Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer 8 Keeps trying to run in my process's


  • Please log in to reply
8 replies to this topic

#1 ralph4

ralph4

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 17 April 2014 - 06:13 PM

Hi there I need some help with my pc I have tried running malware bytes antimalware and vipre internet security to get of the malware I got by accident and now it keeps trying to open internet explorer 8. I Have tried sevral scans on trying to remove the malware that keeps trying to hijack internet explorer 8 so please help me im at the end of the end of my rope and I need help figuring out what keeps trying to open internet explorer 8.


Edited by hamluis, 18 April 2014 - 10:05 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,568 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 17 April 2014 - 08:55 PM

G'day ralph4, and :welcome:  to BC !!

 

Please start by resetting Internet Explorer.

 

  1. Open Internet Explorer, click on the gear icon icongear.jpg (Tools for Windows XP users) at the top (far right), then click again on Internet Options.
    ie-internet-options.jpg
  2. In the Internet Options dialog box, click on the Advanced tab, then click on the Reset button.
    ie-reset.jpg
  3. In the Reset Internet Explorer settings section, check the Delete personal settings box, then click on Reset.
    ie-default-settings.jpg
  4. When Internet Explorer finishes resetting, click Close in the confirmation dialogue box and then click OK.
  5. Close and open Internet Explorer.

 

Let me know if that has fixed the problem.

 


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT EXCLUSIVELY... NO DUAL BOOT, NO VIRTUAL MACHINE

 

 

 Failure is not an option. It comes bundled with your Microsoft product.

 

 

 


#3 ralph4

ralph4
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 18 April 2014 - 08:53 AM

No unfortunately  it did'nt fix the problem but i know my pc is infected with malware and most likely a trojan because I only use firefox so I know something is trying to hijack internet explorer 8. But here's the thing if you recommend any cleaner's there gonna have to be FREE TO USE meaning they have to not only do a full scan on my PC but they have to clean it up for FREE because I don't have MONEY to spend on those products. The security products im using now is malwarebytes antimalware and vipre internet security both are up to date and I have tried everything to get rid of the problem i have done full scan's and that still has'nt stopped internet explorer 8 from trying to open.

 

Now here's whats going on it'll try to open it's self and it'll try to run anywhere from 3 to 6 Iexplore.exe and really I don't know what else could be causing it malware bytes antimalware was run several times and it did'nt find malware but it has'nt stopped the the Iexplore.exe and vipre internet security can't really find it to so I don't really know what to do.

 

oh I forgot to mention when iexplore.exe runs like 6 process's in my process tab in task manager internet explorer 8 never opens it'll pop with an unreadable memory error message or something and it'll say ok to terminate the program or cancel to debug the program.


Edited by ralph4, 18 April 2014 - 10:28 AM.


#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,568 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 19 April 2014 - 06:25 AM

Please run these for me In The Order Listed and Copy and Paste the logs back here in your next reply.

 

Please download MiniToolBox   to desktop and run it.
Checkmark the following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

 

 

Download TDSSKiller and save it to your desktop.
Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

 

 

Please download RKill by Grinler from the link below and save it to your desktop.

   RKILL

    Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
    Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
    If nothing happens or if the tool does not run, please let me know in your next reply.
    A log pops up at the end of the run. This log file is located at C:\rkill.log.
    Please post the log in your next reply.

 

DO NOT REBOOT BEFORE RUNNING THE NEXT SCAN

 

 

Download AdwCleaner  by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Vista / Windows 7 / 8 users right-click and select Run As Administrator
• Click on the Scan button. (only once[/I])
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review.
• If you're ready to clean it all up.....click the Clean button.(only once)

Note you will be asked to click OK and confirm with OK to reboot.
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.

• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted (if necessary):
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT EXCLUSIVELY... NO DUAL BOOT, NO VIRTUAL MACHINE

 

 

 Failure is not an option. It comes bundled with your Microsoft product.

 

 

 


#5 ralph4

ralph4
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 19 April 2014 - 10:25 AM

Scan results from mini tool box

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Ralph Gnann (administrator) on 19-04-2014 at 11:13:45
Running from "C:\Documents and Settings\Ralph Gnann\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost


========================= Event log errors: ===============================

Application errors:
==================
Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.USAGE.TXT> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.USAGE.TXT> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.PROPERTIES> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.PROPERTIES> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.DTD> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.DTD> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.ADULT.TXT> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.ADULT.TXT> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (04/16/2014 07:44:04 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.INPUT_WINDOW.PROPERTIES> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (04/16/2014 07:44:04 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.INPUT_WINDOW.PROPERTIES> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (04/19/2014 00:40:53 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.102 for the Network Card with network address 00123FD28DC6 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (04/18/2014 08:36:50 PM) (Source: 0) (User: )
Description: \Device\Scsi\mraid2k5

Error: (04/17/2014 04:34:46 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 00123FD28DC6 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (04/16/2014 06:33:17 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mraid35x

Error: (04/15/2014 11:28:16 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 00123FD28DC6 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (04/14/2014 11:48:01 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mraid35x

Error: (04/13/2014 04:27:25 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mraid35x

Error: (04/13/2014 02:51:02 PM) (Source: Service Control Manager) (User: )
Description: The Security Center Server - 4279864647 service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/13/2014 01:47:33 PM) (Source: Service Control Manager) (User: )
Description: The Security Center Server - 4279864647 service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/13/2014 01:41:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).


Microsoft Office Sessions:
=========================
Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.USAGE.TXT

Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.USAGE.TXT

Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.PROPERTIES

Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.PROPERTIES

Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.DTD

Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.DTD

Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.ADULT.TXT

Error: (04/16/2014 07:44:09 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.LICENSE.ADULT.TXT

Error: (04/16/2014 07:44:04 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.INPUT_WINDOW.PROPERTIES

Error: (04/16/2014 07:44:04 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\DOCUMENTS AND SETTINGS\RALPH GNANN\DESKTOP\OLD FIREFOX DATA\US0KFSJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM\CHROME\LOCALE\AR\FVD.SINGLE.INPUT_WINDOW.PROPERTIES


=========================== Installed Programs ============================

Absolute Uninstaller 2.9.0.722
Adobe AIR (Version: 3.9.0.1380)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Flash Player 13 Plugin (Version: 13.0.0.182)
Adobe Reader XI (Version: 11.0.00)
Bing Bar (Version: 7.1.391.0)
CCleaner (Version: 4.12)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
DAEMON Tools Lite (Version: 4.48.1.0347)
Dell ResourceCD
DivX Setup (Version: 2.6.1.100)
Google Chrome (Version: 34.0.1847.116)
Google Drive (Version: 1.15.6430.6825)
Google Update Helper (Version: 1.3.23.9)
HyperSnap 7 (Version: 7.27.02)
Intel® PRO Network Connections Drivers
Java 7 Update 55 (Version: 7.0.550)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 14.0.8117.416)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 28.0 (x86 en-US) (Version: 28.0)
Mozilla Maintenance Service (Version: 28.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice 4.0.1 (Version: 4.01.9714)
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
RealUpgrade 1.1 (Version: 1.1.0)
RuneScape Launcher 1.2.3 (Version: 1.2.3)
Search Protection (Version: 7.5.0.1)
Segoe UI (Version: 14.0.4327.805)
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.14 (Version: 6.14.104)
Steam
The Sting!
The Weather Channel App (Version: 1.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB2934207) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VIPRE Internet Security (Version: 7.0.6.2)
VLC media player 2.0.5 (Version: 2.0.5)
Vuze (Version: 5.3.0.0)
WebFldrs XP (Version: 9.50.6513)
WinASO Registry Optimizer 3.1
WinASO Registry Optimizer 4.8.4
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
YTD Video Downloader 4.7.4 (Version: 4.7.4)

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 2047.19 MB
Available physical RAM: 1014.32 MB
Total Pagefile: 2608.96 MB
Available Pagefile: 1546.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.71 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:204.72 GB) (Free:132.93 GB) NTFS

========================= Users: ========================================

User accounts for \\SERVER

Administrator            ASPNET                   Guest                    
HelpAssistant            Ralph Gnann              SUPPORT_388945a0         


**** End of log ****
 

 

Scan results from TDSSKILLER

 

11:20:04.0453 0x1058  TDSS rootkit removing tool 3.0.0.31 Apr 11 2014 08:55:10
11:20:10.0578 0x1058  ============================================================
11:20:10.0578 0x1058  Current date / time: 2014/04/19 11:20:10.0578
11:20:10.0578 0x1058  SystemInfo:
11:20:10.0578 0x1058  
11:20:10.0578 0x1058  OS Version: 5.1.2600 ServicePack: 3.0
11:20:10.0578 0x1058  Product type: Workstation
11:20:10.0578 0x1058  ComputerName: SERVER
11:20:10.0578 0x1058  UserName: Ralph Gnann
11:20:10.0578 0x1058  Windows directory: C:\WINDOWS
11:20:10.0578 0x1058  System windows directory: C:\WINDOWS
11:20:10.0578 0x1058  Processor architecture: Intel x86
11:20:10.0578 0x1058  Number of processors: 2
11:20:10.0578 0x1058  Page size: 0x1000
11:20:10.0578 0x1058  Boot type: Normal boot
11:20:10.0578 0x1058  ============================================================
11:20:33.0031 0x1058  KLMD registered as C:\WINDOWS\system32\drivers\62225807.sys
11:20:34.0265 0x1058  System UUID: {AA3E44C0-232C-FF5C-6D11-1BAE5BA4D94B}
11:20:37.0234 0x1058  Drive \Device\Harddisk0\DR0 - Size: 0x332E800000 (204.73 Gb), SectorSize: 0x200, Cylinders: 0x6865, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
11:20:37.0250 0x1058  ============================================================
11:20:37.0250 0x1058  \Device\Harddisk0\DR0:
11:20:37.0250 0x1058  MBR partitions:
11:20:37.0250 0x1058  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1996EB25
11:20:37.0250 0x1058  ============================================================
11:20:37.0359 0x1058  C: <-> \Device\Harddisk0\DR0\Partition1
11:20:37.0359 0x1058  ============================================================
11:20:37.0359 0x1058  Initialize success
11:20:37.0359 0x1058  ============================================================
11:21:38.0156 0x12f4  ============================================================
11:21:38.0156 0x12f4  Scan started
11:21:38.0156 0x12f4  Mode: Manual;
11:21:38.0156 0x12f4  ============================================================
11:21:38.0156 0x12f4  KSN ping started
11:21:51.0812 0x12f4  KSN ping finished: true
11:22:02.0140 0x12f4  ================ Scan system memory ========================
11:22:02.0156 0x12f4  System memory - ok
11:22:02.0156 0x12f4  ================ Scan services =============================
11:22:02.0953 0x12f4  Abiosdsk - ok
11:22:02.0968 0x12f4  abp480n5 - ok
11:22:03.0046 0x12f4  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:22:03.0062 0x12f4  ACPI - ok
11:22:03.0406 0x12f4  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:22:03.0453 0x12f4  ACPIEC - ok
11:22:03.0609 0x12f4  [ C2CE3311D2477B1B24CFB67020AD49B6, 5F800CDD69BA4E8813876BE82FC9FED3F2584DB8C8ADED345F7B5C2A32F809AE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:22:03.0703 0x12f4  AdobeFlashPlayerUpdateSvc - ok
11:22:03.0718 0x12f4  adpu160m - ok
11:22:03.0781 0x12f4  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:22:03.0796 0x12f4  aec - ok
11:22:03.0843 0x12f4  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:22:03.0875 0x12f4  AFD - ok
11:22:03.0875 0x12f4  Aha154x - ok
11:22:03.0906 0x12f4  aic78u2 - ok
11:22:03.0937 0x12f4  aic78xx - ok
11:22:03.0968 0x12f4  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:22:03.0984 0x12f4  Alerter - ok
11:22:04.0000 0x12f4  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
11:22:04.0000 0x12f4  ALG - ok
11:22:04.0015 0x12f4  AliIde - ok
11:22:04.0031 0x12f4  amsint - ok
11:22:04.0140 0x12f4  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:22:04.0187 0x12f4  AppMgmt - ok
11:22:04.0187 0x12f4  asc - ok
11:22:04.0250 0x12f4  asc3350p - ok
11:22:04.0265 0x12f4  asc3550 - ok
11:22:04.0640 0x12f4  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:22:04.0953 0x12f4  aspnet_state - ok
11:22:04.0984 0x12f4  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:22:04.0984 0x12f4  AsyncMac - ok
11:22:05.0015 0x12f4  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:22:05.0031 0x12f4  atapi - ok
11:22:05.0031 0x12f4  Atdisk - ok
11:22:05.0203 0x12f4  [ 8759322FFC1A50569C1E5528EE8026B7, 4096F61F5C580622ABDC2FFC523FD81D667ACBD584074182134FB00E1EE43EC7 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:22:05.0421 0x12f4  ati2mtag - ok
11:22:05.0453 0x12f4  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:22:05.0484 0x12f4  Atmarpc - ok
11:22:05.0531 0x12f4  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:22:05.0546 0x12f4  AudioSrv - ok
11:22:05.0609 0x12f4  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:22:05.0625 0x12f4  audstub - ok
11:22:05.0875 0x12f4  [ F48FEB7DA35821DA15E0B006DCB9A169, 2D880947BEE79780C2CB7608F7AE88234AD3E577033E2B192927921AF1A02629 ] BBSvc           C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
11:22:05.0890 0x12f4  BBSvc - ok
11:22:05.0953 0x12f4  [ 8E16F7A85441986FD2B9CE6C879524E4, 3CA24EB29607795D44E7D28A7196A75580F67923F905E50FAA08B0946B3D80BB ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
11:22:05.0968 0x12f4  BBUpdate - ok
11:22:06.0015 0x12f4  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:22:06.0062 0x12f4  Beep - ok
11:22:06.0140 0x12f4  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:22:06.0265 0x12f4  BITS - ok
11:22:06.0343 0x12f4  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
11:22:06.0375 0x12f4  Browser - ok
11:22:06.0406 0x12f4  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:22:06.0453 0x12f4  cbidf2k - ok
11:22:06.0484 0x12f4  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:22:06.0531 0x12f4  CCDECODE - ok
11:22:06.0546 0x12f4  cd20xrnt - ok
11:22:06.0609 0x12f4  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:22:06.0640 0x12f4  Cdaudio - ok
11:22:06.0687 0x12f4  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:22:06.0718 0x12f4  Cdfs - ok
11:22:06.0750 0x12f4  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:22:06.0781 0x12f4  Cdrom - ok
11:22:06.0796 0x12f4  Changer - ok
11:22:06.0843 0x12f4  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:22:06.0843 0x12f4  CiSvc - ok
11:22:06.0890 0x12f4  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:22:06.0890 0x12f4  ClipSrv - ok
11:22:06.0953 0x12f4  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:22:07.0390 0x12f4  clr_optimization_v2.0.50727_32 - ok
11:22:07.0593 0x12f4  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:22:07.0890 0x12f4  clr_optimization_v4.0.30319_32 - ok
11:22:07.0906 0x12f4  CmdIde - ok
11:22:07.0937 0x12f4  COMSysApp - ok
11:22:08.0000 0x12f4  Cpqarray - ok
11:22:08.0031 0x12f4  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:22:08.0046 0x12f4  CryptSvc - ok
11:22:08.0046 0x12f4  dac2w2k - ok
11:22:08.0093 0x12f4  dac960nt - ok
11:22:08.0171 0x12f4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:22:08.0296 0x12f4  DcomLaunch - ok
11:22:08.0375 0x12f4  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:22:08.0406 0x12f4  Dhcp - ok
11:22:08.0437 0x12f4  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:22:08.0453 0x12f4  Disk - ok
11:22:08.0500 0x12f4  dmadmin - ok
11:22:08.0656 0x12f4  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:22:08.0750 0x12f4  dmboot - ok
11:22:08.0781 0x12f4  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\DRIVERS\dmio.sys
11:22:08.0812 0x12f4  dmio - ok
11:22:08.0812 0x12f4  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:22:08.0828 0x12f4  dmload - ok
11:22:08.0859 0x12f4  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:22:08.0859 0x12f4  dmserver - ok
11:22:08.0890 0x12f4  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:22:08.0890 0x12f4  DMusic - ok
11:22:08.0921 0x12f4  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:22:08.0921 0x12f4  Dnscache - ok
11:22:08.0984 0x12f4  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:22:09.0015 0x12f4  Dot3svc - ok
11:22:09.0015 0x12f4  dpti2o - ok
11:22:09.0046 0x12f4  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:22:09.0093 0x12f4  drmkaud - ok
11:22:09.0156 0x12f4  [ E6B7D1B24E16FB24CE1FEA964E144EBC, 30F81E0A017163A1AB463FE3A13B5CC2905B973E782AEBC1EB63759BF2470658 ] dtsoftbus01     C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
11:22:09.0265 0x12f4  dtsoftbus01 - ok
11:22:09.0375 0x12f4  [ 73C0EEF62AD50C7FF7A4B1EC9321AF9F, 7BDFB7AC7DDF062F107E292750348D9BA76594BBF8B69777A591B15C200A9933 ] E1000           C:\WINDOWS\system32\DRIVERS\e1000325.sys
11:22:09.0640 0x12f4  E1000 - ok
11:22:09.0703 0x12f4  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:22:09.0718 0x12f4  EapHost - ok
11:22:09.0765 0x12f4  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:22:09.0796 0x12f4  ERSvc - ok
11:22:09.0875 0x12f4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
11:22:09.0890 0x12f4  Eventlog - ok
11:22:10.0062 0x12f4  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\System32\es.dll
11:22:10.0125 0x12f4  EventSystem - ok
11:22:10.0234 0x12f4  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:22:10.0265 0x12f4  Fastfat - ok
11:22:10.0375 0x12f4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:22:10.0421 0x12f4  FastUserSwitchingCompatibility - ok
11:22:10.0453 0x12f4  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
11:22:10.0468 0x12f4  Fdc - ok
11:22:10.0500 0x12f4  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:22:10.0515 0x12f4  Fips - ok
11:22:10.0562 0x12f4  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:22:10.0578 0x12f4  Flpydisk - ok
11:22:10.0671 0x12f4  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:22:10.0734 0x12f4  FltMgr - ok
11:22:10.0921 0x12f4  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:22:11.0296 0x12f4  FontCache3.0.0.0 - ok
11:22:11.0343 0x12f4  [ E0087225B137E57239FF40F8AE82059B, A03EF9778F267EEBBAD8F72AC0E492872AF73BCA435CCF5C336A8475046B1672 ] fssfltr         C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
11:22:11.0484 0x12f4  fssfltr - ok
11:22:11.0859 0x12f4  [ 45B52394F9624237F33A8A3D73C0B221, AC3E26F9D0E8A91164C54E87C9C8BFCF824A14C80D4CEF3255C6127A482F25FE ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
11:22:12.0765 0x12f4  fsssvc - ok
11:22:12.0781 0x12f4  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:22:12.0796 0x12f4  Fs_Rec - ok
11:22:12.0843 0x12f4  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:22:12.0843 0x12f4  Ftdisk - ok
11:22:12.0890 0x12f4  [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:22:12.0984 0x12f4  GEARAspiWDM - ok
11:22:13.0015 0x12f4  [ FE4D369172AC1CC19C876BDB5BDC31A3, B02D58846C11D63DED9D211A271B1A01788FA162E8CD34645DBEFF136173FB92 ] gfiark          C:\WINDOWS\system32\drivers\gfiark.sys
11:22:13.0250 0x12f4  gfiark - ok
11:22:13.0328 0x12f4  [ 3EAEB9143A5DBC1082785BBBE8D8CFEA, B84AD6FB6E5A433B3CC243CC98CDA3906A466DBF55759C8101438643D2C93803 ] gfiutil         C:\WINDOWS\system32\drivers\gfiutil.sys
11:22:13.0796 0x12f4  gfiutil - ok
11:22:13.0828 0x12f4  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:22:13.0890 0x12f4  Gpc - ok
11:22:13.0968 0x12f4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:22:14.0078 0x12f4  gupdate - ok
11:22:14.0125 0x12f4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:22:14.0125 0x12f4  gupdatem - ok
11:22:14.0203 0x12f4  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:22:14.0218 0x12f4  helpsvc - ok
11:22:14.0296 0x12f4  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:22:14.0312 0x12f4  HidServ - ok
11:22:14.0375 0x12f4  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:22:14.0406 0x12f4  HidUsb - ok
11:22:14.0468 0x12f4  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:22:14.0484 0x12f4  hkmsvc - ok
11:22:14.0515 0x12f4  hpn - ok
11:22:14.0531 0x12f4  hpraudio - ok
11:22:14.0578 0x12f4  hprg - ok
11:22:14.0687 0x12f4  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:22:14.0718 0x12f4  HTTP - ok
11:22:14.0765 0x12f4  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:22:14.0765 0x12f4  HTTPFilter - ok
11:22:14.0781 0x12f4  i2omgmt - ok
11:22:14.0812 0x12f4  i2omp - ok
11:22:14.0843 0x12f4  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:22:14.0875 0x12f4  i8042prt - ok
11:22:15.0031 0x12f4  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:22:15.0609 0x12f4  idsvc - ok
11:22:15.0718 0x12f4  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:22:15.0734 0x12f4  Imapi - ok
11:22:15.0781 0x12f4  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\System32\imapi.exe
11:22:15.0812 0x12f4  ImapiService - ok
11:22:15.0828 0x12f4  ini910u - ok
11:22:15.0890 0x12f4  IntelIde - ok
11:22:15.0937 0x12f4  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:22:15.0937 0x12f4  intelppm - ok
11:22:15.0968 0x12f4  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:22:15.0968 0x12f4  ip6fw - ok
11:22:16.0031 0x12f4  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:22:16.0109 0x12f4  IpFilterDriver - ok
11:22:16.0125 0x12f4  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:22:16.0171 0x12f4  IpInIp - ok
11:22:16.0203 0x12f4  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:22:16.0234 0x12f4  IpNat - ok
11:22:16.0281 0x12f4  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:22:16.0312 0x12f4  IPSec - ok
11:22:16.0328 0x12f4  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:22:16.0343 0x12f4  IRENUM - ok
11:22:16.0375 0x12f4  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:22:16.0375 0x12f4  isapnp - ok
11:22:16.0500 0x12f4  [ 45A663489E1A24FE3696F689178C1041, 362C156636EB8E791E4917E345B269E086DE1A69CAF1D12FDFEF90DFF2E19359 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
11:22:16.0656 0x12f4  JavaQuickStarterService - ok
11:22:16.0687 0x12f4  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:22:16.0718 0x12f4  Kbdclass - ok
11:22:16.0765 0x12f4  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:22:16.0796 0x12f4  kbdhid - ok
11:22:16.0890 0x12f4  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:22:16.0921 0x12f4  kmixer - ok
11:22:17.0000 0x12f4  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:22:17.0015 0x12f4  KSecDD - ok
11:22:17.0156 0x12f4  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:22:17.0187 0x12f4  lanmanserver - ok
11:22:17.0328 0x12f4  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
11:22:17.0421 0x12f4  LanmanWorkstation - ok
11:22:17.0437 0x12f4  lbrtfdc - ok
11:22:17.0515 0x12f4  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:22:17.0531 0x12f4  LmHosts - ok
11:22:17.0609 0x12f4  [ 6F0D0617310A677360B7EB6D2D59086E, 399358CFCE99EBCAE9874FDD44F634ED434CCE3C8821357EDC324046F7FEC68F ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
11:22:17.0765 0x12f4  mbamchameleon - ok
11:22:17.0812 0x12f4  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
11:22:17.0843 0x12f4  MBAMProtector - ok
11:22:18.0234 0x12f4  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:22:18.0390 0x12f4  MBAMScheduler - ok
11:22:18.0796 0x12f4  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:22:19.0046 0x12f4  MBAMService - ok
11:22:19.0359 0x12f4  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:22:19.0718 0x12f4  MDM - ok
11:22:19.0796 0x12f4  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:22:19.0828 0x12f4  Messenger - ok
11:22:19.0906 0x12f4  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:22:19.0921 0x12f4  mnmdd - ok
11:22:19.0984 0x12f4  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
11:22:20.0015 0x12f4  mnmsrvc - ok
11:22:20.0062 0x12f4  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:22:20.0093 0x12f4  Modem - ok
11:22:20.0187 0x12f4  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:22:20.0218 0x12f4  Mouclass - ok
11:22:20.0296 0x12f4  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:22:20.0328 0x12f4  mouhid - ok
11:22:20.0390 0x12f4  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:22:20.0390 0x12f4  MountMgr - ok
11:22:20.0453 0x12f4  [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:22:20.0546 0x12f4  MozillaMaintenance - ok
11:22:20.0578 0x12f4  [ 918A6AFE9E327BF044ABC80F67138BF4, 07CB1970CF226FFDABC2C07B40FFA4F2E6F02BB9EC8BF6E28566D7131A003E94 ] mraid2k         C:\WINDOWS\system32\drivers\mraid2k.sys
11:22:20.0578 0x12f4  mraid2k - ok
11:22:20.0609 0x12f4  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\drivers\mraid35x.sys
11:22:20.0609 0x12f4  mraid35x - ok
11:22:20.0781 0x12f4  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:22:20.0828 0x12f4  MRxDAV - ok
11:22:20.0968 0x12f4  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:22:21.0031 0x12f4  MRxSmb - ok
11:22:21.0046 0x12f4  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
11:22:21.0062 0x12f4  MSDTC - ok
11:22:21.0109 0x12f4  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:22:21.0109 0x12f4  Msfs - ok
11:22:21.0125 0x12f4  MSIServer - ok
11:22:21.0171 0x12f4  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:22:21.0187 0x12f4  MSKSSRV - ok
11:22:21.0218 0x12f4  [ 64E8B7C65EB4796939C0F64F8170821B, 60B7E473E0EC36CFE27E4173744B060ABCC4580E1B639FC04C72380534F592C9 ] msloop          C:\WINDOWS\system32\DRIVERS\loop.sys
11:22:21.0234 0x12f4  msloop - ok
11:22:21.0265 0x12f4  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:22:21.0265 0x12f4  MSPCLOCK - ok
11:22:21.0328 0x12f4  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:22:21.0343 0x12f4  MSPQM - ok
11:22:21.0375 0x12f4  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:22:21.0390 0x12f4  mssmbios - ok
11:22:21.0421 0x12f4  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
11:22:21.0437 0x12f4  MSTEE - ok
11:22:21.0500 0x12f4  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:22:21.0515 0x12f4  Mup - ok
11:22:21.0562 0x12f4  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:22:21.0578 0x12f4  NABTSFEC - ok
11:22:21.0796 0x12f4  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:22:21.0890 0x12f4  napagent - ok
11:22:21.0984 0x12f4  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:22:22.0031 0x12f4  NDIS - ok
11:22:22.0125 0x12f4  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:22:22.0140 0x12f4  NdisIP - ok
11:22:22.0218 0x12f4  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:22:22.0250 0x12f4  NdisTapi - ok
11:22:22.0312 0x12f4  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:22:22.0359 0x12f4  Ndisuio - ok
11:22:22.0406 0x12f4  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:22:22.0437 0x12f4  NdisWan - ok
11:22:22.0484 0x12f4  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:22:22.0546 0x12f4  NDProxy - ok
11:22:22.0609 0x12f4  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:22:22.0625 0x12f4  NetBIOS - ok
11:22:22.0703 0x12f4  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:22:22.0750 0x12f4  NetBT - ok
11:22:22.0828 0x12f4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:22:22.0875 0x12f4  NetDDE - ok
11:22:22.0921 0x12f4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:22:22.0937 0x12f4  NetDDEdsdm - ok
11:22:22.0968 0x12f4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:22:22.0984 0x12f4  Netlogon - ok
11:22:23.0062 0x12f4  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
11:22:23.0109 0x12f4  Netman - ok
11:22:23.0156 0x12f4  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:22:23.0265 0x12f4  NetTcpPortSharing - ok
11:22:23.0328 0x12f4  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:22:23.0406 0x12f4  Nla - ok
11:22:23.0453 0x12f4  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:22:23.0468 0x12f4  Npfs - ok
11:22:23.0546 0x12f4  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:22:23.0593 0x12f4  Ntfs - ok
11:22:23.0609 0x12f4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:22:23.0609 0x12f4  NtLmSsp - ok
11:22:23.0890 0x12f4  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:22:24.0000 0x12f4  NtmsSvc - ok
11:22:24.0031 0x12f4  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:22:24.0125 0x12f4  Null - ok
11:22:24.0187 0x12f4  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:22:24.0218 0x12f4  NwlnkFlt - ok
11:22:24.0281 0x12f4  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:22:24.0312 0x12f4  NwlnkFwd - ok
11:22:24.0343 0x12f4  [ CEC7E2C6C1FA00C7AB2F5434F848AE51, 399CF962689652F6B3906F40D20EE7BBDA856CD56031A65C5A1E8718016FCE90 ] OMCI            C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
11:22:24.0546 0x12f4  OMCI - ok
11:22:24.0625 0x12f4  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:22:24.0796 0x12f4  ose - ok
11:22:24.0843 0x12f4  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:22:24.0859 0x12f4  Parport - ok
11:22:24.0875 0x12f4  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:22:24.0890 0x12f4  PartMgr - ok
11:22:24.0921 0x12f4  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:22:24.0937 0x12f4  ParVdm - ok
11:22:24.0968 0x12f4  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:22:24.0968 0x12f4  PCI - ok
11:22:24.0984 0x12f4  PCIDump - ok
11:22:25.0000 0x12f4  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:22:25.0000 0x12f4  PCIIde - ok
11:22:25.0109 0x12f4  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:22:25.0125 0x12f4  Pcmcia - ok
11:22:25.0140 0x12f4  PDCOMP - ok
11:22:25.0156 0x12f4  PDFRAME - ok
11:22:25.0187 0x12f4  PDRELI - ok
11:22:25.0203 0x12f4  PDRFRAME - ok
11:22:25.0234 0x12f4  perc2 - ok
11:22:25.0250 0x12f4  perc2hib - ok
11:22:25.0359 0x12f4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
11:22:25.0359 0x12f4  PlugPlay - ok
11:22:25.0375 0x12f4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\System32\lsass.exe
11:22:25.0375 0x12f4  PolicyAgent - ok
11:22:25.0421 0x12f4  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:22:25.0421 0x12f4  PptpMiniport - ok
11:22:25.0437 0x12f4  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
11:22:25.0453 0x12f4  Processor - ok
11:22:25.0468 0x12f4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:22:25.0484 0x12f4  ProtectedStorage - ok
11:22:25.0500 0x12f4  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:22:25.0515 0x12f4  PSched - ok
11:22:25.0546 0x12f4  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:22:25.0546 0x12f4  Ptilink - ok
11:22:25.0562 0x12f4  ql1080 - ok
11:22:25.0593 0x12f4  Ql10wnt - ok
11:22:25.0625 0x12f4  ql12160 - ok
11:22:25.0656 0x12f4  ql1240 - ok
11:22:25.0671 0x12f4  ql1280 - ok
11:22:25.0718 0x12f4  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:22:25.0750 0x12f4  RasAcd - ok
11:22:25.0859 0x12f4  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:22:25.0890 0x12f4  RasAuto - ok
11:22:25.0937 0x12f4  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:22:25.0953 0x12f4  Rasl2tp - ok
11:22:26.0125 0x12f4  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:22:26.0203 0x12f4  RasMan - ok
11:22:26.0218 0x12f4  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:22:26.0234 0x12f4  RasPppoe - ok
11:22:26.0265 0x12f4  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:22:26.0265 0x12f4  Raspti - ok
11:22:26.0343 0x12f4  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:22:26.0375 0x12f4  Rdbss - ok
11:22:26.0375 0x12f4  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:22:26.0421 0x12f4  RDPCDD - ok
11:22:26.0484 0x12f4  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:22:26.0531 0x12f4  rdpdr - ok
11:22:26.0593 0x12f4  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:22:26.0625 0x12f4  RDPWD - ok
11:22:26.0765 0x12f4  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:22:26.0843 0x12f4  RDSessMgr - ok
11:22:26.0937 0x12f4  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
11:22:27.0156 0x12f4  RealNetworks Downloader Resolver Service - ok
11:22:27.0187 0x12f4  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:22:27.0234 0x12f4  redbook - ok
11:22:27.0296 0x12f4  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:22:27.0296 0x12f4  RemoteAccess - ok
11:22:27.0343 0x12f4  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:22:27.0343 0x12f4  RemoteRegistry - ok
11:22:27.0390 0x12f4  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:22:27.0406 0x12f4  RpcLocator - ok
11:22:27.0484 0x12f4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:22:27.0500 0x12f4  RpcSs - ok
11:22:27.0562 0x12f4  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\System32\rsvp.exe
11:22:27.0609 0x12f4  RSVP - ok
11:22:27.0703 0x12f4  [ 3529828EC571FB2F64F6B142F9109993, 71C58DFA51A71A824C4AAC473397B456437D0A3DC9D994B6B37E80B7E4DEC830 ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
11:22:27.0953 0x12f4  RTL8023xp - ok
11:22:27.0984 0x12f4  [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
11:22:28.0015 0x12f4  rtl8139 - ok
11:22:28.0015 0x12f4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:22:28.0031 0x12f4  SamSs - ok
11:22:29.0500 0x12f4  [ 2B6A9111B4C48E44692CB9ADD30629A5, A8D7DB4552B4446857F3A3C09B6B39E1CC33732DBC69140EEA184C4911B285B8 ] SBAMSvc         C:\Program Files\VIPRE\SBAMSvc.exe
11:22:30.0890 0x12f4  SBAMSvc - ok
11:22:30.0937 0x12f4  [ 22B224AB09F7756EE84219BE38A4A6D5, D597F6AA84CD9D5F7246B99F3A008CACF1637B9A88D089787D67BA01BE3D8757 ] sbaphd          C:\WINDOWS\system32\drivers\sbaphd.sys
11:22:31.0015 0x12f4  sbaphd - ok
11:22:31.0125 0x12f4  [ 56A449846631A90ACD4C585ADCDAF30F, B4EE9BB2D53190AEA57B7F53807EAEF1EC022BA430DC0A13299415158ADE6148 ] sbapifs         C:\WINDOWS\system32\drivers\sbapifs.sys
11:22:31.0140 0x12f4  sbapifs - ok
11:22:31.0203 0x12f4  [ E3A663DA49929A172C4A70DEEB63F364, 07ACD7E9E5A69854184515CB99B5C20D6E8D3DE57EFE02FF843E67BE37B43BA7 ] SbFw            C:\WINDOWS\system32\drivers\SbFw.sys
11:22:31.0265 0x12f4  SbFw - ok
11:22:31.0296 0x12f4  [ 1B4ACDDFE18B30C51F624734B1D98F3A, 027469BBD031530FB6D0C98F3497809736022F1E1D23A5CB0154E27911113B2C ] SBFWIMCL        C:\WINDOWS\system32\DRIVERS\sbfwim.sys
11:22:31.0359 0x12f4  SBFWIMCL - ok
11:22:31.0375 0x12f4  [ 1B4ACDDFE18B30C51F624734B1D98F3A, 027469BBD031530FB6D0C98F3497809736022F1E1D23A5CB0154E27911113B2C ] SBFWIMCLMP      C:\WINDOWS\system32\DRIVERS\SBFWIM.sys
11:22:31.0375 0x12f4  SBFWIMCLMP - ok
11:22:31.0421 0x12f4  [ DA12CD4CC9F5894C1627D4F5F6EB23C2, F9FE006256CF61F9DC7F568C9A6FC037B7A82A6E79741ECD19C6FAE3531E5BF4 ] sbhips          C:\WINDOWS\system32\drivers\sbhips.sys
11:22:31.0500 0x12f4  sbhips - ok
11:22:31.0578 0x12f4  [ 8B90AEC3A3F0D0373CBB76EE38FD5FDE, E4A65FCBEA1BD91DE474E64F409EDC27AFC1AAFA98DF9B55C88F3859F298DA8B ] SBPIMSvc        C:\Program Files\VIPRE\SBPIMSvc.exe
11:22:32.0000 0x12f4  SBPIMSvc - ok
11:22:32.0187 0x12f4  [ E6B0078DD3243517D287AD603D9D530F, 86F35ED28870505A3B3AAF5BE482AD29519EE765F164F312D6115442F4B12F37 ] sbtis           C:\WINDOWS\system32\drivers\sbtis.sys
11:22:32.0343 0x12f4  sbtis - ok
11:22:32.0390 0x12f4  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:22:32.0421 0x12f4  SCardSvr - ok
11:22:32.0515 0x12f4  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:22:32.0593 0x12f4  Schedule - ok
11:22:32.0671 0x12f4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:22:33.0015 0x12f4  Secdrv - ok
11:22:33.0140 0x12f4  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:22:33.0437 0x12f4  seclogon - ok
11:22:33.0515 0x12f4  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
11:22:33.0578 0x12f4  SENS - ok
11:22:33.0609 0x12f4  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:22:33.0640 0x12f4  serenum - ok
11:22:33.0687 0x12f4  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:22:33.0921 0x12f4  Serial - ok
11:22:34.0046 0x12f4  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:22:34.0125 0x12f4  Sfloppy - ok
11:22:34.0328 0x12f4  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:22:34.0453 0x12f4  SharedAccess - ok
11:22:34.0609 0x12f4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:22:34.0609 0x12f4  ShellHWDetection - ok
11:22:34.0640 0x12f4  Simbad - ok
11:22:36.0578 0x12f4  [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:22:37.0609 0x12f4  Skype C2C Service - ok
11:22:37.0812 0x12f4  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
11:22:37.0843 0x12f4  SkypeUpdate - ok
11:22:37.0953 0x12f4  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:22:37.0984 0x12f4  SLIP - ok
11:22:38.0078 0x12f4  Sparrow - ok
11:22:38.0187 0x12f4  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:22:38.0218 0x12f4  splitter - ok
11:22:38.0265 0x12f4  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:22:38.0296 0x12f4  Spooler - ok
11:22:38.0359 0x12f4  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:22:38.0375 0x12f4  sr - ok
11:22:38.0515 0x12f4  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\System32\srsvc.dll
11:22:39.0437 0x12f4  srservice - ok
11:22:39.0578 0x12f4  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:22:39.0640 0x12f4  Srv - ok
11:22:39.0718 0x12f4  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:22:39.0765 0x12f4  SSDPSRV - ok
11:22:39.0984 0x12f4  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:22:40.0156 0x12f4  stisvc - ok
11:22:40.0187 0x12f4  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:22:40.0203 0x12f4  streamip - ok
11:22:40.0343 0x12f4  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:22:40.0375 0x12f4  swenum - ok
11:22:40.0437 0x12f4  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:22:40.0453 0x12f4  swmidi - ok
11:22:40.0546 0x12f4  SwPrv - ok
11:22:40.0609 0x12f4  symc810 - ok
11:22:40.0671 0x12f4  symc8xx - ok
11:22:40.0687 0x12f4  sym_hi - ok
11:22:40.0718 0x12f4  sym_u3 - ok
11:22:40.0843 0x12f4  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:22:40.0859 0x12f4  sysaudio - ok
11:22:40.0953 0x12f4  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:22:41.0015 0x12f4  SysmonLog - ok
11:22:41.0093 0x12f4  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:22:41.0140 0x12f4  TapiSrv - ok
11:22:41.0265 0x12f4  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:22:41.0343 0x12f4  Tcpip - ok
11:22:41.0375 0x12f4  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:22:41.0390 0x12f4  TDPIPE - ok
11:22:41.0437 0x12f4  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:22:41.0468 0x12f4  TDTCP - ok
11:22:41.0500 0x12f4  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:22:41.0500 0x12f4  TermDD - ok
11:22:41.0671 0x12f4  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
11:22:41.0828 0x12f4  TermService - ok
11:22:41.0890 0x12f4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:22:41.0906 0x12f4  Themes - ok
11:22:41.0968 0x12f4  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
11:22:42.0000 0x12f4  TlntSvr - ok
11:22:42.0031 0x12f4  TosIde - ok
11:22:42.0171 0x12f4  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:22:42.0187 0x12f4  TrkWks - ok
11:22:42.0265 0x12f4  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:22:42.0375 0x12f4  Udfs - ok
11:22:42.0687 0x12f4  ultra - ok
11:22:42.0859 0x12f4  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:22:42.0921 0x12f4  Update - ok
11:22:42.0984 0x12f4  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:22:43.0015 0x12f4  upnphost - ok
11:22:43.0062 0x12f4  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
11:22:43.0078 0x12f4  UPS - ok
11:22:43.0093 0x12f4  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
11:22:43.0109 0x12f4  usbaudio - ok
11:22:43.0125 0x12f4  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:22:43.0125 0x12f4  usbccgp - ok
11:22:43.0171 0x12f4  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:22:43.0187 0x12f4  usbehci - ok
11:22:43.0218 0x12f4  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:22:43.0250 0x12f4  usbhub - ok
11:22:43.0281 0x12f4  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:22:43.0296 0x12f4  usbprint - ok
11:22:43.0328 0x12f4  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:22:43.0328 0x12f4  usbscan - ok
11:22:43.0390 0x12f4  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:22:43.0406 0x12f4  USBSTOR - ok
11:22:43.0437 0x12f4  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:22:43.0437 0x12f4  usbuhci - ok
11:22:43.0468 0x12f4  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
11:22:43.0484 0x12f4  usbvideo - ok
11:22:43.0515 0x12f4  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:22:43.0515 0x12f4  VgaSave - ok
11:22:43.0562 0x12f4  ViaIde - ok
11:22:43.0593 0x12f4  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:22:43.0593 0x12f4  VolSnap - ok
11:22:43.0781 0x12f4  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
11:22:43.0859 0x12f4  VSS - ok
11:22:44.0000 0x12f4  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\System32\w32time.dll
11:22:44.0031 0x12f4  W32Time - ok
11:22:44.0078 0x12f4  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:22:44.0093 0x12f4  Wanarp - ok
11:22:44.0171 0x12f4  WDICA - ok
11:22:44.0218 0x12f4  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:22:44.0234 0x12f4  wdmaud - ok
11:22:44.0343 0x12f4  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:22:44.0359 0x12f4  WebClient - ok
11:22:44.0515 0x12f4  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:22:44.0640 0x12f4  winmgmt - ok
11:22:45.0234 0x12f4  [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
11:22:45.0484 0x12f4  WinRM - ok
11:22:45.0562 0x12f4  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
11:22:45.0609 0x12f4  WmdmPmSN - ok
11:22:45.0859 0x12f4  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
11:22:46.0015 0x12f4  Wmi - ok
11:22:46.0109 0x12f4  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
11:22:46.0140 0x12f4  WmiApSrv - ok
11:22:46.0500 0x12f4  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
11:22:46.0984 0x12f4  WMPNetworkSvc - ok
11:22:47.0296 0x12f4  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:22:47.0390 0x12f4  WPFFontCache_v0400 - ok
11:22:47.0421 0x12f4  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:22:47.0437 0x12f4  wscsvc - ok
11:22:47.0437 0x12f4  WSearch - ok
11:22:47.0484 0x12f4  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:22:47.0500 0x12f4  WSTCODEC - ok
11:22:47.0515 0x12f4  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:22:47.0515 0x12f4  wuauserv - ok
11:22:47.0546 0x12f4  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:22:47.0703 0x12f4  WudfPf - ok
11:22:47.0812 0x12f4  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:22:48.0031 0x12f4  WudfRd - ok
11:22:48.0078 0x12f4  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
11:22:48.0078 0x12f4  WudfSvc - ok
11:22:48.0156 0x12f4  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:22:48.0234 0x12f4  WZCSVC - ok
11:22:48.0312 0x12f4  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:22:48.0328 0x12f4  xmlprov - ok
11:22:48.0406 0x12f4  ================ Scan global ===============================
11:22:48.0437 0x12f4  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
11:22:48.0515 0x12f4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:22:48.0609 0x12f4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:22:48.0640 0x12f4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
11:22:48.0656 0x12f4  [ Global ] - ok
11:22:48.0656 0x12f4  ================ Scan MBR ==================================
11:22:48.0687 0x12f4  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:22:49.0406 0x12f4  \Device\Harddisk0\DR0 - ok
11:22:49.0406 0x12f4  ================ Scan VBR ==================================
11:22:49.0406 0x12f4  [ 2305342DEEEE998C76CD3B81C693DD96 ] \Device\Harddisk0\DR0\Partition1
11:22:49.0437 0x12f4  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
11:22:49.0437 0x12f4  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
11:22:52.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:22:53.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:22:54.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:22:55.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:22:56.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:22:57.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:22:58.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:22:59.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:23:00.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:23:01.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:23:02.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:23:03.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:23:04.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:23:05.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:23:06.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:23:07.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:23:08.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:23:09.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:23:10.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:23:11.0031 0x12f4  Waiting for KSN requests completion. In queue: 58
11:23:12.0921 0x12f4  AV detected via SS1: ThreatTrack Security VIPRE, 7.0.6.2, enabled, updated
11:23:12.0953 0x12f4  FW detected via SS1: ThreatTrack Security VIPRE, 7.0.6.2, enabled
11:23:15.0593 0x12f4  ============================================================
11:23:15.0593 0x12f4  Scan finished
11:23:15.0593 0x12f4  ============================================================
11:23:15.0640 0x131c  Detected object count: 1
11:23:15.0640 0x131c  Actual detected object count: 1
11:23:37.0718 0x131c  \Device\Harddisk0\DR0\Partition1 - copied to quarantine
11:23:37.0953 0x131c  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
11:23:37.0984 0x131c  \Device\Harddisk0\DR0\Partition1 - ok
11:23:37.0984 0x131c  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
11:23:42.0484 0x131c  KLMD registered as C:\WINDOWS\system32\drivers\25885669.sys
 



#6 ralph4

ralph4
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 19 April 2014 - 10:39 AM

well I have good news after running TDSSKILLER that seems to have stoped the internet iexplorer.exe and thank god for that to those damn application error box's that kept poping up were about to give me a hand ache. anyway stay tuned i got 2 more scan logs and i'll keep you posted on how my system is running after the scan logs are posted here anyway thank you for your help so far i've trying to find this catch this pain in the neck malware for almost a week.



#7 ralph4

ralph4
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 19 April 2014 - 10:44 AM

here's the report from RKILL

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/19/2014 11:40:44 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * C:\WINDOWS\System32\drivers\mqac.sys : 91,776 : 06/22/2009 07:48 AM : eee50bf24caeedb515a8f3b22756d3bb [NoSig]
 +-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 07:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
 +-> C:\WINDOWS\$NtServicePackUninstall$\mqac.sys : 72,960 : 08/04/2004 01:58 AM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
 +-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72,960 : 08/04/2004 01:58 AM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 02:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
 +-> C:\WINDOWS\SoftwareDistribution\Download\bdc721baeee8bba4d985bebe7bf57f8b\sp1qfe\ip\mqac.sys : 67,456 : 03/22/2005 08:55 PM : e3ad46935f5da5197edd54440aa31ea2 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 07:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 04/19/2014 11:42:06 AM
Execution time: 0 hours(s), 1 minute(s), and 21 seconds(s)



#8 ralph4

ralph4
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 19 April 2014 - 10:56 AM

Adwcleaner scan results

 

# AdwCleaner v3.024 - Report created 19/04/2014 at 11:48:14
# Updated 18/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Ralph Gnann - SERVER
# Running from : C:\Documents and Settings\Ralph Gnann\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\Vuze
Folder Deleted : C:\DOCUME~1\RALPHG~1\LOCALS~1\Temp\apn
Folder Deleted : C:\DOCUME~1\RALPHG~1\LOCALS~1\Temp\boost_interprocess
Folder Deleted : C:\Documents and Settings\Ralph Gnann\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Ralph Gnann\Application Data\Search Protection
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2642709
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Vuze\Azureus.exe]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\Ralph Gnann\Application Data\Mozilla\Firefox\Profiles\tnxjm729.default-1397767492015\prefs.js ]

Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1397771325528");

-\\ Google Chrome v34.0.1847.116

[ File : C:\Documents and Settings\Ralph Gnann\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3710 octets] - [19/04/2014 11:45:18]
AdwCleaner[S0].txt - [3465 octets] - [19/04/2014 11:48:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3525 octets] ##########
 



#9 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,568 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 19 April 2014 - 07:38 PM

Please run a free online scan with the ESET Online Scanner

    Disable your antivirus program
    Click on "Run ESET Online Scanner" button.
    Tick the box next to YES, I accept the Terms of Use
    Click Start
    Accept any security warnings from your browser.
    Check Scan archives
    Click Start
    ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    When the scan completes, click on List of found threats
    Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.


Condobloke

Outback Australian  

 

fed up with Windows antics...??

 

LINUX IS THE ANSWER

 

I USE LINUX MINT EXCLUSIVELY... NO DUAL BOOT, NO VIRTUAL MACHINE

 

 

 Failure is not an option. It comes bundled with your Microsoft product.

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users