.0514 0x0a10  ql1080 - ok
14:13:53.0530 0x0a10  Ql10wnt - ok
14:13:53.0546 0x0a10  ql12160 - ok
14:13:53.0561 0x0a10  ql1240 - ok
14:13:53.0577 0x0a10  ql1280 - ok
14:13:53.0592 0x0a10  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:13:53.0655 0x0a10  RasAcd - ok
14:13:53.0749 0x0a10  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:13:53.0983 0x0a10  RasAuto - ok
14:13:54.0046 0x0a10  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:13:54.0155 0x0a10  Rasl2tp - ok
14:13:54.0296 0x0a10  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:13:55.0499 0x0a10  RasMan - ok
14:13:55.0624 0x0a10  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:13:55.0781 0x0a10  RasPppoe - ok
14:13:55.0843 0x0a10  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:13:55.0890 0x0a10  Raspti - ok
14:13:56.0062 0x0a10  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:13:56.0578 0x0a10  Rdbss - ok
14:13:56.0656 0x0a10  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:13:57.0140 0x0a10  RDPCDD - ok
14:13:57.0343 0x0a10  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:13:57.0797 0x0a10  rdpdr - ok
14:13:58.0015 0x0a10  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:13:58.0078 0x0a10  RDPWD - ok
14:13:58.0281 0x0a10  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:13:58.0625 0x0a10  RDSessMgr - ok
14:13:58.0703 0x0a10  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:13:58.0781 0x0a10  redbook - ok
14:13:58.0984 0x0a10  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:13:59.0125 0x0a10  RemoteAccess - ok
14:13:59.0188 0x0a10  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:13:59.0250 0x0a10  RemoteRegistry - ok
14:13:59.0391 0x0a10  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:13:59.0578 0x0a10  RpcLocator - ok
14:13:59.0907 0x0a10  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:14:01.0751 0x0a10  RpcSs - ok
14:14:01.0829 0x0a10  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:14:02.0079 0x0a10  RSVP - ok
14:14:02.0470 0x0a10  [ 84BEAF4A13A36CB9BB0663DF9089CEA2, FAD68F354491E90C81854815A363174440893729856032DB6B6254BEB1A1F856 ] rt2870          C:\WINDOWS\system32\DRIVERS\rt2870.sys
14:14:03.0657 0x0a10  rt2870 - ok
14:14:03.0689 0x0a10  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:14:03.0689 0x0a10  SamSs - ok
14:14:03.0829 0x0a10  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:14:03.0954 0x0a10  SCardSvr - ok
14:14:04.0095 0x0a10  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:14:04.0439 0x0a10  Schedule - ok
14:14:04.0486 0x0a10  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:14:04.0517 0x0a10  Secdrv - ok
14:14:04.0564 0x0a10  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:14:04.0611 0x0a10  seclogon - ok
14:14:04.0642 0x0a10  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
14:14:04.0673 0x0a10  SENS - ok
14:14:04.0720 0x0a10  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:14:04.0845 0x0a10  serenum - ok
14:14:04.0892 0x0a10  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:14:05.0017 0x0a10  Serial - ok
14:14:05.0111 0x0a10  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:14:06.0533 0x0a10  Sfloppy - ok
14:14:06.0611 0x0a10  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:14:06.0908 0x0a10  ShellHWDetection - ok
14:14:06.0908 0x0a10  Simbad - ok
14:14:06.0924 0x0a10  Sparrow - ok
14:14:06.0971 0x0a10  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:14:06.0986 0x0a10  splitter - ok
14:14:07.0111 0x0a10  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:14:07.0111 0x0a10  Spooler - ok
14:14:07.0190 0x0a10  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:14:07.0283 0x0a10  sr - ok
14:14:07.0455 0x0a10  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:14:07.0612 0x0a10  srservice - ok
14:14:07.0768 0x0a10  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:14:08.0846 0x0a10  Srv - ok
14:14:08.0909 0x0a10  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:14:22.0522 0x0a10  SSDPSRV - ok
14:14:22.0834 0x0a10  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:14:25.0663 0x0a10  stisvc - ok
14:14:25.0976 0x0a10  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:14:26.0945 0x0a10  swenum - ok
14:14:27.0226 0x0a10  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:14:27.0304 0x0a10  swmidi - ok
14:14:27.0320 0x0a10  SwPrv - ok
14:14:27.0335 0x0a10  symc810 - ok
14:14:27.0351 0x0a10  symc8xx - ok
14:14:27.0367 0x0a10  sym_hi - ok
14:14:27.0367 0x0a10  sym_u3 - ok
14:14:27.0460 0x0a10  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:14:28.0883 0x0a10  sysaudio - ok
14:14:28.0992 0x0a10  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:14:30.0805 0x0a10  SysmonLog - ok
14:14:30.0961 0x0a10  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:14:32.0149 0x0a10  TapiSrv - ok
14:14:32.0446 0x0a10  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:14:33.0743 0x0a10  Tcpip - ok
14:14:34.0024 0x0a10  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:14:34.0571 0x0a10  TDPIPE - ok
14:14:34.0650 0x0a10  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:14:34.0775 0x0a10  TDTCP - ok
14:14:34.0822 0x0a10  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:14:34.0837 0x0a10  TermDD - ok
14:14:35.0056 0x0a10  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
14:14:35.0556 0x0a10  TermService - ok
14:14:35.0650 0x0a10  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:14:35.0744 0x0a10  Themes - ok
14:14:35.0884 0x0a10  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:14:36.0072 0x0a10  TlntSvr - ok
14:14:36.0087 0x0a10  TosIde - ok
14:14:36.0228 0x0a10  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:14:36.0369 0x0a10  TrkWks - ok
14:14:36.0447 0x0a10  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:14:36.0525 0x0a10  Udfs - ok
14:14:36.0541 0x0a10  ultra - ok
14:14:36.0791 0x0a10  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:14:37.0619 0x0a10  Update - ok
14:14:37.0728 0x0a10  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:14:38.0072 0x0a10  upnphost - ok
14:14:38.0088 0x0a10  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
14:14:38.0229 0x0a10  UPS - ok
14:14:38.0854 0x0a10  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:14:38.0948 0x0a10  usbccgp - ok
14:14:39.0182 0x0a10  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:14:40.0073 0x0a10  usbehci - ok
14:14:40.0479 0x0a10  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:14:40.0604 0x0a10  usbhub - ok
14:14:40.0901 0x0a10  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:14:40.0979 0x0a10  usbprint - ok
14:14:41.0057 0x0a10  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:14:41.0057 0x0a10  usbscan - ok
14:14:41.0120 0x0a10  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:14:41.0683 0x0a10  USBSTOR - ok
14:14:41.0761 0x0a10  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:14:41.0980 0x0a10  usbuhci - ok
14:14:42.0151 0x0a10  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:14:42.0230 0x0a10  VgaSave - ok
14:14:43.0371 0x0a10  [ 8586D10602FF4994E0F56A13A47D2B28, 47837E8A02F29719A7C2E54E7A93558C967C0CD7EF57D8F1B558A61699C4B4C7 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
14:14:45.0340 0x0a10  VIAHdAudAddService - ok
14:14:45.0340 0x0a10  ViaIde - ok
14:14:45.0434 0x0a10  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:14:45.0762 0x0a10  VolSnap - ok
14:14:45.0902 0x0a10  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
14:14:47.0731 0x0a10  VSS - ok
14:14:47.0934 0x0a10  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
14:14:48.0559 0x0a10  W32Time - ok
14:14:48.0606 0x0a10  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:14:49.0028 0x0a10  Wanarp - ok
14:14:49.0028 0x0a10  WDICA - ok
14:14:49.0169 0x0a10  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:14:49.0606 0x0a10  wdmaud - ok
14:14:49.0731 0x0a10  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:14:49.0997 0x0a10  WebClient - ok
14:14:50.0232 0x0a10  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:14:50.0482 0x0a10  winmgmt - ok
14:14:50.0794 0x0a10  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
14:14:51.0138 0x0a10  WmdmPmSN - ok
14:14:51.0560 0x0a10  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:14:51.0732 0x0a10  Wmi - ok
14:14:52.0091 0x0a10  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:14:53.0076 0x0a10  WmiApSrv - ok
14:14:53.0639 0x0a10  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
14:14:55.0342 0x0a10  WMPNetworkSvc - ok
14:14:55.0389 0x0a10  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:14:55.0467 0x0a10  wuauserv - ok
14:14:55.0842 0x0a10  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:14:56.0139 0x0a10  WudfPf - ok
14:14:56.0171 0x0a10  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:14:57.0327 0x0a10  WudfRd - ok
14:14:57.0780 0x0a10  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:14:57.0905 0x0a10  WudfSvc - ok
14:14:58.0171 0x0a10  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:14:58.0796 0x0a10  WZCSVC - ok
14:14:58.0859 0x0a10  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:14:59.0015 0x0a10  xmlprov - ok
14:14:59.0015 0x0a10  ================ Scan global ===============================
14:14:59.0062 0x0a10  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
14:14:59.0546 0x0a10  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:14:59.0750 0x0a10  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:14:59.0812 0x0a10  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
14:14:59.0812 0x0a10  [ Global ] - ok
14:14:59.0812 0x0a10  ================ Scan MBR ==================================
14:14:59.0843 0x0a10  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:15:00.0453 0x0a10  \Device\Harddisk0\DR0 - ok
14:15:00.0453 0x0a10  ================ Scan VBR ==================================
14:15:00.0453 0x0a10  [ D552BE65A163487CD483F8904542B7A0 ] \Device\Harddisk0\DR0\Partition1
14:15:00.0515 0x0a10  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
14:15:00.0515 0x0a10  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
14:15:12.0503 0x0a10  AV detected via SS1: Microsoft Security Essentials, 4.5.0216.0, enabled, updated
14:15:12.0503 0x0a10  ============================================================
14:15:12.0503 0x0a10  Scan finished
14:15:12.0503 0x0a10  ============================================================
14:15:12.0518 0x078c  Detected object count: 1
14:15:12.0518 0x078c  Actual detected object count: 1
14:32:25.0327 0x078c  \Device\Harddisk0\DR0\Partition1 - copied to quarantine
14:32:33.0250 0x078c  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Quarantine 
15:31:13.0745 0x0688  Deinitialize success


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 PM

Posted 08 April 2014 - 08:38 AM

Please rescan with TDSS-Killer and post the log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 cnstevens

cnstevens
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 10 April 2014 - 06:58 PM

19:37:59.0703 0x0378  TDSS rootkit removing tool 3.0.0.30 Apr  7 2014 15:39:12
19:38:04.0796 0x0378  ============================================================
19:38:04.0796 0x0378  Current date / time: 2014/04/09 19:38:04.0796
19:38:04.0796 0x0378  SystemInfo:
19:38:04.0796 0x0378  
19:38:04.0796 0x0378  OS Version: 5.1.2600 ServicePack: 3.0
19:38:04.0796 0x0378  Product type: Workstation
19:38:04.0796 0x0378  ComputerName: MACHIN1
19:38:04.0796 0x0378  UserName: Administrator
19:38:04.0796 0x0378  Windows directory: C:\WINDOWS
19:38:04.0796 0x0378  System windows directory: C:\WINDOWS
19:38:04.0796 0x0378  Processor architecture: Intel x86
19:38:04.0796 0x0378  Number of processors: 4
19:38:04.0796 0x0378  Page size: 0x1000
19:38:04.0796 0x0378  Boot type: Normal boot
19:38:04.0796 0x0378  ============================================================
19:38:14.0765 0x0378  KLMD registered as C:\WINDOWS\system32\drivers\05795998.sys
19:38:16.0500 0x0378  System UUID: {07D8B594-31F4-2BB9-F843-E1B7526AC3A4}
19:38:25.0218 0x0378  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:38:25.0312 0x0378  ============================================================
19:38:25.0312 0x0378  \Device\Harddisk0\DR0:
19:38:25.0343 0x0378  MBR partitions:
19:38:25.0343 0x0378  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
19:38:25.0343 0x0378  ============================================================
19:38:25.0406 0x0378  C: <-> \Device\Harddisk0\DR0\Partition1
19:38:25.0406 0x0378  ============================================================
19:38:25.0406 0x0378  Initialize success
19:38:25.0406 0x0378  ============================================================
19:38:28.0687 0x0c14  ============================================================
19:38:28.0687 0x0c14  Scan started
19:38:28.0687 0x0c14  Mode: Manual; 
19:38:28.0687 0x0c14  ============================================================
19:38:28.0687 0x0c14  KSN ping started
19:38:29.0171 0x0c14  KSN ping finished: true
19:38:29.0359 0x0c14  ================ Scan system memory ========================
19:38:29.0375 0x0c14  System memory - ok
19:38:29.0375 0x0c14  ================ Scan services =============================
19:38:29.0828 0x0c14  [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
19:38:29.0859 0x0c14  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
19:38:31.0359 0x0c14  Abiosdsk - ok
19:38:31.0359 0x0c14  abp480n5 - ok
19:38:31.0468 0x0c14  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:38:31.0656 0x0c14  ACPI - ok
19:38:31.0734 0x0c14  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
19:38:31.0765 0x0c14  ACPIEC - ok
19:38:31.0765 0x0c14  adpu160m - ok
19:38:31.0843 0x0c14  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:38:31.0984 0x0c14  aec - ok
19:38:32.0062 0x0c14  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:38:32.0171 0x0c14  AFD - ok
19:38:32.0171 0x0c14  Aha154x - ok
19:38:32.0187 0x0c14  aic78u2 - ok
19:38:32.0187 0x0c14  aic78xx - ok
19:38:32.0312 0x0c14  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:38:32.0375 0x0c14  Alerter - ok
19:38:32.0437 0x0c14  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
19:38:32.0515 0x0c14  ALG - ok
19:38:32.0515 0x0c14  AliIde - ok
19:38:32.0515 0x0c14  amsint - ok
19:38:32.0609 0x0c14  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:38:32.0750 0x0c14  AppMgmt - ok
19:38:32.0750 0x0c14  asc - ok
19:38:32.0765 0x0c14  asc3350p - ok
19:38:32.0765 0x0c14  asc3550 - ok
19:38:33.0078 0x0c14  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:38:33.0265 0x0c14  aspnet_state - ok
19:38:33.0328 0x0c14  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:38:33.0390 0x0c14  AsyncMac - ok
19:38:33.0437 0x0c14  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:38:33.0500 0x0c14  atapi - ok
19:38:33.0531 0x0c14  Atdisk - ok
19:38:33.0593 0x0c14  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:38:33.0656 0x0c14  Atmarpc - ok
19:38:33.0703 0x0c14  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:38:33.0765 0x0c14  AudioSrv - ok
19:38:33.0812 0x0c14  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:38:33.0812 0x0c14  audstub - ok
19:38:33.0875 0x0c14  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:38:33.0921 0x0c14  Beep - ok
19:38:34.0125 0x0c14  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:38:34.0312 0x0c14  BITS - ok
19:38:34.0359 0x0c14  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
19:38:34.0437 0x0c14  Browser - ok
19:38:34.0484 0x0c14  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:38:34.0515 0x0c14  cbidf2k - ok
19:38:34.0515 0x0c14  cd20xrnt - ok
19:38:34.0546 0x0c14  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:38:34.0593 0x0c14  Cdaudio - ok
19:38:34.0656 0x0c14  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:38:34.0750 0x0c14  Cdfs - ok
19:38:34.0796 0x0c14  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:38:34.0906 0x0c14  Cdrom - ok
19:38:34.0906 0x0c14  Changer - ok
19:38:34.0968 0x0c14  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:38:35.0046 0x0c14  CiSvc - ok
19:38:35.0125 0x0c14  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:38:35.0187 0x0c14  ClipSrv - ok
19:38:35.0281 0x0c14  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:38:35.0671 0x0c14  clr_optimization_v2.0.50727_32 - ok
19:38:35.0671 0x0c14  CmdIde - ok
19:38:35.0671 0x0c14  COMSysApp - ok
19:38:35.0687 0x0c14  Cpqarray - ok
19:38:35.0812 0x0c14  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:38:35.0828 0x0c14  CryptSvc - ok
19:38:35.0828 0x0c14  dac2w2k - ok
19:38:35.0828 0x0c14  dac960nt - ok
19:38:36.0421 0x0c14  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:38:36.0562 0x0c14  DcomLaunch - ok
19:38:36.0640 0x0c14  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:38:36.0734 0x0c14  Dhcp - ok
19:38:36.0828 0x0c14  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:38:37.0156 0x0c14  Disk - ok
19:38:37.0156 0x0c14  dmadmin - ok
19:38:37.0484 0x0c14  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:38:38.0109 0x0c14  dmboot - ok
19:38:38.0484 0x0c14  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:38:38.0734 0x0c14  dmio - ok
19:38:38.0765 0x0c14  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:38:38.0843 0x0c14  dmload - ok
19:38:38.0953 0x0c14  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:38:39.0140 0x0c14  dmserver - ok
19:38:39.0500 0x0c14  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:38:39.0562 0x0c14  DMusic - ok
19:38:39.0609 0x0c14  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:38:39.0843 0x0c14  Dnscache - ok
19:38:39.0968 0x0c14  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:38:40.0125 0x0c14  Dot3svc - ok
19:38:40.0125 0x0c14  dpti2o - ok
19:38:40.0171 0x0c14  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:38:40.0250 0x0c14  drmkaud - ok
19:38:40.0296 0x0c14  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:38:40.0343 0x0c14  EapHost - ok
19:38:40.0375 0x0c14  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:38:40.0421 0x0c14  ERSvc - ok
19:38:40.0500 0x0c14  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
19:38:40.0515 0x0c14  Eventlog - ok
19:38:40.0671 0x0c14  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
19:38:40.0734 0x0c14  EventSystem - ok
19:38:40.0906 0x0c14  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:38:41.0109 0x0c14  Fastfat - ok
19:38:41.0234 0x0c14  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:38:41.0453 0x0c14  FastUserSwitchingCompatibility - ok
19:38:41.0562 0x0c14  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
19:38:41.0765 0x0c14  Fdc - ok
19:38:41.0875 0x0c14  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:38:41.0890 0x0c14  Fips - ok
19:38:41.0937 0x0c14  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:38:41.0968 0x0c14  Flpydisk - ok
19:38:42.0078 0x0c14  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:38:42.0203 0x0c14  FltMgr - ok
19:38:42.0562 0x0c14  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:38:42.0609 0x0c14  FontCache3.0.0.0 - ok
19:38:42.0718 0x0c14  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:38:42.0750 0x0c14  Fs_Rec - ok
19:38:42.0812 0x0c14  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:38:43.0093 0x0c14  Ftdisk - ok
19:38:43.0171 0x0c14  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:38:43.0390 0x0c14  Gpc - ok
19:38:43.0796 0x0c14  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
19:38:43.0859 0x0c14  gupdate - ok
19:38:43.0906 0x0c14  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
19:38:43.0906 0x0c14  gupdatem - ok
19:38:44.0015 0x0c14  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:38:44.0078 0x0c14  HDAudBus - ok
19:38:44.0250 0x0c14  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:38:44.0265 0x0c14  helpsvc - ok
19:38:44.0312 0x0c14  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
19:38:44.0328 0x0c14  HidServ - ok
19:38:44.0359 0x0c14  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:38:44.0375 0x0c14  hidusb - ok
19:38:44.0453 0x0c14  [ CE77439BAF613019D6B7658292D1E4A6, EF0BCD841FB884F409102DED41EEB4B9E093B3B2FF9C2D932CE581767D892007 ] hitmanpro37     C:\WINDOWS\system32\drivers\hitmanpro37.sys
19:38:44.0453 0x0c14  hitmanpro37 - ok
19:38:44.0515 0x0c14  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:38:44.0640 0x0c14  hkmsvc - ok
19:38:44.0640 0x0c14  hpn - ok
19:38:44.0750 0x0c14  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:38:44.0843 0x0c14  HTTP - ok
19:38:44.0890 0x0c14  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:38:44.0921 0x0c14  HTTPFilter - ok
19:38:44.0921 0x0c14  i2omgmt - ok
19:38:44.0921 0x0c14  i2omp - ok
19:38:44.0953 0x0c14  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:38:44.0984 0x0c14  i8042prt - ok
19:38:47.0125 0x0c14  [ 9ACB03875CFE068D5CC0E98FB2CF7017, EF07C774A286B587979B8C0071AB90ABFEBD1CB4CD4F2E58A4EEE83C3D969BE5 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:38:48.0968 0x0c14  ialm - ok
19:38:49.0703 0x0c14  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:38:51.0875 0x0c14  idsvc - ok
19:38:51.0953 0x0c14  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:38:53.0078 0x0c14  Imapi - ok
19:38:53.0500 0x0c14  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:38:55.0171 0x0c14  ImapiService - ok
19:38:55.0171 0x0c14  ini910u - ok
19:38:55.0187 0x0c14  IntelIde - ok
19:38:55.0234 0x0c14  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:38:55.0296 0x0c14  intelppm - ok
19:38:55.0359 0x0c14  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:38:55.0484 0x0c14  Ip6Fw - ok
19:38:55.0531 0x0c14  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:38:55.0703 0x0c14  IpFilterDriver - ok
19:38:55.0765 0x0c14  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:38:56.0562 0x0c14  IpInIp - ok
19:38:56.0718 0x0c14  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:38:57.0125 0x0c14  IpNat - ok
19:38:57.0203 0x0c14  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:38:57.0328 0x0c14  IPSec - ok
19:38:57.0359 0x0c14  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:38:57.0406 0x0c14  IRENUM - ok
19:38:57.0437 0x0c14  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:38:57.0562 0x0c14  isapnp - ok
19:38:57.0796 0x0c14  [ B9436A665A8621073A12338B16D7BFD4, 1F1CB4758768BF7B7DDB27BF9DA944D869B561ABF7EC39CEC059044E10C1EA88 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:38:57.0937 0x0c14  JavaQuickStarterService - ok
19:38:58.0015 0x0c14  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:38:58.0062 0x0c14  Kbdclass - ok
19:38:58.0093 0x0c14  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:38:58.0359 0x0c14  kbdhid - ok
19:38:58.0453 0x0c14  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:38:58.0578 0x0c14  kmixer - ok
19:38:58.0796 0x0c14  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:38:59.0234 0x0c14  KSecDD - ok
19:38:59.0484 0x0c14  [ 080CF8720A306A64F7A09D1226491791, B75EAD1846FFA65D386A55BFEE2CF94CBE02BE01DACCD336A8153DD58016E8AE ] L1e             C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
19:38:59.0703 0x0c14  L1e - ok
19:38:59.0921 0x0c14  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
19:39:00.0171 0x0c14  LanmanServer - ok
19:39:00.0437 0x0c14  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:39:00.0796 0x0c14  lanmanworkstation - ok
19:39:00.0796 0x0c14  lbrtfdc - ok
19:39:00.0843 0x0c14  [ 03E12DBFACF1AEB86C553B0DB488FB81, 56AAACA1A32B819530D85AE3BBE6D178421DEDDD04498716974842415A1E2960 ] libusb0         C:\WINDOWS\system32\DRIVERS\libusb0.sys
19:39:01.0343 0x0c14  libusb0 - ok
19:39:01.0437 0x0c14  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:39:01.0515 0x0c14  LmHosts - ok
19:39:01.0734 0x0c14  [ 0DB7527DB188C7D967A37BB51BBF3963, 3812E26626EC49BE61B0B8DA5FE6E838C0FEF8A08363C239F64E6CCA0BA949D5 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
19:39:02.0171 0x0c14  MBAMSwissArmy - ok
19:39:02.0218 0x0c14  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:39:03.0015 0x0c14  Messenger - ok
19:39:03.0187 0x0c14  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:39:04.0015 0x0c14  mnmdd - ok
19:39:04.0500 0x0c14  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:39:05.0171 0x0c14  mnmsrvc - ok
19:39:05.0437 0x0c14  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:39:06.0078 0x0c14  Modem - ok
19:39:06.0437 0x0c14  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:39:06.0593 0x0c14  Mouclass - ok
19:39:07.0906 0x0c14  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:39:08.0453 0x0c14  mouhid - ok
19:39:09.0453 0x0c14  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:39:09.0781 0x0c14  MountMgr - ok
19:39:10.0203 0x0c14  [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:39:10.0734 0x0c14  MpFilter - ok
19:39:10.0734 0x0c14  mraid35x - ok
19:39:11.0843 0x0c14  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:39:11.0921 0x0c14  MRxDAV - ok
19:39:12.0937 0x0c14  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:39:13.0312 0x0c14  MRxSmb - ok
19:39:13.0343 0x0c14  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
19:39:13.0406 0x0c14  MSDTC - ok
19:39:13.0531 0x0c14  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:39:13.0796 0x0c14  Msfs - ok
19:39:13.0796 0x0c14  MSIServer - ok
19:39:13.0828 0x0c14  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:39:13.0921 0x0c14  MSKSSRV - ok
19:39:14.0437 0x0c14  [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:39:14.0890 0x0c14  MsMpSvc - ok
19:39:15.0203 0x0c14  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:39:15.0531 0x0c14  MSPCLOCK - ok
19:39:16.0031 0x0c14  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:39:16.0187 0x0c14  MSPQM - ok
19:39:17.0171 0x0c14  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:39:17.0328 0x0c14  mssmbios - ok
19:39:17.0625 0x0c14  [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:39:17.0921 0x0c14  MTsensor - ok
19:39:18.0031 0x0c14  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:39:18.0265 0x0c14  Mup - ok
19:39:21.0250 0x0c14  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:39:22.0328 0x0c14  napagent - ok
19:39:22.0671 0x0c14  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:39:23.0609 0x0c14  NDIS - ok
19:39:23.0937 0x0c14  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:39:24.0281 0x0c14  NdisTapi - ok
19:39:24.0578 0x0c14  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:39:24.0687 0x0c14  Ndisuio - ok
19:39:26.0109 0x0c14  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:39:26.0359 0x0c14  NdisWan - ok
19:39:28.0046 0x0c14  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:39:28.0593 0x0c14  NDProxy - ok
19:39:28.0750 0x0c14  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:39:29.0125 0x0c14  NetBIOS - ok
19:39:29.0328 0x0c14  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:39:30.0125 0x0c14  NetBT - ok
19:39:30.0312 0x0c14  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:39:30.0546 0x0c14  NetDDE - ok
19:39:30.0734 0x0c14  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:39:30.0734 0x0c14  NetDDEdsdm - ok
19:39:30.0796 0x0c14  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:39:30.0796 0x0c14  Netlogon - ok
19:39:31.0015 0x0c14  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
19:39:31.0031 0x0c14  Netman - ok
19:39:31.0156 0x0c14  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:39:31.0390 0x0c14  NetTcpPortSharing - ok
19:39:33.0484 0x0c14  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:39:33.0500 0x0c14  Nla - ok
19:39:33.0562 0x0c14  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:39:33.0593 0x0c14  Npfs - ok
19:39:35.0859 0x0c14  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:39:36.0921 0x0c14  Ntfs - ok
19:39:37.0421 0x0c14  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
19:39:37.0421 0x0c14  NtLmSsp - ok
19:39:39.0000 0x0c14  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:39:39.0781 0x0c14  NtmsSvc - ok
19:39:40.0343 0x0c14  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:39:40.0437 0x0c14  Null - ok
19:39:41.0406 0x0c14  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:39:41.0484 0x0c14  NwlnkFlt - ok
19:39:41.0640 0x0c14  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:39:41.0781 0x0c14  NwlnkFwd - ok
19:39:41.0875 0x0c14  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
19:39:41.0984 0x0c14  Parport - ok
19:39:42.0078 0x0c14  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:39:42.0156 0x0c14  PartMgr - ok
19:39:42.0765 0x0c14  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:39:42.0796 0x0c14  ParVdm - ok
19:39:42.0953 0x0c14  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:39:43.0031 0x0c14  PCI - ok
19:39:43.0046 0x0c14  PCIDump - ok
19:39:43.0046 0x0c14  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:39:43.0062 0x0c14  PCIIde - ok
19:39:43.0734 0x0c14  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:39:43.0890 0x0c14  Pcmcia - ok
19:39:43.0937 0x0c14  PDCOMP - ok
19:39:43.0937 0x0c14  PDFRAME - ok
19:39:43.0937 0x0c14  PDRELI - ok
19:39:43.0953 0x0c14  PDRFRAME - ok
19:39:43.0953 0x0c14  perc2 - ok
19:39:43.0953 0x0c14  perc2hib - ok
19:39:44.0140 0x0c14  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
19:39:44.0140 0x0c14  PlugPlay - ok
19:39:44.0171 0x0c14  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:39:44.0171 0x0c14  PolicyAgent - ok
19:39:44.0500 0x0c14  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:39:44.0593 0x0c14  PptpMiniport - ok
19:39:44.0703 0x0c14  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:39:44.0703 0x0c14  ProtectedStorage - ok
19:39:44.0796 0x0c14  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:39:45.0343 0x0c14  PSched - ok
19:39:45.0531 0x0c14  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:39:45.0671 0x0c14  Ptilink - ok
19:39:45.0671 0x0c14  ql1080 - ok
19:39:45.0671 0x0c14  Ql10wnt - ok
19:39:45.0671 0x0c14  ql12160 - ok
19:39:45.0671 0x0c14  ql1240 - ok
19:39:45.0671 0x0c14  ql1280 - ok
19:39:45.0828 0x0c14  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:39:45.0890 0x0c14  RasAcd - ok
19:39:45.0968 0x0c14  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:39:46.0078 0x0c14  RasAuto - ok
19:39:46.0156 0x0c14  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:39:46.0265 0x0c14  Rasl2tp - ok
19:39:47.0125 0x0c14  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:39:47.0328 0x0c14  RasMan - ok
19:39:47.0453 0x0c14  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:39:47.0546 0x0c14  RasPppoe - ok
19:39:47.0687 0x0c14  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:39:47.0796 0x0c14  Raspti - ok
19:39:50.0046 0x0c14  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:39:50.0296 0x0c14  Rdbss - ok
19:39:50.0609 0x0c14  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:39:50.0625 0x0c14  RDPCDD - ok
19:39:50.0859 0x0c14  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:39:51.0078 0x0c14  rdpdr - ok
19:39:51.0375 0x0c14  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:39:51.0484 0x0c14  RDPWD - ok
19:39:53.0109 0x0c14  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:39:53.0656 0x0c14  RDSessMgr - ok
19:39:54.0234 0x0c14  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:39:54.0375 0x0c14  redbook - ok
19:39:55.0500 0x0c14  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:39:55.0656 0x0c14  RemoteAccess - ok
19:39:58.0140 0x0c14  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:40:00.0234 0x0c14  RemoteRegistry - ok
19:40:04.0265 0x0c14  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:40:04.0546 0x0c14  RpcLocator - ok
19:40:06.0859 0x0c14  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
19:40:06.0875 0x0c14  RpcSs - ok
19:40:08.0531 0x0c14  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:40:08.0843 0x0c14  RSVP - ok
19:40:12.0109 0x0c14  [ 84BEAF4A13A36CB9BB0663DF9089CEA2, FAD68F354491E90C81854815A363174440893729856032DB6B6254BEB1A1F856 ] rt2870          C:\WINDOWS\system32\DRIVERS\rt2870.sys
19:40:13.0109 0x0c14  rt2870 - ok
19:40:16.0781 0x0c14  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:40:16.0796 0x0c14  SamSs - ok
19:40:17.0703 0x0c14  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:40:17.0906 0x0c14  SCardSvr - ok
19:40:18.0562 0x0c14  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:40:18.0828 0x0c14  Schedule - ok
19:40:19.0718 0x0c14  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:40:19.0781 0x0c14  Secdrv - ok
19:40:20.0062 0x0c14  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:40:20.0125 0x0c14  seclogon - ok
19:40:20.0359 0x0c14  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
19:40:20.0375 0x0c14  SENS - ok
19:40:20.0453 0x0c14  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
19:40:20.0500 0x0c14  serenum - ok
19:40:20.0828 0x0c14  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
19:40:21.0015 0x0c14  Serial - ok
19:40:21.0171 0x0c14  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:40:21.0203 0x0c14  Sfloppy - ok
19:40:21.0921 0x0c14  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:40:22.0046 0x0c14  ShellHWDetection - ok
19:40:22.0062 0x0c14  Simbad - ok
19:40:22.0062 0x0c14  Sparrow - ok
19:40:23.0593 0x0c14  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:40:23.0625 0x0c14  splitter - ok
19:40:23.0750 0x0c14  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:40:23.0781 0x0c14  Spooler - ok
19:40:24.0687 0x0c14  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:40:24.0859 0x0c14  sr - ok
19:40:27.0343 0x0c14  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:40:27.0515 0x0c14  srservice - ok
19:40:32.0343 0x0c14  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:40:32.0546 0x0c14  Srv - ok
19:40:32.0750 0x0c14  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:40:32.0796 0x0c14  SSDPSRV - ok
19:40:43.0171 0x0c14  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:40:43.0796 0x0c14  stisvc - ok
19:40:44.0109 0x0c14  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:40:44.0218 0x0c14  swenum - ok
19:40:45.0109 0x0c14  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:40:45.0296 0x0c14  swmidi - ok
19:40:45.0312 0x0c14  SwPrv - ok
19:40:45.0312 0x0c14  symc810 - ok
19:40:45.0312 0x0c14  symc8xx - ok
19:40:45.0328 0x0c14  sym_hi - ok
19:40:45.0328 0x0c14  sym_u3 - ok
19:40:46.0703 0x0c14  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:40:46.0843 0x0c14  sysaudio - ok
19:40:47.0328 0x0c14  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:40:47.0625 0x0c14  SysmonLog - ok
19:40:48.0640 0x0c14  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:40:49.0000 0x0c14  TapiSrv - ok
19:40:50.0812 0x0c14  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:40:51.0000 0x0c14  Tcpip - ok
19:40:51.0062 0x0c14  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:40:51.0109 0x0c14  TDPIPE - ok
19:40:51.0125 0x0c14  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:40:51.0140 0x0c14  TDTCP - ok
19:40:51.0171 0x0c14  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:40:51.0218 0x0c14  TermDD - ok
19:40:53.0468 0x0c14  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
19:40:53.0781 0x0c14  TermService - ok
19:40:55.0171 0x0c14  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:40:55.0187 0x0c14  Themes - ok
19:40:55.0421 0x0c14  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
19:41:01.0375 0x0c14  TlntSvr - ok
19:41:01.0375 0x0c14  TosIde - ok
19:41:03.0609 0x0c14  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:41:03.0734 0x0c14  TrkWks - ok
19:41:03.0968 0x0c14  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:41:04.0171 0x0c14  Udfs - ok
19:41:04.0171 0x0c14  ultra - ok
19:41:06.0406 0x0c14  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:41:07.0031 0x0c14  Update - ok
19:41:08.0109 0x0c14  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:41:08.0328 0x0c14  upnphost - ok
19:41:08.0437 0x0c14  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
19:41:08.0531 0x0c14  UPS - ok
19:41:08.0890 0x0c14  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:41:08.0953 0x0c14  usbccgp - ok
19:41:09.0015 0x0c14  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:41:09.0062 0x0c14  usbehci - ok
19:41:09.0187 0x0c14  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:41:09.0296 0x0c14  usbhub - ok
19:41:09.0343 0x0c14  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:41:09.0437 0x0c14  usbprint - ok
19:41:09.0484 0x0c14  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:41:09.0484 0x0c14  usbscan - ok
19:41:09.0812 0x0c14  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:41:09.0890 0x0c14  USBSTOR - ok
19:41:10.0015 0x0c14  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:41:10.0062 0x0c14  usbuhci - ok
19:41:10.0203 0x0c14  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:41:10.0250 0x0c14  VgaSave - ok
19:41:13.0968 0x0c14  [ 8586D10602FF4994E0F56A13A47D2B28, 47837E8A02F29719A7C2E54E7A93558C967C0CD7EF57D8F1B558A61699C4B4C7 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
19:41:15.0781 0x0c14  VIAHdAudAddService - ok
19:41:15.0796 0x0c14  ViaIde - ok
19:41:16.0171 0x0c14  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:41:16.0250 0x0c14  VolSnap - ok
19:41:17.0046 0x0c14  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
19:41:17.0500 0x0c14  VSS - ok
19:41:18.0796 0x0c14  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
19:41:18.0875 0x0c14  W32Time - ok
19:41:18.0937 0x0c14  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:41:19.0156 0x0c14  Wanarp - ok
19:41:19.0156 0x0c14  WDICA - ok
19:41:19.0578 0x0c14  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:41:20.0375 0x0c14  wdmaud - ok
19:41:20.0843 0x0c14  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:41:20.0921 0x0c14  WebClient - ok
19:41:32.0468 0x0c14  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:41:32.0609 0x0c14  winmgmt - ok
19:41:33.0218 0x0c14  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:41:33.0343 0x0c14  WmdmPmSN - ok
19:41:35.0968 0x0c14  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:41:35.0984 0x0c14  Wmi - ok
19:41:39.0515 0x0c14  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:41:40.0218 0x0c14  WmiApSrv - ok
19:41:56.0046 0x0c14  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
19:41:56.0828 0x0c14  WMPNetworkSvc - ok
19:41:59.0140 0x0c14  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:41:59.0140 0x0c14  wuauserv - ok
19:41:59.0468 0x0c14  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:41:59.0812 0x0c14  WudfPf - ok
19:41:59.0875 0x0c14  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:42:00.0140 0x0c14  WudfRd - ok
19:42:16.0000 0x0c14  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
19:42:16.0156 0x0c14  WudfSvc - ok
19:42:41.0906 0x0c14  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:42:42.0500 0x0c14  WZCSVC - ok
19:42:46.0421 0x0c14  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:42:46.0718 0x0c14  xmlprov - ok
19:42:46.0734 0x0c14  ================ Scan global ===============================
19:42:49.0515 0x0c14  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
19:43:05.0750 0x0c14  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
19:43:06.0234 0x0c14  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
19:43:06.0343 0x0c14  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
19:43:06.0359 0x0c14  [ Global ] - ok
19:43:06.0359 0x0c14  ================ Scan MBR ==================================
19:43:06.0437 0x0c14  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:43:07.0687 0x0c14  \Device\Harddisk0\DR0 - ok
19:43:07.0703 0x0c14  ================ Scan VBR ==================================
19:43:07.0703 0x0c14  [ D552BE65A163487CD483F8904542B7A0 ] \Device\Harddisk0\DR0\Partition1
19:43:07.0765 0x0c14  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
19:43:07.0765 0x0c14  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
19:43:08.0593 0x0c14  AV detected via SS1: Microsoft Security Essentials, 4.5.0216.0, enabled, updated
19:43:19.0437 0x0c14  ============================================================
19:43:19.0437 0x0c14  Scan finished
19:43:19.0437 0x0c14  ============================================================
19:43:20.0500 0x0c0c  Detected object count: 1
19:43:20.0500 0x0c0c  Actual detected object count: 1
19:50:02.0328 0x0c0c  \Device\Harddisk0\DR0\Partition1 - copied to quarantine
19:50:04.0484 0x0c0c  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Quarantine 
19:50:20.0437 0x014c  Deinitialize success


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 PM

Posted 11 April 2014 - 08:23 AM

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 PM

Posted 08 May 2014 - 04:17 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 PM

Posted 08 May 2014 - 04:17 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users