Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ronvix Rootkit Detected


  • This topic is locked This topic is locked
29 replies to this topic

#1 riley45

riley45

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 12 June 2014 - 11:38 PM

I have a 32 bit Windows XP Home Edition PC.  On Wednesday 6/11/2014 at about 9:20 p.m., I was working on my PC when my antivirus software Microsoft Security Essentials (MSE) detected a malicious file.  MSE cleaned my PC and then prompted to delete the file which I did.  The name of the file was Exploit:Win32/ShellCode:A.

 

I subsequently scanned my PC with Malwarebytes.  The Malwarebytes scan found one malicious file which I deleted when prompted.  The log of the Malwarebytes scan is shown below:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.06.12.03

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Owner :: KEN [administrator]

6/11/2014 22:49:09
mbam-log-2014-06-11 (22-49-09).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359564
Time elapsed: 2 hour(s), 26 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Owner\Local Settings\temp\UpdateFlashPlayer_2ef15b2a.exe (Trojan.Inject) -> Quarantined and deleted successfully.

(end)

 

On Thursday 6/12/2014, I ran a Super Antispyware Free Edition scan which found no malicious files.  I then ran an MSE quick scan which found the following two threats: 

 

Virus:DOS/Ronvix.W              boot:\\.\PHYSICALDRIVE\Partition0 (NTFS)

Virus:Win32/Ronvix.gen!B     rootkit:Ronvix->Vbr::Ronvix

 

When prompted on whether I want to remove these threats, I answered yes, but MSE told me that in order to clean my computer completely I need to download and run Microsoft Offline Defender.  I followed the instructions to download the Microsoft Offline Defender software, but when I attempted to run it I was told that I do not have the necessary system requirements.  Apparently, Microsoft Offline Defender can no longer be run on PC's with XP operating systems.

 

In light of this problem, I need assistance on how to completely remove the malware on my PC.

 

Thank you.

Attached Files


Edited by riley45, 12 June 2014 - 11:44 PM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:47 AM

Posted 13 June 2014 - 03:53 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 riley45

riley45
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 13 June 2014 - 03:20 PM

I ran the Farbar Recovery Scan Tool.  The contents of the FRST.txt and Addition.txt files are shown below.

 

I also ran TDSSKiller.  Three threats were found.  The log from this scan is attached to this post.

 

Thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:12-06-2014 02
Ran by Owner (administrator) on KEN on 13-06-2014 15:15:07
Running from C:\Documents and Settings\Owner\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(America Online, Inc.) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-14] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2005-05-11] (Apple Computer, Inc.)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2013-05-26] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxsrvc.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-1704833363-758890274-2038612096-1003\...\Run: [Google Update] => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-09-08] (Google Inc.)
HKU\S-1-5-21-1704833363-758890274-2038612096-1003\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe [706776 2013-04-01] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} http://usfulfillment.puretracks.com/onager.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www2.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://incommsolutions.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc.cab
DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} http://entimg.msn.com/client/msnmusax3606.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\48ppap2b.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\48ppap2b.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-05-27]
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-05-26]
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-05-26]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: babylon.com
CHR DefaultSearchProvider: Search the web (Babylon)
CHR DefaultSearchURL: http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101385&mntrId=a846c63d0000000000000002dd43387f&tt=090212_ctrl
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (RealDownloader) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-29]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [1135728 2011-09-24] (America Online, Inc.) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [402432 2009-02-09] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53337 2005-11-24] (Sony Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53337 2005-11-24] (Sony Corporation) [File not signed]
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [176128 2011-09-24] (New Boundary Technologies, Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [402432 2009-02-09] (Microsoft Corporation) [File not signed]
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69718 2005-11-24] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [69632 2006-01-06] (Sony Corporation) [File not signed]
S2 ctdvda2k; %systemroot%\system32\mpfservice.dll [X]
S2 CTEXFIFX.DLL; %systemroot%\system32\ctprxy2k.dll [X]
S2 driverhardwarev2; %systemroot%\system32\avinitnt.dll [X]
S2 hclinetd; %systemroot%\system32\audstub.dll [X]
S2 int15; %systemroot%\system32\pensup.dll [X]
S2 iomegaaccess; %systemroot%\system32\zebrbus.dll [X]
S2 lmouflt2; %systemroot%\system32\p2pimsvc.dll [X]
S2 mclserviceatl; %systemroot%\system32\vvoice.dll [X]
S2 mctskshd.exe; %systemroot%\system32\DcLps.dll [X]
S2 MKEMUSB; %systemroot%\system32\pnkbstra.dll [X]
S2 nnsvc; %systemroot%\system32\vmware.dll [X]
S2 nuvvid2; %systemroot%\system32\kodakccs.dll [X]
S2 olregcap; %systemroot%\system32\HssDrv.dll [X]
S2 RDID1007; %systemroot%\system32\EL90X.dll [X]
S2 s116bus; %systemroot%\system32\tsp.dll [X]
S2 SeaPort; %systemroot%\system32\ALABULK.dll [X]
S2 sfsync04; %systemroot%\system32\CVPNDRVA.dll [X]
S2 sprtsvc_dellsupportcenter; %systemroot%\system32\vulfnths.dll [X]
S2 sysdown; %systemroot%\system32\plugplay.dll [X]
S2 tsmservice; %systemroot%\system32\vaiomediaplatform-integratedserver-http.dll [X]

==================== Drivers (Whitelisted) ====================

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-18] (Microsoft Corporation)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2317504 2005-04-19] (Realtek Semiconductor Corp.)
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [44288 2005-09-07] (Sonic Solutions) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [24960 2005-09-07] (Sonic Solutions) [File not signed]
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SS1022; C:\WINDOWS\System32\DRIVERS\SSUSBN51.sys [588160 2002-06-21] (Siemens) [File not signed]
R3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [36804 2004-11-15] (Alcor Micro Corp.) [File not signed]
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S2 EBPYWGVK; \??\C:\WINDOWS\system32\ebpywgvk.agr [X]
S1 leqpktih; \??\C:\WINDOWS\system32\drivers\leqpktih.sys [X]
S3 MFE_RR; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mfe_rr.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

NETSVC: int15 -> C:\Windows\system32\pensup.dll ==> No File.
NETSVC: iomegaaccess -> C:\Windows\system32\zebrbus.dll ==> No File.
NETSVC: nnsvc -> C:\Windows\system32\vmware.dll ==> No File.
NETSVC: sprtsvc_dellsupportcenter -> C:\Windows\system32\vulfnths.dll ==> No File.
NETSVC: olregcap -> C:\Windows\system32\HssDrv.dll ==> No File.
NETSVC: mctskshd.exe -> C:\Windows\system32\DcLps.dll ==> No File.
NETSVC: tsmservice -> C:\Windows\system32\vaiomediaplatform-integratedserver-http.dll ==> No File.
NETSVC: nuvvid2 -> C:\Windows\system32\kodakccs.dll ==> No File.
NETSVC: sfsync04 -> C:\Windows\system32\CVPNDRVA.dll ==> No File.
NETSVC: mclserviceatl -> C:\Windows\system32\vvoice.dll ==> No File.
NETSVC: SeaPort -> C:\Windows\system32\ALABULK.dll ==> No File.
NETSVC: MKEMUSB -> C:\Windows\system32\pnkbstra.dll ==> No File.
NETSVC: hclinetd -> C:\Windows\system32\audstub.dll ==> No File.
NETSVC: CTEXFIFX.DLL -> C:\Windows\system32\ctprxy2k.dll ==> No File.
NETSVC: lmouflt2 -> C:\Windows\system32\p2pimsvc.dll ==> No File.
NETSVC: sysdown -> C:\Windows\system32\plugplay.dll ==> No File.
NETSVC: ctdvda2k -> C:\Windows\system32\mpfservice.dll ==> No File.
NETSVC: s116bus -> C:\Windows\system32\tsp.dll ==> No File.
NETSVC: driverhardwarev2 -> C:\Windows\system32\avinitnt.dll ==> No File.
NETSVC: RDID1007 -> C:\Windows\system32\EL90X.dll ==> No File.

==================== One Month Created Files and Folders ========

2014-06-13 15:15 - 2014-06-13 15:18 - 00019601 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-06-13 15:12 - 2014-06-13 15:16 - 00000000 ____D () C:\FRST
2014-06-13 15:10 - 2014-06-13 15:10 - 01073152 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-06-12 23:59 - 2014-06-13 00:42 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Rovnix 6-2014
2014-06-12 23:55 - 2014-06-12 23:56 - 00688992 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\dds.com
2014-06-11 22:39 - 2014-06-11 22:39 - 00000000 __SHD () C:\found.002
2014-06-11 20:34 - 2014-06-11 20:35 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Ali Skinder
2014-06-11 12:54 - 2014-06-11 22:15 - 00016896 _____ () C:\Documents and Settings\Owner\My Documents\LHS AP Calculus Statistics Summer Assignemnts.wps
2014-05-21 00:42 - 2014-06-13 14:59 - 00000300 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
2014-05-21 00:42 - 2014-06-11 09:02 - 00000308 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
2014-05-21 00:41 - 2014-06-10 00:41 - 00000326 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
2014-05-15 22:50 - 2014-05-15 22:50 - 00025798 _____ () C:\Documents and Settings\Owner\My Documents\103s14GeneralSyllabus.zip
2014-05-15 22:50 - 2014-05-15 22:50 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\103s14GeneralSyllabus

==================== One Month Modified Files and Folders =======

2014-06-13 15:19 - 2013-01-24 10:21 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\temp
2014-06-13 15:18 - 2014-06-13 15:15 - 00019601 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-06-13 15:16 - 2014-06-13 15:12 - 00000000 ____D () C:\FRST
2014-06-13 15:14 - 2010-01-31 19:59 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 15:11 - 2014-02-11 21:40 - 00000072 _____ () C:\WINDOWS\system32\pgsz.txl
2014-06-13 15:10 - 2014-06-13 15:10 - 01073152 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-06-13 15:10 - 2014-04-02 20:00 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-06-13 15:02 - 2011-09-24 11:46 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{C6EF6733-F01A-486F-B22E-DC9407039ED5}.job
2014-06-13 15:00 - 2014-04-17 14:01 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
2014-06-13 15:00 - 2013-05-26 17:29 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
2014-06-13 15:00 - 2013-04-08 12:22 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-13 15:00 - 2005-03-23 14:11 - 01226489 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-13 14:59 - 2014-05-21 00:42 - 00000300 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
2014-06-13 14:59 - 2012-11-03 21:04 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-06-13 14:59 - 2012-11-03 21:04 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-13 14:59 - 2010-01-31 19:59 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 14:59 - 2005-03-23 14:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-13 01:36 - 2005-03-23 14:18 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-06-13 00:42 - 2014-06-12 23:59 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Rovnix 6-2014
2014-06-13 00:05 - 2012-11-11 20:29 - 00001047 _____ () C:\Documents and Settings\Owner\Desktop\attach.txt
2014-06-12 23:56 - 2014-06-12 23:55 - 00688992 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\dds.com
2014-06-12 23:33 - 2005-03-23 14:17 - 00032576 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-12 23:29 - 2011-09-29 09:56 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-06-12 22:52 - 2011-09-24 19:20 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1704833363-758890274-2038612096-1003UA.job
2014-06-12 22:07 - 2010-08-31 23:21 - 00000000 ____D () C:\Program Files\Talmud Master
2014-06-12 21:03 - 2013-01-24 10:21 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-06-12 02:58 - 2005-10-01 18:42 - 00000000 ____D () C:\Bridge Base Online
2014-06-12 02:37 - 2011-10-01 21:06 - 00630438 _____ () C:\WINDOWS\setupapi.log
2014-06-12 02:11 - 2005-03-23 05:54 - 00000000 ____D () C:\WINDOWS\Help
2014-06-12 01:32 - 2013-11-01 15:59 - 00002253 _____ () C:\Documents and Settings\All Users\Desktop\GPower 3.1.lnk
2014-06-12 01:19 - 2011-09-24 22:36 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-06-11 23:50 - 2006-02-12 12:53 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Taxes
2014-06-11 23:50 - 2005-09-04 17:05 - 00049034 _____ () C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2014-06-11 22:39 - 2014-06-11 22:39 - 00000000 __SHD () C:\found.002
2014-06-11 22:15 - 2014-06-11 12:54 - 00016896 _____ () C:\Documents and Settings\Owner\My Documents\LHS AP Calculus Statistics Summer Assignemnts.wps
2014-06-11 20:37 - 2013-07-30 11:36 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-11 20:35 - 2014-06-11 20:34 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Ali Skinder
2014-06-11 20:23 - 2005-09-13 14:38 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-11 09:52 - 2011-09-24 19:20 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1704833363-758890274-2038612096-1003Core.job
2014-06-11 09:02 - 2014-05-21 00:42 - 00000308 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
2014-06-10 22:18 - 2007-04-07 13:42 - 00000426 _____ () C:\WINDOWS\BRWMARK.INI
2014-06-10 16:34 - 2009-10-31 01:14 - 00062464 _____ () C:\Documents and Settings\Owner\My Documents\Tutoring Clients.xlr
2014-06-10 15:59 - 2011-09-24 19:22 - 00002284 _____ () C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
2014-06-10 00:41 - 2014-05-21 00:41 - 00000326 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
2014-06-09 14:07 - 2011-04-13 21:19 - 00002391 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2014-06-07 20:44 - 2010-06-17 01:21 - 00022528 _____ () C:\Documents and Settings\Owner\My Documents\Tutoring Income.xlr
2014-06-06 20:25 - 2013-05-02 16:34 - 00018944 _____ () C:\Documents and Settings\Owner\My Documents\USAA Gibraltar IRAs Al.xlr
2014-06-05 21:16 - 2005-09-14 15:55 - 00163840 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-29 23:49 - 2014-04-21 16:15 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Danielle Sammarone
2014-05-23 17:32 - 2005-09-25 13:55 - 00000049 _____ () C:\WINDOWS\NeroDigital.ini
2014-05-22 20:29 - 2012-12-05 22:37 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\PhyllisDeAngelis
2014-05-15 22:50 - 2014-05-15 22:50 - 00025798 _____ () C:\Documents and Settings\Owner\My Documents\103s14GeneralSyllabus.zip
2014-05-15 22:50 - 2014-05-15 22:50 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\103s14GeneralSyllabus

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\temp\lowproc.exe
C:\Documents and Settings\Owner\Local Settings\temp\stubhelper.dll
C:\Documents and Settings\Owner\Local Settings\temp\VSUSetup.exe
C:\Documents and Settings\Owner\Local Settings\temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll
[2005-03-23 12:52] - [2009-02-09 08:10] - 0402432 ____A (Microsoft Corporation) 7f19cb9cfaee15d80107a795f83f9eca

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:12-06-2014 02
Ran by Owner at 2014-06-13 15:26:15
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

7-Zip 4.57 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Reader 7.0.5 Language Support (HKLM\...\{AC76BA86-7AD7-5464-3428-7050000000A7}) (Version: 7.0.5 - Adobe Systems)
Adobe Reader 7.0.9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70900000002}) (Version: 7.0.9 - Adobe Systems Incorporated)
America Online (Choose which version to remove) (HKLM\...\America Online us) (Version:  - )
AOL Coach Version 1.0(Build:20040229.1 en) (HKLM\...\AOLCoach) (Version:  - )
AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version:  - )
AOL Spyware Protection (HKLM\...\AOL Spyware Protection) (Version: 1.0.66 - AOL Spyware Protection)
AOL Toolbar (HKLM\...\AOL Toolbar) (Version:  - )
AOL You've Got Pictures Screensaver (HKLM\...\AOL YGP Screensaver) (Version:  - )
Auslogics BoostSpeed (HKLM\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: version 4.5 - Auslogics Software Pty Ltd)
Bridge Base Online (HKLM\...\Bridge_Base_Online) (Version:  - )
Brother HL-2040 (HKLM\...\{0DBC256E-7D70-4CBD-AAA9-07D3C8CC0213}) (Version: 1.00 - Brother)
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Citrix ICA Web Client (HKLM\...\Citrix ICA Web Client) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Digital Media Reader (HKLM\...\InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}) (Version: 1.10 - )
Digital Media Reader (Version: 1.10 - ) Hidden
G*Power 3.1.7 (HKLM\...\{80A4F598-7460-41BC-AC15-B7E4545838E4}) (Version: 3.1.7 - Franz Faul, Uni Kiel, Germany)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKCU\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Money 2005 (HKLM\...\Money2005b) (Version: 14 - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version:  - )
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Napster (HKLM\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 3.6.0.7 - Napster)
Napster Burn Engine (Version: 2.5.0000 - Roxio) Hidden
Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version:  - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
OpenMG Limited Patch 4.4-06-13-19-01 (HKLM\...\OpenMG HotFix4.4-05-12-06-01) (Version:  - )
OpenMG Secure Module 4.4.00 (HKLM\...\InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}) (Version: 4.4.00.11241 - Sony Corporation)
OpenMG Secure Module 4.4.00 (Version: 4.4.00.11241 - Sony Corporation) Hidden
OSAM: Autorun Manager (HKLM\...\{EF63577B-0CF5-4865-9B61-28B3250D6A17}) (Version: 4.0.0.7584 - Online Solutions)
PassAlong Software (HKLM\...\{AC4732F4-665D-4E6B-8E50-74D6B6FBE5A9}) (Version: 2.0.04 - Passalong Music Store)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
Pure Networks Port Magic (HKLM\...\Port Magic) (Version: 1.2.1393.0 - Pure Networks)
QuickTime (HKLM\...\QuickTime) (Version:  - )
RealDownloader (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Software Suite eMachines (HKLM\...\{15377C3E-9655-400F-B441-E69F0A6BEAFE}) (Version: 1.00.0000 - eMachines)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Siemens SpeedStream Wireless USB (HKLM\...\{5152B2CC-CF88-49C5-9A19-BDFC93BBA23B}) (Version:  - )
SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1) (Version:  - )
SonicStage 3.4 (HKLM\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 3.4 - Sony Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1128 - SUPERAntiSpyware.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB980182) (Version: 1 - Microsoft Corporation) Hidden
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2012-11-10 17:30 - 2011-11-19 21:47 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1704833363-758890274-2038612096-1003Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1704833363-758890274-2038612096-1003UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1704833363-758890274-2038612096-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1704833363-758890274-2038612096-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{C6EF6733-F01A-486F-B22E-DC9407039ED5}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS\$NtUninstallKB3499$:SummaryInformation
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB62036$:SummaryInformation

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Siemens SpeedStream Wireless USB.lnk => C:\WINDOWS\pss\Siemens SpeedStream Wireless USB.lnkCommon Startup
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
MSCONFIG\startupreg: updateMgr => "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2014 11:29:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/12/2014 11:14:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/12/2014 11:14:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/12/2014 10:52:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application msseces.exe, version 4.5.216.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/12/2014 10:52:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application msseces.exe, version 4.5.216.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/12/2014 10:52:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application msseces.exe, version 4.5.216.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/12/2014 03:12:08 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (06/12/2014 02:52:36 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (06/11/2014 09:43:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/11/2014 09:43:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (06/13/2014 03:10:07 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (06/13/2014 03:00:07 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (06/13/2014 02:59:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Iaimtv1 service terminated with the following error:
%%126

Error: (06/13/2014 02:59:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BcmSqlStartupSvc service terminated with the following error:
%%126

Error: (06/13/2014 02:59:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The EmAudio service terminated with the following error:
%%126

Error: (06/13/2014 02:59:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The VAIOMediaPlatform-VideoServer-UPnP service terminated with the following error:
%%126

Error: (06/13/2014 02:59:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The RTSTOR service terminated with the following error:
%%126

Error: (06/13/2014 02:59:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Tfsnifs service terminated with the following error:
%%126

Error: (06/13/2014 02:59:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Matlabserver service terminated with the following error:
%%126

Error: (06/13/2014 02:59:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Websenseusagemonitor service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================
Error: (06/12/2014 11:29:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/12/2014 11:14:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/12/2014 11:14:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/12/2014 10:52:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: msseces.exe4.5.216.0hungapp0.0.0.000000000

Error: (06/12/2014 10:52:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: msseces.exe4.5.216.0hungapp0.0.0.000000000

Error: (06/12/2014 10:52:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: msseces.exe4.5.216.0hungapp0.0.0.000000000

Error: (06/12/2014 03:12:08 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (06/12/2014 02:52:36 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (06/11/2014 09:43:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/11/2014 09:43:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 1006.63 MB
Available physical RAM: 563.21 MB
Total Pagefile: 2413.01 MB
Available Pagefile: 2046.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:89.86 GB) (Free:33.38 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:3.3 GB) (Free:1.13 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 93 GB) (Disk ID: FC6BA95F)
Partition 1: (Active) - (Size=90 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=3 GB) - (Type=0B)

 

 

 

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:47 AM

Posted 17 June 2014 - 01:51 AM

Fix with TDSS-Killer

Please read and follow these instructions carefully.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • When the scan is finished, select copy to quarantine for the following entries.

    DcomLaunch ( Trojan.Win32.Patched.pj )
    Rootkit.Boot.Cidox.b
    RpcSs ( Trojan.Win32.Patched.pj )
  • Hit continue.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Edited by TB-Psychotic, 17 June 2014 - 01:52 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 riley45

riley45
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 17 June 2014 - 06:52 AM

I ran the TDSSKiller utility and quarantined the three entries that you indicated.  A copy of the contents of the log from this scan is shown below:

 

07:38:15.0812 0x0728  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
07:38:25.0515 0x0728  ============================================================
07:38:25.0515 0x0728  Current date / time: 2014/06/17 07:38:25.0515
07:38:25.0515 0x0728  SystemInfo:
07:38:25.0515 0x0728 
07:38:25.0515 0x0728  OS Version: 5.1.2600 ServicePack: 3.0
07:38:25.0515 0x0728  Product type: Workstation
07:38:25.0515 0x0728  ComputerName: KEN
07:38:25.0515 0x0728  UserName: Owner
07:38:25.0515 0x0728  Windows directory: C:\WINDOWS
07:38:25.0515 0x0728  System windows directory: C:\WINDOWS
07:38:25.0515 0x0728  Processor architecture: Intel x86
07:38:25.0515 0x0728  Number of processors: 1
07:38:25.0515 0x0728  Page size: 0x1000
07:38:25.0515 0x0728  Boot type: Safe boot with network
07:38:25.0515 0x0728  ============================================================
07:38:44.0656 0x0728  KLMD registered as C:\WINDOWS\system32\drivers\68690655.sys
07:38:45.0515 0x0728  System UUID: {F8CC8F0A-49F4-AB2B-F9FA-AA09383FF593}
07:38:47.0781 0x0728  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 ( 93.16 Gb ), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:38:47.0906 0x0728  ============================================================
07:38:47.0906 0x0728  \Device\Harddisk0\DR0:
07:38:47.0906 0x0728  MBR partitions:
07:38:47.0906 0x0728  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x69A6EF, BlocksNum 0xB3B6752
07:38:47.0906 0x0728  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x69A6B0
07:38:47.0906 0x0728  ============================================================
07:38:47.0968 0x0728  C: <-> \Device\Harddisk0\DR0\Partition1
07:38:47.0968 0x0728  D: <-> \Device\Harddisk0\DR0\Partition2
07:38:47.0968 0x0728  ============================================================
07:38:47.0968 0x0728  Initialize success
07:38:47.0968 0x0728  ============================================================
07:38:51.0796 0x05d4  ============================================================
07:38:51.0796 0x05d4  Scan started
07:38:51.0796 0x05d4  Mode: Manual;
07:38:51.0796 0x05d4  ============================================================
07:38:51.0796 0x05d4  KSN ping started
07:38:54.0390 0x05d4  KSN ping finished: true
07:38:55.0281 0x05d4  ================ Scan system memory ========================
07:38:55.0281 0x05d4  System memory - ok
07:38:55.0296 0x05d4  ================ Scan services =============================
07:38:55.0484 0x05d4  [ C0393EB99A6C72C6BEF9BFC4A72B33A6, 72BF029C6A37DE131FFD61C2374C8920556236218613E37B5F348AA89FA12E42 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
07:38:55.0546 0x05d4  !SASCORE - ok
07:38:56.0359 0x05d4  Abiosdsk - ok
07:38:56.0421 0x05d4  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:38:56.0421 0x05d4  abp480n5 - ok
07:38:56.0562 0x05d4  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:38:56.0640 0x05d4  ACPI - ok
07:38:56.0703 0x05d4  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
07:38:56.0703 0x05d4  ACPIEC - ok
07:38:56.0796 0x05d4  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:38:56.0828 0x05d4  adpu160m - ok
07:38:56.0937 0x05d4  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
07:38:56.0984 0x05d4  aec - ok
07:38:57.0093 0x05d4  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
07:38:57.0156 0x05d4  AFD - ok
07:38:57.0234 0x05d4  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
07:38:57.0250 0x05d4  agp440 - ok
07:38:57.0296 0x05d4  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:38:57.0312 0x05d4  agpCPQ - ok
07:38:57.0390 0x05d4  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:38:57.0406 0x05d4  Aha154x - ok
07:38:57.0437 0x05d4  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:38:57.0468 0x05d4  aic78u2 - ok
07:38:57.0531 0x05d4  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:38:57.0546 0x05d4  aic78xx - ok
07:38:58.0421 0x05d4  [ 95AA37BEC6C72C277C2CAEAEE736DD2D, BA02A0B78963E653E219BDD5F7C24FDBC46510DCDE94EBB23A55E6FF5AA27FCD ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
07:38:59.0296 0x05d4  ALCXWDM - ok
07:38:59.0390 0x05d4  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
07:38:59.0406 0x05d4  Alerter - ok
07:38:59.0468 0x05d4  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
07:38:59.0484 0x05d4  ALG - ok
07:38:59.0578 0x05d4  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
07:38:59.0593 0x05d4  AliIde - ok
07:38:59.0656 0x05d4  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:38:59.0671 0x05d4  alim1541 - ok
07:38:59.0734 0x05d4  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:38:59.0750 0x05d4  amdagp - ok
07:38:59.0781 0x05d4  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
07:38:59.0796 0x05d4  amsint - ok
07:39:00.0328 0x05d4  [ 60A92C8C19F007679F65521D779DCB93, 0B7A5AF1AD45DF38EB68D586891726ABCB6A217A53711BB6BA519C3FD3C44932 ] AOL ACS         C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
07:39:00.0734 0x05d4  AOL ACS - ok
07:39:00.0765 0x05d4  AppMgmt - ok
07:39:00.0843 0x05d4  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
07:39:00.0859 0x05d4  asc - ok
07:39:00.0906 0x05d4  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:39:00.0906 0x05d4  asc3350p - ok
07:39:00.0953 0x05d4  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:39:00.0953 0x05d4  asc3550 - ok
07:39:01.0203 0x05d4  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:39:01.0312 0x05d4  aspnet_state - ok
07:39:01.0375 0x05d4  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:39:01.0390 0x05d4  AsyncMac - ok
07:39:01.0468 0x05d4  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
07:39:01.0468 0x05d4  atapi - ok
07:39:01.0500 0x05d4  Atdisk - ok
07:39:01.0578 0x05d4  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:39:01.0609 0x05d4  Atmarpc - ok
07:39:01.0703 0x05d4  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
07:39:01.0718 0x05d4  AudioSrv - ok
07:39:01.0781 0x05d4  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
07:39:01.0781 0x05d4  audstub - ok
07:39:01.0859 0x05d4  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
07:39:01.0890 0x05d4  Beep - ok
07:39:02.0078 0x05d4  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
07:39:02.0343 0x05d4  BITS - ok
07:39:02.0421 0x05d4  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
07:39:02.0437 0x05d4  Browser - ok
07:39:02.0515 0x05d4  [ 2FE6D5BE0629F706197B30C0AA05DE30, 528ED3AA8129FDD6C8EF698E5ECE9BB93C0249CF0200115F13B36410A353F353 ] BrPar           C:\WINDOWS\System32\drivers\BrPar.sys
07:39:02.0531 0x05d4  BrPar - ok
07:39:02.0609 0x05d4  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:39:02.0609 0x05d4  cbidf - ok
07:39:02.0656 0x05d4  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
07:39:02.0656 0x05d4  cbidf2k - ok
07:39:02.0703 0x05d4  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:39:02.0718 0x05d4  cd20xrnt - ok
07:39:02.0781 0x05d4  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
07:39:02.0781 0x05d4  Cdaudio - ok
07:39:02.0875 0x05d4  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
07:39:02.0890 0x05d4  Cdfs - ok
07:39:02.0984 0x05d4  [ 814ACB9B8A55804D9878248B3C79F862, 1A88B286C7F4472EA30DB3D911FBA89D2D63BC89C58873F2ADA6ADF95271B0ED ] Cdr4_xp         C:\WINDOWS\system32\drivers\Cdr4_xp.sys
07:39:03.0000 0x05d4  Cdr4_xp - ok
07:39:03.0046 0x05d4  [ BCE7213F8AA1BC9D5C08F81CB05E10A7, DAE2D78BD4304C387A56D51C0BD8D9374F34C0788C1CF99BE3E9882033930934 ] Cdralw2k        C:\WINDOWS\system32\drivers\Cdralw2k.sys
07:39:03.0062 0x05d4  Cdralw2k - ok
07:39:03.0156 0x05d4  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:39:03.0187 0x05d4  Cdrom - ok
07:39:03.0234 0x05d4  Changer - ok
07:39:03.0328 0x05d4  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
07:39:03.0328 0x05d4  CiSvc - ok
07:39:03.0390 0x05d4  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
07:39:03.0406 0x05d4  ClipSrv - ok
07:39:03.0500 0x05d4  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:39:03.0546 0x05d4  clr_optimization_v2.0.50727_32 - ok
07:39:03.0625 0x05d4  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:39:03.0625 0x05d4  CmdIde - ok
07:39:03.0640 0x05d4  COMSysApp - ok
07:39:03.0718 0x05d4  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:39:03.0718 0x05d4  Cpqarray - ok
07:39:03.0828 0x05d4  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
07:39:03.0843 0x05d4  CryptSvc - ok
07:39:03.0890 0x05d4  ctdvda2k - ok
07:39:03.0906 0x05d4  CTEXFIFX.DLL - ok
07:39:04.0031 0x05d4  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:39:04.0093 0x05d4  dac2w2k - ok
07:39:04.0140 0x05d4  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:39:04.0140 0x05d4  dac960nt - ok
07:39:04.0359 0x05d4  [ 7F19CB9CFAEE15D80107A795F83F9ECA, A8C4F10AF09073B5F3CB57539A2C5C5E603C8F9294B1369A68E6E0302F8C9A09 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
07:39:04.0515 0x05d4  DcomLaunch - detected Trojan.Win32.Patched.pj ( 0 )
07:39:07.0375 0x05d4  DcomLaunch ( Trojan.Win32.Patched.pj ) - infected
07:39:07.0375 0x05d4  Force sending object to P2P due to detect: DcomLaunch
07:39:10.0296 0x05d4  Object send P2P result: true
07:39:12.0843 0x05d4  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
07:39:12.0875 0x05d4  Dhcp - ok
07:39:12.0968 0x05d4  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
07:39:12.0984 0x05d4  Disk - ok
07:39:13.0031 0x05d4  dmadmin - ok
07:39:13.0359 0x05d4  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
07:39:13.0656 0x05d4  dmboot - ok
07:39:13.0765 0x05d4  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
07:39:13.0812 0x05d4  dmio - ok
07:39:13.0875 0x05d4  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
07:39:13.0875 0x05d4  dmload - ok
07:39:13.0937 0x05d4  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
07:39:13.0953 0x05d4  dmserver - ok
07:39:14.0046 0x05d4  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
07:39:14.0062 0x05d4  DMusic - ok
07:39:14.0140 0x05d4  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
07:39:14.0156 0x05d4  Dnscache - ok
07:39:14.0265 0x05d4  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
07:39:14.0312 0x05d4  Dot3svc - ok
07:39:14.0375 0x05d4  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:39:14.0390 0x05d4  dpti2o - ok
07:39:14.0421 0x05d4  driverhardwarev2 - ok
07:39:14.0500 0x05d4  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
07:39:14.0500 0x05d4  drmkaud - ok
07:39:14.0625 0x05d4  [ 7D91DC6342248369F94D6EBA0CF42E99, 3A0B94862AF1E085F1FD9B8B96FC1F7BD6FF00342AC04D697AB65BC686F7BC2F ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:39:14.0671 0x05d4  E100B - ok
07:39:14.0781 0x05d4  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
07:39:14.0796 0x05d4  EapHost - ok
07:39:14.0843 0x05d4  EBPYWGVK - ok
07:39:14.0906 0x05d4  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
07:39:14.0921 0x05d4  ERSvc - ok
07:39:15.0015 0x05d4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
07:39:15.0046 0x05d4  Eventlog - ok
07:39:15.0187 0x05d4  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
07:39:15.0265 0x05d4  EventSystem - ok
07:39:15.0390 0x05d4  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
07:39:15.0437 0x05d4  Fastfat - ok
07:39:15.0546 0x05d4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:39:15.0593 0x05d4  FastUserSwitchingCompatibility - ok
07:39:15.0671 0x05d4  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
07:39:15.0687 0x05d4  Fdc - ok
07:39:15.0718 0x05d4  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
07:39:15.0734 0x05d4  Fips - ok
07:39:15.0812 0x05d4  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:39:15.0828 0x05d4  Flpydisk - ok
07:39:15.0937 0x05d4  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
07:39:15.0984 0x05d4  FltMgr - ok
07:39:16.0125 0x05d4  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:39:16.0187 0x05d4  FontCache3.0.0.0 - ok
07:39:16.0250 0x05d4  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:39:16.0250 0x05d4  Fs_Rec - ok
07:39:16.0359 0x05d4  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:39:16.0390 0x05d4  Ftdisk - ok
07:39:16.0468 0x05d4  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:39:16.0484 0x05d4  Gpc - ok
07:39:16.0656 0x05d4  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
07:39:16.0765 0x05d4  gupdate - ok
07:39:16.0843 0x05d4  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
07:39:16.0843 0x05d4  gupdatem - ok
07:39:16.0875 0x05d4  hclinetd - ok
07:39:17.0015 0x05d4  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:39:17.0015 0x05d4  helpsvc - ok
07:39:17.0093 0x05d4  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
07:39:17.0125 0x05d4  HidServ - ok
07:39:17.0171 0x05d4  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:39:17.0187 0x05d4  HidUsb - ok
07:39:17.0281 0x05d4  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
07:39:17.0296 0x05d4  hkmsvc - ok
07:39:17.0375 0x05d4  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
07:39:17.0375 0x05d4  hpn - ok
07:39:17.0531 0x05d4  [ 33DFC0AFA95F9A2C753FF2ADB7D4A21F, 2D9A9066E1A3FC253AC0E411BD58DA73432BF0E4768C92CB1A90A46CC06F33F4 ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
07:39:17.0609 0x05d4  HSFHWBS2 - ok
07:39:18.0000 0x05d4  [ B2DFC168D6F7512FAEA085253C5A37AD, 25B8FE027F8D0A383F9A475D98C0A587BF8DB26D7AC2747DDC115BC6E7D91EBA ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
07:39:18.0406 0x05d4  HSF_DP - ok
07:39:18.0562 0x05d4  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
07:39:18.0671 0x05d4  HTTP - ok
07:39:18.0750 0x05d4  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
07:39:18.0765 0x05d4  HTTPFilter - ok
07:39:18.0812 0x05d4  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
07:39:18.0812 0x05d4  i2omgmt - ok
07:39:18.0906 0x05d4  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:39:18.0921 0x05d4  i2omp - ok
07:39:19.0000 0x05d4  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:39:19.0031 0x05d4  i8042prt - ok
07:39:19.0343 0x05d4  [ 0ACEBB31989CBF9A5663FE4A33D28D21, A56D11A09ED162E3865E69150A71E2462C818E558E4D2DCA0F27C6C67575EA4B ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:39:19.0609 0x05d4  ialm - ok
07:39:20.0046 0x05d4  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:39:20.0625 0x05d4  idsvc - ok
07:39:20.0703 0x05d4  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
07:39:20.0718 0x05d4  Imapi - ok
07:39:20.0828 0x05d4  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
07:39:20.0875 0x05d4  ImapiService - ok
07:39:20.0953 0x05d4  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:39:20.0968 0x05d4  ini910u - ok
07:39:21.0015 0x05d4  int15 - ok
07:39:21.0078 0x05d4  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
07:39:21.0078 0x05d4  IntelIde - ok
07:39:21.0140 0x05d4  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:39:21.0156 0x05d4  intelppm - ok
07:39:21.0218 0x05d4  iomegaaccess - ok
07:39:21.0281 0x05d4  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
07:39:21.0281 0x05d4  Ip6Fw - ok
07:39:21.0359 0x05d4  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:39:21.0375 0x05d4  IpFilterDriver - ok
07:39:21.0421 0x05d4  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:39:21.0421 0x05d4  IpInIp - ok
07:39:21.0531 0x05d4  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:39:21.0578 0x05d4  IpNat - ok
07:39:21.0640 0x05d4  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:39:21.0671 0x05d4  IPSec - ok
07:39:21.0734 0x05d4  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
07:39:21.0734 0x05d4  IRENUM - ok
07:39:21.0812 0x05d4  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:39:21.0828 0x05d4  isapnp - ok
07:39:22.0015 0x05d4  [ 77430E8234A0050ECCC5E2F5B30A7BEF, 3D05B97C01B1B7E0700369DEB15C8B5A083309518B6FDBADE6924637DEC4ABFF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
07:39:22.0078 0x05d4  JavaQuickStarterService - ok
07:39:22.0203 0x05d4  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:39:22.0203 0x05d4  Kbdclass - ok
07:39:22.0281 0x05d4  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:39:22.0281 0x05d4  kbdhid - ok
07:39:22.0406 0x05d4  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
07:39:22.0453 0x05d4  kmixer - ok
07:39:22.0562 0x05d4  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
07:39:22.0593 0x05d4  KSecDD - ok
07:39:22.0687 0x05d4  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
07:39:22.0703 0x05d4  lanmanserver - ok
07:39:22.0812 0x05d4  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:39:22.0890 0x05d4  lanmanworkstation - ok
07:39:22.0921 0x05d4  lbrtfdc - ok
07:39:22.0968 0x05d4  leqpktih - ok
07:39:23.0062 0x05d4  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
07:39:23.0062 0x05d4  LmHosts - ok
07:39:23.0093 0x05d4  lmouflt2 - ok
07:39:23.0140 0x05d4  mclserviceatl - ok
07:39:23.0171 0x05d4  mctskshd.exe - ok
07:39:23.0250 0x05d4  [ 3C318B9CD391371BED62126581EE9961, 1254273DE950EF8D5922F26D67B55C9D9082F45CDE168E3DAB20A2E53208DC3A ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:39:23.0265 0x05d4  mdmxsdk - ok
07:39:23.0328 0x05d4  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
07:39:23.0343 0x05d4  Messenger - ok
07:39:23.0750 0x05d4  MFE_RR - ok
07:39:23.0828 0x05d4  MKEMUSB - ok
07:39:23.0937 0x05d4  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
07:39:23.0937 0x05d4  mnmdd - ok
07:39:24.0015 0x05d4  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
07:39:24.0031 0x05d4  mnmsrvc - ok
07:39:24.0093 0x05d4  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
07:39:24.0109 0x05d4  Modem - ok
07:39:24.0218 0x05d4  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:39:24.0218 0x05d4  Mouclass - ok
07:39:24.0296 0x05d4  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:39:24.0296 0x05d4  mouhid - ok
07:39:24.0390 0x05d4  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
07:39:24.0406 0x05d4  MountMgr - ok
07:39:24.0546 0x05d4  [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
07:39:24.0593 0x05d4  MpFilter - ok
07:39:24.0671 0x05d4  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:39:24.0671 0x05d4  mraid35x - ok
07:39:24.0812 0x05d4  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:39:24.0890 0x05d4  MRxDAV - ok
07:39:25.0125 0x05d4  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:39:25.0296 0x05d4  MRxSmb - ok
07:39:25.0421 0x05d4  [ B490BD0678CB6A4890A86020ED106C75, 7EB16824974F197A7181DDFEC1BD86A220FB6D2AD0217E2D1D1A6101931CCB5C ] MSCSPTISRV      C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
07:39:25.0515 0x05d4  MSCSPTISRV - ok
07:39:25.0578 0x05d4  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
07:39:25.0578 0x05d4  MSDTC - ok
07:39:25.0656 0x05d4  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
07:39:25.0656 0x05d4  Msfs - ok
07:39:25.0703 0x05d4  MSIServer - ok
07:39:25.0781 0x05d4  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:39:25.0781 0x05d4  MSKSSRV - ok
07:39:25.0906 0x05d4  [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:39:25.0937 0x05d4  MsMpSvc - ok
07:39:26.0015 0x05d4  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:39:26.0015 0x05d4  MSPCLOCK - ok
07:39:26.0046 0x05d4  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
07:39:26.0062 0x05d4  MSPQM - ok
07:39:26.0125 0x05d4  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:39:26.0125 0x05d4  mssmbios - ok
07:39:26.0250 0x05d4  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
07:39:26.0296 0x05d4  Mup - ok
07:39:26.0375 0x05d4  [ E1CDF20697D992CF83FF86DD04DF1285, F11EFA7B96672225BFB4302CD2272AD0D189973CBC24E9DA71FC3C7DAA78D4EA ] mxnic           C:\WINDOWS\system32\DRIVERS\mxnic.sys
07:39:26.0390 0x05d4  mxnic - ok
07:39:26.0531 0x05d4  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
07:39:26.0640 0x05d4  napagent - ok
07:39:26.0781 0x05d4  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
07:39:26.0843 0x05d4  NDIS - ok
07:39:26.0906 0x05d4  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:39:26.0906 0x05d4  NdisTapi - ok
07:39:26.0984 0x05d4  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:39:26.0984 0x05d4  Ndisuio - ok
07:39:27.0078 0x05d4  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:39:27.0109 0x05d4  NdisWan - ok
07:39:27.0187 0x05d4  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
07:39:27.0218 0x05d4  NDProxy - ok
07:39:27.0296 0x05d4  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
07:39:27.0312 0x05d4  NetBIOS - ok
07:39:27.0421 0x05d4  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
07:39:27.0484 0x05d4  NetBT - ok
07:39:27.0593 0x05d4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
07:39:27.0625 0x05d4  NetDDE - ok
07:39:27.0703 0x05d4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
07:39:27.0703 0x05d4  NetDDEdsdm - ok
07:39:27.0796 0x05d4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
07:39:27.0796 0x05d4  Netlogon - ok
07:39:27.0953 0x05d4  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
07:39:28.0015 0x05d4  Netman - ok
07:39:28.0156 0x05d4  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:39:28.0265 0x05d4  NetTcpPortSharing - ok
07:39:28.0421 0x05d4  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
07:39:28.0500 0x05d4  Nla - ok
07:39:28.0531 0x05d4  nnsvc - ok
07:39:28.0625 0x05d4  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
07:39:28.0625 0x05d4  Npfs - ok
07:39:28.0843 0x05d4  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
07:39:29.0078 0x05d4  Ntfs - ok
07:39:29.0140 0x05d4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
07:39:29.0140 0x05d4  NtLmSsp - ok
07:39:29.0359 0x05d4  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
07:39:29.0531 0x05d4  NtmsSvc - ok
07:39:29.0609 0x05d4  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
07:39:29.0609 0x05d4  Null - ok
07:39:29.0640 0x05d4  nuvvid2 - ok
07:39:30.0312 0x05d4  [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:39:31.0062 0x05d4  nv - ok
07:39:31.0156 0x05d4  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:39:31.0171 0x05d4  NwlnkFlt - ok
07:39:31.0218 0x05d4  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:39:31.0218 0x05d4  NwlnkFwd - ok
07:39:31.0265 0x05d4  olregcap - ok
07:39:31.0390 0x05d4  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:39:31.0421 0x05d4  ose - ok
07:39:31.0515 0x05d4  [ C90018BAFDC7098619A4A95B046B30F3, 1826E46F237AD65BA189B83803A46A6C2B29089C1BA146106ADD9F2B04D4A89D ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
07:39:31.0531 0x05d4  P3 - ok
07:39:31.0593 0x05d4  [ DCACC2FC7DC0A3D7A60BEB81FA233822, 98866D1B93A5EAF2A7B008EACDB56A7CD3E06830F53A86330D5A0319AF8FF938 ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
07:39:31.0625 0x05d4  PACSPTISVR - ok
07:39:31.0718 0x05d4  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
07:39:31.0750 0x05d4  Parport - ok
07:39:31.0812 0x05d4  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
07:39:31.0828 0x05d4  PartMgr - ok
07:39:31.0890 0x05d4  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
07:39:31.0890 0x05d4  ParVdm - ok
07:39:31.0984 0x05d4  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
07:39:32.0000 0x05d4  PCI - ok
07:39:32.0046 0x05d4  PCIDump - ok
07:39:32.0078 0x05d4  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
07:39:32.0078 0x05d4  PCIIde - ok
07:39:32.0203 0x05d4  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
07:39:32.0234 0x05d4  Pcmcia - ok
07:39:32.0265 0x05d4  PDCOMP - ok
07:39:32.0296 0x05d4  PDFRAME - ok
07:39:32.0328 0x05d4  PDRELI - ok
07:39:32.0390 0x05d4  PDRFRAME - ok
07:39:32.0484 0x05d4  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
07:39:32.0484 0x05d4  perc2 - ok
07:39:32.0515 0x05d4  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:39:32.0515 0x05d4  perc2hib - ok
07:39:32.0656 0x05d4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
07:39:32.0671 0x05d4  PlugPlay - ok
07:39:32.0703 0x05d4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
07:39:32.0703 0x05d4  PolicyAgent - ok
07:39:32.0781 0x05d4  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:39:32.0796 0x05d4  PptpMiniport - ok
07:39:32.0937 0x05d4  [ BDDCAF3DDD6C54229E8703E6382CA761, 7F5A839D822F409F6F7257869384956FBA6FC9D2CA87FE90477B60BDF2F74D5A ] PrismXL         C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
07:39:33.0000 0x05d4  PrismXL - ok
07:39:33.0031 0x05d4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:39:33.0031 0x05d4  ProtectedStorage - ok
07:39:33.0125 0x05d4  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
07:39:33.0156 0x05d4  PSched - ok
07:39:33.0234 0x05d4  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:39:33.0234 0x05d4  Ptilink - ok
07:39:33.0312 0x05d4  [ 86724469CD077901706854974CD13C3E, 23C6B45928E43AC2893033DFC4265C2C87B3D185CB20553B9EAB818A46FB8C18 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:39:33.0312 0x05d4  PxHelp20 - ok
07:39:33.0359 0x05d4  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:39:33.0375 0x05d4  ql1080 - ok
07:39:33.0437 0x05d4  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:39:33.0437 0x05d4  Ql10wnt - ok
07:39:33.0500 0x05d4  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:39:33.0515 0x05d4  ql12160 - ok
07:39:33.0562 0x05d4  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:39:33.0578 0x05d4  ql1240 - ok
07:39:33.0625 0x05d4  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:39:33.0640 0x05d4  ql1280 - ok
07:39:33.0687 0x05d4  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:39:33.0703 0x05d4  RasAcd - ok
07:39:33.0796 0x05d4  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
07:39:33.0828 0x05d4  RasAuto - ok
07:39:33.0906 0x05d4  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:39:33.0921 0x05d4  Rasl2tp - ok
07:39:34.0046 0x05d4  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
07:39:34.0109 0x05d4  RasMan - ok
07:39:34.0156 0x05d4  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:39:34.0171 0x05d4  RasPppoe - ok
07:39:34.0250 0x05d4  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
07:39:34.0265 0x05d4  Raspti - ok
07:39:34.0359 0x05d4  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:39:34.0437 0x05d4  Rdbss - ok
07:39:34.0515 0x05d4  RDID1007 - ok
07:39:34.0562 0x05d4  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:39:34.0562 0x05d4  RDPCDD - ok
07:39:34.0703 0x05d4  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:39:34.0765 0x05d4  rdpdr - ok
07:39:34.0921 0x05d4  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
07:39:34.0968 0x05d4  RDPWD - ok
07:39:35.0093 0x05d4  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
07:39:35.0140 0x05d4  RDSessMgr - ok
07:39:35.0250 0x05d4  [ 89525CC2DBAD44F7199B9CC188B3F9C5, 09708EFA65BC1CCF92E6F2E143FCF88C645B1633AFE0DED833CDF945CB077D8C ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
07:39:35.0265 0x05d4  RealNetworks Downloader Resolver Service - ok
07:39:35.0343 0x05d4  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
07:39:35.0375 0x05d4  redbook - ok
07:39:35.0453 0x05d4  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
07:39:35.0468 0x05d4  RemoteAccess - ok
07:39:35.0578 0x05d4  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
07:39:35.0609 0x05d4  RpcLocator - ok
07:39:35.0812 0x05d4  [ 7F19CB9CFAEE15D80107A795F83F9ECA, A8C4F10AF09073B5F3CB57539A2C5C5E603C8F9294B1369A68E6E0302F8C9A09 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
07:39:35.0828 0x05d4  RpcSs - detected Trojan.Win32.Patched.pj ( 0 )
07:39:35.0828 0x05d4  RpcSs ( Trojan.Win32.Patched.pj ) - infected
07:39:35.0828 0x05d4  Force sending object to P2P due to detect: RpcSs
07:39:44.0046 0x05d4  Object send P2P result: true
07:39:46.0593 0x05d4  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
07:39:46.0640 0x05d4  RSVP - ok
07:39:46.0687 0x05d4  s116bus - ok
07:39:46.0781 0x05d4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
07:39:46.0781 0x05d4  SamSs - ok
07:39:46.0859 0x05d4  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:39:46.0859 0x05d4  SASDIFSV - ok
07:39:46.0953 0x05d4  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
07:39:46.0984 0x05d4  SASKUTIL - ok
07:39:47.0093 0x05d4  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
07:39:47.0125 0x05d4  SCardSvr - ok
07:39:47.0250 0x05d4  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
07:39:47.0312 0x05d4  Schedule - ok
07:39:47.0390 0x05d4  SeaPort - ok
07:39:47.0468 0x05d4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:39:47.0484 0x05d4  Secdrv - ok
07:39:47.0562 0x05d4  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
07:39:47.0562 0x05d4  seclogon - ok
07:39:47.0640 0x05d4  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
07:39:47.0656 0x05d4  SENS - ok
07:39:47.0703 0x05d4  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
07:39:47.0718 0x05d4  Serenum - ok
07:39:47.0781 0x05d4  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
07:39:47.0812 0x05d4  Serial - ok
07:39:47.0921 0x05d4  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
07:39:47.0921 0x05d4  Sfloppy - ok
07:39:47.0953 0x05d4  sfsync04 - ok
07:39:48.0125 0x05d4  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
07:39:48.0218 0x05d4  SharedAccess - ok
07:39:48.0453 0x05d4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:39:48.0453 0x05d4  ShellHWDetection - ok
07:39:48.0484 0x05d4  Simbad - ok
07:39:48.0562 0x05d4  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:39:48.0578 0x05d4  sisagp - ok
07:39:48.0671 0x05d4  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:39:48.0671 0x05d4  Sparrow - ok
07:39:48.0781 0x05d4  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
07:39:48.0781 0x05d4  splitter - ok
07:39:48.0859 0x05d4  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
07:39:48.0890 0x05d4  Spooler - ok
07:39:48.0921 0x05d4  sprtsvc_dellsupportcenter - ok
07:39:49.0015 0x05d4  [ 1B7447278005E38E464B34A7E841D628, CBEF504A8F499753E45FFC34DB25BB7AFCF3F5447A834289626BCFBB2AE4978F ] SPTISRV         C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
07:39:49.0031 0x05d4  SPTISRV - ok
07:39:49.0125 0x05d4  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
07:39:49.0156 0x05d4  sr - ok
07:39:49.0281 0x05d4  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
07:39:49.0328 0x05d4  srservice - ok
07:39:49.0531 0x05d4  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
07:39:49.0656 0x05d4  Srv - ok
07:39:49.0937 0x05d4  [ D795709932C74E00B804D99CF9A3AFD6, FC84B1D67878D5F7B86E47FDC94C690D321B963EA0D0BCDC2C6D195AC76C3E20 ] SS1022          C:\WINDOWS\system32\DRIVERS\SSUSBN51.sys
07:39:50.0156 0x05d4  SS1022 - ok
07:39:50.0250 0x05d4  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
07:39:50.0265 0x05d4  SSDPSRV - ok
07:39:50.0390 0x05d4  [ F05B8D10BD6AD4CBB561E29D5BE2C674, 765F26FC5890A587B0B309A45867CA4F4BB2A2C4A36C33F033B532481E293B33 ] SSScsiSV        C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
07:39:50.0406 0x05d4  SSScsiSV - ok
07:39:50.0593 0x05d4  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
07:39:50.0718 0x05d4  stisvc - ok
07:39:50.0812 0x05d4  [ 86CA1A5C15A5A98D5533945FB1120B05, FFAA8F42D88A69B6893343A61DE5F34AAA04400BF9EAC7A2A6469D001FD9C0DC ] SunkFilt        C:\WINDOWS\System32\Drivers\sunkfilt.sys
07:39:50.0812 0x05d4  SunkFilt - ok
07:39:50.0921 0x05d4  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
07:39:50.0921 0x05d4  swenum - ok
07:39:50.0984 0x05d4  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
07:39:51.0015 0x05d4  swmidi - ok
07:39:51.0046 0x05d4  SwPrv - ok
07:39:51.0156 0x05d4  [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
07:39:51.0156 0x05d4  symc810 - ok
07:39:51.0203 0x05d4  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:39:51.0218 0x05d4  symc8xx - ok
07:39:51.0250 0x05d4  [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:39:51.0281 0x05d4  sym_hi - ok
07:39:51.0328 0x05d4  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:39:51.0328 0x05d4  sym_u3 - ok
07:39:51.0421 0x05d4  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
07:39:51.0437 0x05d4  sysaudio - ok
07:39:51.0468 0x05d4  sysdown - ok
07:39:51.0578 0x05d4  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
07:39:51.0609 0x05d4  SysmonLog - ok
07:39:51.0750 0x05d4  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
07:39:51.0843 0x05d4  TapiSrv - ok
07:39:52.0093 0x05d4  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:39:52.0218 0x05d4  Tcpip - ok
07:39:52.0281 0x05d4  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
07:39:52.0296 0x05d4  TDPIPE - ok
07:39:52.0343 0x05d4  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
07:39:52.0343 0x05d4  TDTCP - ok
07:39:52.0406 0x05d4  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
07:39:52.0421 0x05d4  TermDD - ok
07:39:52.0593 0x05d4  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
07:39:52.0687 0x05d4  TermService - ok
07:39:52.0781 0x05d4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
07:39:52.0781 0x05d4  Themes - ok
07:39:52.0921 0x05d4  [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
07:39:52.0937 0x05d4  TosIde - ok
07:39:53.0031 0x05d4  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
07:39:53.0062 0x05d4  TrkWks - ok
07:39:53.0109 0x05d4  tsmservice - ok
07:39:53.0218 0x05d4  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
07:39:53.0250 0x05d4  Udfs - ok
07:39:53.0343 0x05d4  [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
07:39:53.0343 0x05d4  ultra - ok
07:39:53.0546 0x05d4  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
07:39:53.0671 0x05d4  Update - ok
07:39:53.0812 0x05d4  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
07:39:53.0875 0x05d4  upnphost - ok
07:39:53.0937 0x05d4  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
07:39:53.0937 0x05d4  UPS - ok
07:39:54.0015 0x05d4  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:39:54.0031 0x05d4  usbccgp - ok
07:39:54.0109 0x05d4  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:39:54.0125 0x05d4  usbehci - ok
07:39:54.0218 0x05d4  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:39:54.0234 0x05d4  usbhub - ok
07:39:54.0312 0x05d4  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:39:54.0328 0x05d4  usbprint - ok
07:39:54.0406 0x05d4  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:39:54.0406 0x05d4  usbscan - ok
07:39:54.0468 0x05d4  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:39:54.0484 0x05d4  USBSTOR - ok
07:39:54.0562 0x05d4  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:39:54.0562 0x05d4  usbuhci - ok
07:39:54.0625 0x05d4  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
07:39:54.0640 0x05d4  VgaSave - ok
07:39:54.0718 0x05d4  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:39:54.0734 0x05d4  viaagp - ok
07:39:54.0796 0x05d4  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
07:39:54.0812 0x05d4  ViaIde - ok
07:39:54.0906 0x05d4  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
07:39:54.0921 0x05d4  VolSnap - ok
07:39:55.0078 0x05d4  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
07:39:55.0203 0x05d4  VSS - ok
07:39:55.0328 0x05d4  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
07:39:55.0390 0x05d4  W32Time - ok
07:39:55.0437 0x05d4  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:39:55.0453 0x05d4  Wanarp - ok
07:39:55.0546 0x05d4  [ 0A716C08CB13C3A8F4F51E882DBF7416, 66FFDC9151CB3676B5DF073431DE055E7F2CDA5722F7EAAC6EC45F2CF9910882 ] wanatw          C:\WINDOWS\system32\DRIVERS\wanatw4.sys
07:39:55.0546 0x05d4  wanatw - ok
07:39:55.0562 0x05d4  WDICA - ok
07:39:55.0640 0x05d4  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
07:39:55.0671 0x05d4  wdmaud - ok
07:39:55.0750 0x05d4  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
07:39:55.0781 0x05d4  WebClient - ok
07:39:56.0093 0x05d4  [ 2DC7C0B6175A0A8ED84A4F70199C93B5, 2EF9A3A555938D4F6FE8167D2E04C996623CFF587FDEBD3AD41A96045CC8646E ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:39:56.0343 0x05d4  winachsf - ok
07:39:56.0515 0x05d4  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
07:39:56.0546 0x05d4  winmgmt - ok
07:39:56.0703 0x05d4  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
07:39:56.0718 0x05d4  WmdmPmSN - ok
07:39:56.0843 0x05d4  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:39:56.0890 0x05d4  WmiApSrv - ok
07:39:57.0328 0x05d4  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
07:39:57.0671 0x05d4  WMPNetworkSvc - ok
07:39:57.0765 0x05d4  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
07:39:57.0796 0x05d4  WpdUsb - ok
07:39:57.0875 0x05d4  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:39:57.0906 0x05d4  WS2IFSL - ok
07:39:57.0984 0x05d4  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
07:39:58.0093 0x05d4  wscsvc - ok
07:39:58.0140 0x05d4  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
07:39:58.0187 0x05d4  wuauserv - ok
07:39:58.0281 0x05d4  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:39:58.0343 0x05d4  WudfPf - ok
07:39:58.0421 0x05d4  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
07:39:58.0453 0x05d4  WudfSvc - ok
07:39:58.0734 0x05d4  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
07:39:59.0031 0x05d4  WZCSVC - ok
07:39:59.0140 0x05d4  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
07:39:59.0187 0x05d4  xmlprov - ok
07:39:59.0218 0x05d4  ================ Scan global ===============================
07:39:59.0281 0x05d4  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
07:39:59.0531 0x05d4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
07:39:59.0921 0x05d4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
07:40:00.0015 0x05d4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
07:40:00.0031 0x05d4  [ Global ] - ok
07:40:00.0046 0x05d4  ================ Scan MBR ==================================
07:40:00.0093 0x05d4  [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk0\DR0
07:40:02.0375 0x05d4  \Device\Harddisk0\DR0 - ok
07:40:02.0390 0x05d4  ================ Scan VBR ==================================
07:40:02.0437 0x05d4  [ 6C0A6A8E1A06F04AFB246ED24371E3E1 ] \Device\Harddisk0\DR0\Partition1
07:40:02.0484 0x05d4  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
07:40:02.0484 0x05d4  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
07:40:05.0031 0x05d4  [ 8D6C2BB44A4BE012F2B4DACFEB0EC120 ] \Device\Harddisk0\DR0\Partition2
07:40:05.0046 0x05d4  \Device\Harddisk0\DR0\Partition2 - ok
07:40:05.0062 0x05d4  ================ Scan generic autorun ======================
07:40:05.0328 0x05d4  [ D3CC7A3813123E955B3A497C04B404E2, 3D4D7BFBD6801155908EF0CB916B45ADEF41A63B39E30CCD9B62F360AC5FF20A ] C:\WINDOWS\SMINST\RECGUARD.EXE
07:40:05.0562 0x05d4  Recguard - ok
07:40:05.0734 0x05d4  [ C341CCFBE98BC7DF6E0B856BB9FC265A, 7EA0A5407591EC8D97A9658DBEB7CB57550E143C526C3502E73F12FEF46F778C ] C:\Program Files\QuickTime\qttask.exe
07:40:05.0750 0x05d4  QuickTime Task - ok
07:40:06.0031 0x05d4  [ 7F2691FD961C9A704DA221745CCE6295, E33F879D1F5E50DD5FC37754B717EA3EA269CC6809F00C5C5DA189545110BF8C ] C:\program files\real\realplayer\update\realsched.exe
07:40:06.0265 0x05d4  TkBellExe - ok
07:40:06.0500 0x05d4  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
07:40:06.0750 0x05d4  SunJavaUpdateSched - ok
07:40:07.0312 0x05d4  [ 882B5B999A71F56D5DF294D93AE1E7D1, 690B93C4A3E476595808EBDBE5CF620FC4A86D41FCD66023DE0DA7972F8941E4 ] c:\Program Files\Microsoft Security Client\msseces.exe
07:40:07.0734 0x05d4  MSC - ok
07:40:08.0078 0x05d4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
07:40:08.0234 0x05d4  Google Update - ok
07:40:09.0250 0x05d4  [ 3E930C641079443D4DE036167A69CAA2, DEBA83978850F17B33A3C4C06C5E707B9A3FACA30FE0DFC5A9425EF2CA592473 ] C:\Program Files\Messenger\msmsgs.exe
07:40:10.0109 0x05d4  MSMSGS - ok
07:40:10.0140 0x05d4  Waiting for KSN requests completion. In queue: 7
07:40:11.0140 0x05d4  Waiting for KSN requests completion. In queue: 7
07:40:12.0140 0x05d4  Waiting for KSN requests completion. In queue: 7
07:40:13.0234 0x05d4  AV detected via SS1: Microsoft Security Essentials, 4.5.0216.0, disabled, updated
07:40:13.0234 0x05d4  Win FW state via NFM: enabled
07:40:15.0687 0x05d4  ============================================================
07:40:15.0687 0x05d4  Scan finished
07:40:15.0687 0x05d4  ============================================================
07:40:15.0750 0x05c0  Detected object count: 3
07:40:15.0750 0x05c0  Actual detected object count: 3
07:41:14.0031 0x05c0  C:\WINDOWS\system32\rpcss.dll - copied to quarantine
07:41:14.0031 0x05c0  DcomLaunch ( Trojan.Win32.Patched.pj ) - User select action: Quarantine
07:41:14.0328 0x05c0  C:\WINDOWS\System32\rpcss.dll - copied to quarantine
07:41:14.0328 0x05c0  RpcSs ( Trojan.Win32.Patched.pj ) - User select action: Quarantine
07:41:14.0390 0x05c0  \Device\Harddisk0\DR0\Partition1 - copied to quarantine
07:41:14.0390 0x05c0  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Quarantine
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:47 AM

Posted 17 June 2014 - 09:07 AM

Please rescan with FRST (create a new addition.txt by placing the checkmark) and post up both logs now.

Also, rescan with TDSS-Killer and post up the log as well.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 riley45

riley45
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 17 June 2014 - 05:18 PM

I ran the FRST and TDSSKiller scans. When the TDSSKiller scan asked me to reboot my computer, a window popped up asking me whether I wanted to continue to run the TDSSKiller scan. I clicked on "Yes", and then another window opened saying that the computer is shutting down. On subsequent reboots, the same message appears, and the system shuts down in a minute. I believe that this is another root kit type virus which was placed on my system when I clicked on the button to continue the TDSSKiller scan. The window is labelled System Shutdown and says that the shutdown is due to the NT AUTHORITY\SYSTEM. The shutdown message appears both in regular and safe mode. In the minute before the shutdown occurs, Microsoft Security Essentials (MSE) attempts to clean some files from my computer but is unsuccessful since the computer shuts downs before it is finished.

I did not post the logs from the two scans, since I can no longer access the log files.

#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:47 AM

Posted 18 June 2014 - 03:51 AM

Create/Run a batch file

Open notepad and copy/paste the text in the box below into it:

@echo off
shutdown -a
Save this as fix.bat to your desktop.

Choose to "Save type as - All Files"


Each time your machine threatens to shutdown, double click on fix.bat & it shall abort the shutdown procedure. That should ease some of your current difficulties.

 

 

Post up the logs.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 riley45

riley45
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 18 June 2014 - 05:28 PM

I created the fix.bat file as you instructed.  Here is the log from the latest FRST scan.  The log from the latest TDSSKiller scan is shown in a subsequent post, since it is loo long to include in this post.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2014
Ran by Owner (administrator) on KEN on 17-06-2014 16:37:58
Running from C:\Documents and Settings\Owner\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(America Online, Inc.) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-14] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2005-05-11] (Apple Computer, Inc.)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2013-05-26] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxsrvc.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-1704833363-758890274-2038612096-1003\...\Run: [Google Update] => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-09-08] (Google Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} http://usfulfillment.puretracks.com/onager.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www2.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://incommsolutions.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc.cab
DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} http://entimg.msn.com/client/msnmusax3606.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\48ppap2b.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\48ppap2b.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-05-27]
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-05-26]
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-05-26]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: babylon.com
CHR DefaultSearchProvider: Search the web (Babylon)
CHR DefaultSearchURL: http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101385&mntrId=a846c63d0000000000000002dd43387f&tt=090212_ctrl
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (RealDownloader) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-29]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com) [File not signed]
R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [1135728 2011-09-24] (America Online, Inc.) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [402432 2009-02-09] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53337 2005-11-24] (Sony Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53337 2005-11-24] (Sony Corporation) [File not signed]
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [176128 2011-09-24] (New Boundary Technologies, Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [402432 2009-02-09] (Microsoft Corporation) [File not signed]
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69718 2005-11-24] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [69632 2006-01-06] (Sony Corporation) [File not signed]
S2 ctdvda2k; %systemroot%\system32\mpfservice.dll [X]
S2 CTEXFIFX.DLL; %systemroot%\system32\ctprxy2k.dll [X]
S2 driverhardwarev2; %systemroot%\system32\avinitnt.dll [X]
S2 hclinetd; %systemroot%\system32\audstub.dll [X]
S2 int15; %systemroot%\system32\pensup.dll [X]
S2 iomegaaccess; %systemroot%\system32\zebrbus.dll [X]
S2 lmouflt2; %systemroot%\system32\p2pimsvc.dll [X]
S2 mclserviceatl; %systemroot%\system32\vvoice.dll [X]
S2 mctskshd.exe; %systemroot%\system32\DcLps.dll [X]
S2 MKEMUSB; %systemroot%\system32\pnkbstra.dll [X]
S2 nnsvc; %systemroot%\system32\vmware.dll [X]
S2 nuvvid2; %systemroot%\system32\kodakccs.dll [X]
S2 olregcap; %systemroot%\system32\HssDrv.dll [X]
S2 RDID1007; %systemroot%\system32\EL90X.dll [X]
S2 s116bus; %systemroot%\system32\tsp.dll [X]
S2 SeaPort; %systemroot%\system32\ALABULK.dll [X]
S2 sfsync04; %systemroot%\system32\CVPNDRVA.dll [X]
S2 sprtsvc_dellsupportcenter; %systemroot%\system32\vulfnths.dll [X]
S2 sysdown; %systemroot%\system32\plugplay.dll [X]
S2 tsmservice; %systemroot%\system32\vaiomediaplatform-integratedserver-http.dll [X]

==================== Drivers (Whitelisted) ====================

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-18] (Microsoft Corporation)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2317504 2005-04-19] (Realtek Semiconductor Corp.)
R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [44288 2005-09-07] (Sonic Solutions) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [24960 2005-09-07] (Sonic Solutions) [File not signed]
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SS1022; C:\WINDOWS\System32\DRIVERS\SSUSBN51.sys [588160 2002-06-21] (Siemens) [File not signed]
R3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [36804 2004-11-15] (Alcor Micro Corp.) [File not signed]
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S2 EBPYWGVK; \??\C:\WINDOWS\system32\ebpywgvk.agr [X]
S1 leqpktih; \??\C:\WINDOWS\system32\drivers\leqpktih.sys [X]
S3 MFE_RR; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mfe_rr.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

NETSVC: int15 -> C:\Windows\system32\pensup.dll ==> No File.
NETSVC: iomegaaccess -> C:\Windows\system32\zebrbus.dll ==> No File.
NETSVC: nnsvc -> C:\Windows\system32\vmware.dll ==> No File.
NETSVC: sprtsvc_dellsupportcenter -> C:\Windows\system32\vulfnths.dll ==> No File.
NETSVC: olregcap -> C:\Windows\system32\HssDrv.dll ==> No File.
NETSVC: mctskshd.exe -> C:\Windows\system32\DcLps.dll ==> No File.
NETSVC: tsmservice -> C:\Windows\system32\vaiomediaplatform-integratedserver-http.dll ==> No File.
NETSVC: nuvvid2 -> C:\Windows\system32\kodakccs.dll ==> No File.
NETSVC: sfsync04 -> C:\Windows\system32\CVPNDRVA.dll ==> No File.
NETSVC: mclserviceatl -> C:\Windows\system32\vvoice.dll ==> No File.
NETSVC: SeaPort -> C:\Windows\system32\ALABULK.dll ==> No File.
NETSVC: MKEMUSB -> C:\Windows\system32\pnkbstra.dll ==> No File.
NETSVC: hclinetd -> C:\Windows\system32\audstub.dll ==> No File.
NETSVC: CTEXFIFX.DLL -> C:\Windows\system32\ctprxy2k.dll ==> No File.
NETSVC: lmouflt2 -> C:\Windows\system32\p2pimsvc.dll ==> No File.
NETSVC: sysdown -> C:\Windows\system32\plugplay.dll ==> No File.
NETSVC: ctdvda2k -> C:\Windows\system32\mpfservice.dll ==> No File.
NETSVC: s116bus -> C:\Windows\system32\tsp.dll ==> No File.
NETSVC: driverhardwarev2 -> C:\Windows\system32\avinitnt.dll ==> No File.
NETSVC: RDID1007 -> C:\Windows\system32\EL90X.dll ==> No File.

==================== One Month Created Files and Folders ========

2014-06-17 15:49 - 2014-06-17 15:49 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\FRST-OlderVersion
2014-06-17 07:41 - 2014-06-17 07:41 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-17 07:34 - 2014-06-17 07:34 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
2014-06-13 15:42 - 2014-06-13 15:42 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\tdsskiller
2014-06-13 15:40 - 2014-06-13 15:41 - 04161050 _____ () C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
2014-06-13 15:26 - 2014-06-13 15:26 - 00022798 _____ () C:\Documents and Settings\Owner\Desktop\Addition.txt
2014-06-13 15:15 - 2014-06-17 16:40 - 00019229 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-06-13 15:12 - 2014-06-17 16:38 - 00000000 ____D () C:\FRST
2014-06-13 15:10 - 2014-06-17 15:49 - 01072640 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-06-12 23:59 - 2014-06-17 07:43 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Rovnix 6-2014
2014-06-12 23:55 - 2014-06-12 23:56 - 00688992 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\dds.com
2014-06-11 22:39 - 2014-06-11 22:39 - 00000000 __SHD () C:\found.002
2014-06-11 20:34 - 2014-06-11 20:35 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Ali Skinder
2014-06-11 12:54 - 2014-06-11 22:15 - 00016896 _____ () C:\Documents and Settings\Owner\My Documents\LHS AP Calculus Statistics Summer Assignemnts.wps
2014-05-21 00:42 - 2014-06-17 16:30 - 00000300 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
2014-05-21 00:42 - 2014-06-11 09:02 - 00000308 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
2014-05-21 00:41 - 2014-06-10 00:41 - 00000326 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job

==================== One Month Modified Files and Folders =======

2014-06-17 16:41 - 2013-01-24 10:21 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-06-17 16:40 - 2014-06-13 15:15 - 00019229 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-06-17 16:40 - 2014-04-02 20:00 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-06-17 16:40 - 2013-01-24 10:21 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\temp
2014-06-17 16:38 - 2014-06-13 15:12 - 00000000 ____D () C:\FRST
2014-06-17 16:38 - 2005-03-23 14:11 - 01293157 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-17 16:31 - 2013-04-08 12:22 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-17 16:30 - 2014-05-21 00:42 - 00000300 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
2014-06-17 16:30 - 2014-04-17 14:01 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
2014-06-17 16:30 - 2013-05-26 17:29 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
2014-06-17 16:30 - 2012-11-03 21:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-17 16:30 - 2012-11-03 21:04 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-17 16:30 - 2010-01-31 19:59 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 16:30 - 2005-03-23 14:17 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-17 15:52 - 2011-09-24 19:20 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1704833363-758890274-2038612096-1003UA.job
2014-06-17 15:49 - 2014-06-17 15:49 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\FRST-OlderVersion
2014-06-17 15:49 - 2014-06-13 15:10 - 01072640 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-06-17 15:49 - 2011-09-24 11:46 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{C6EF6733-F01A-486F-B22E-DC9407039ED5}.job
2014-06-17 07:58 - 2005-03-23 14:18 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-06-17 07:43 - 2014-06-12 23:59 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Rovnix 6-2014
2014-06-17 07:41 - 2014-06-17 07:41 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-17 07:41 - 2014-02-11 21:40 - 00000072 _____ () C:\WINDOWS\system32\pgsz.txl
2014-06-17 07:34 - 2014-06-17 07:34 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
2014-06-16 13:32 - 2011-09-29 09:56 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-06-16 13:11 - 2005-09-04 17:05 - 00049012 _____ () C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2014-06-14 17:14 - 2006-02-12 12:53 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Taxes
2014-06-14 17:06 - 2009-10-31 01:14 - 00062976 _____ () C:\Documents and Settings\Owner\My Documents\Tutoring Clients.xlr
2014-06-13 17:47 - 2005-03-23 14:17 - 00032576 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-13 15:42 - 2014-06-13 15:42 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\tdsskiller
2014-06-13 15:41 - 2014-06-13 15:40 - 04161050 _____ () C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
2014-06-13 15:26 - 2014-06-13 15:26 - 00022798 _____ () C:\Documents and Settings\Owner\Desktop\Addition.txt
2014-06-13 15:14 - 2010-01-31 19:59 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 00:05 - 2012-11-11 20:29 - 00001047 _____ () C:\Documents and Settings\Owner\Desktop\attach.txt
2014-06-12 23:56 - 2014-06-12 23:55 - 00688992 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\dds.com
2014-06-12 22:07 - 2010-08-31 23:21 - 00000000 ____D () C:\Program Files\Talmud Master
2014-06-12 02:58 - 2005-10-01 18:42 - 00000000 ____D () C:\Bridge Base Online
2014-06-12 02:37 - 2011-10-01 21:06 - 00630438 _____ () C:\WINDOWS\setupapi.log
2014-06-12 02:11 - 2005-03-23 05:54 - 00000000 ____D () C:\WINDOWS\Help
2014-06-12 01:32 - 2013-11-01 15:59 - 00002253 _____ () C:\Documents and Settings\All Users\Desktop\GPower 3.1.lnk
2014-06-12 01:19 - 2011-09-24 22:36 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-06-11 22:39 - 2014-06-11 22:39 - 00000000 __SHD () C:\found.002
2014-06-11 22:15 - 2014-06-11 12:54 - 00016896 _____ () C:\Documents and Settings\Owner\My Documents\LHS AP Calculus Statistics Summer Assignemnts.wps
2014-06-11 20:37 - 2013-07-30 11:36 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-11 20:35 - 2014-06-11 20:34 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Ali Skinder
2014-06-11 20:23 - 2005-09-13 14:38 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-11 09:52 - 2011-09-24 19:20 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1704833363-758890274-2038612096-1003Core.job
2014-06-11 09:02 - 2014-05-21 00:42 - 00000308 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
2014-06-10 22:18 - 2007-04-07 13:42 - 00000426 _____ () C:\WINDOWS\BRWMARK.INI
2014-06-10 15:59 - 2011-09-24 19:22 - 00002284 _____ () C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
2014-06-10 00:41 - 2014-05-21 00:41 - 00000326 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
2014-06-09 14:07 - 2011-04-13 21:19 - 00002391 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2014-06-07 20:44 - 2010-06-17 01:21 - 00022528 _____ () C:\Documents and Settings\Owner\My Documents\Tutoring Income.xlr
2014-06-06 20:25 - 2013-05-02 16:34 - 00018944 _____ () C:\Documents and Settings\Owner\My Documents\USAA Gibraltar IRAs Al.xlr
2014-06-05 21:16 - 2005-09-14 15:55 - 00163840 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-29 23:49 - 2014-04-21 16:15 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Danielle Sammarone
2014-05-23 17:32 - 2005-09-25 13:55 - 00000049 _____ () C:\WINDOWS\NeroDigital.ini
2014-05-22 20:29 - 2012-12-05 22:37 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\PhyllisDeAngelis

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\temp\lowproc.exe
C:\Documents and Settings\Owner\Local Settings\temp\stubhelper.dll
C:\Documents and Settings\Owner\Local Settings\temp\VSUSetup.exe
C:\Documents and Settings\Owner\Local Settings\temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll
[2005-03-23 12:52] - [2009-02-09 08:10] - 0402432 ____A (Microsoft Corporation) 7f19cb9cfaee15d80107a795f83f9eca

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-06-2014
Ran by Owner at 2014-06-17 16:43:07
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

7-Zip 4.57 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Reader 7.0.5 Language Support (HKLM\...\{AC76BA86-7AD7-5464-3428-7050000000A7}) (Version: 7.0.5 - Adobe Systems)
Adobe Reader 7.0.9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70900000002}) (Version: 7.0.9 - Adobe Systems Incorporated)
America Online (Choose which version to remove) (HKLM\...\America Online us) (Version:  - )
AOL Coach Version 1.0(Build:20040229.1 en) (HKLM\...\AOLCoach) (Version:  - )
AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version:  - )
AOL Spyware Protection (HKLM\...\AOL Spyware Protection) (Version: 1.0.66 - AOL Spyware Protection)
AOL Toolbar (HKLM\...\AOL Toolbar) (Version:  - )
AOL You've Got Pictures Screensaver (HKLM\...\AOL YGP Screensaver) (Version:  - )
Auslogics BoostSpeed (HKLM\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: version 4.5 - Auslogics Software Pty Ltd)
Bridge Base Online (HKLM\...\Bridge_Base_Online) (Version:  - )
Brother HL-2040 (HKLM\...\{0DBC256E-7D70-4CBD-AAA9-07D3C8CC0213}) (Version: 1.00 - Brother)
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Citrix ICA Web Client (HKLM\...\Citrix ICA Web Client) (Version:  - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Digital Media Reader (HKLM\...\InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}) (Version: 1.10 - )
Digital Media Reader (Version: 1.10 - ) Hidden
G*Power 3.1.7 (HKLM\...\{80A4F598-7460-41BC-AC15-B7E4545838E4}) (Version: 3.1.7 - Franz Faul, Uni Kiel, Germany)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKCU\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Money 2005 (HKLM\...\Money2005b) (Version: 14 - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version:  - )
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Napster (HKLM\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 3.6.0.7 - Napster)
Napster Burn Engine (Version: 2.5.0000 - Roxio) Hidden
Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version:  - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
OpenMG Limited Patch 4.4-06-13-19-01 (HKLM\...\OpenMG HotFix4.4-05-12-06-01) (Version:  - )
OpenMG Secure Module 4.4.00 (HKLM\...\InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}) (Version: 4.4.00.11241 - Sony Corporation)
OpenMG Secure Module 4.4.00 (Version: 4.4.00.11241 - Sony Corporation) Hidden
OSAM: Autorun Manager (HKLM\...\{EF63577B-0CF5-4865-9B61-28B3250D6A17}) (Version: 4.0.0.7584 - Online Solutions)
PassAlong Software (HKLM\...\{AC4732F4-665D-4E6B-8E50-74D6B6FBE5A9}) (Version: 2.0.04 - Passalong Music Store)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
Pure Networks Port Magic (HKLM\...\Port Magic) (Version: 1.2.1393.0 - Pure Networks)
QuickTime (HKLM\...\QuickTime) (Version:  - )
RealDownloader (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Software Suite eMachines (HKLM\...\{15377C3E-9655-400F-B441-E69F0A6BEAFE}) (Version: 1.00.0000 - eMachines)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Siemens SpeedStream Wireless USB (HKLM\...\{5152B2CC-CF88-49C5-9A19-BDFC93BBA23B}) (Version:  - )
SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1) (Version:  - )
SonicStage 3.4 (HKLM\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 3.4 - Sony Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1128 - SUPERAntiSpyware.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB980182) (Version: 1 - Microsoft Corporation) Hidden
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2012-11-10 17:30 - 2011-11-19 21:47 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1704833363-758890274-2038612096-1003Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1704833363-758890274-2038612096-1003UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1704833363-758890274-2038612096-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1704833363-758890274-2038612096-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{C6EF6733-F01A-486F-B22E-DC9407039ED5}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS\$NtUninstallKB3499$:SummaryInformation
AlternateDataStreams: C:\WINDOWS\$NtUninstallKB62036$:SummaryInformation

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Siemens SpeedStream Wireless USB.lnk => C:\WINDOWS\pss\Siemens SpeedStream Wireless USB.lnkCommon Startup
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
MSCONFIG\startupreg: updateMgr => "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2014 03:32:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/12/2014 11:29:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/12/2014 11:14:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/12/2014 11:14:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/12/2014 10:52:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application msseces.exe, version 4.5.216.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/12/2014 10:52:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application msseces.exe, version 4.5.216.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/12/2014 10:52:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application msseces.exe, version 4.5.216.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/12/2014 03:12:08 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (06/12/2014 02:52:36 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (06/11/2014 09:43:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (06/17/2014 04:41:07 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (06/17/2014 04:40:14 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (06/17/2014 04:30:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Iaimtv1 service terminated with the following error:
%%126

Error: (06/17/2014 04:30:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BcmSqlStartupSvc service terminated with the following error:
%%126

Error: (06/17/2014 04:30:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The EmAudio service terminated with the following error:
%%126

Error: (06/17/2014 04:30:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The VAIOMediaPlatform-VideoServer-UPnP service terminated with the following error:
%%126

Error: (06/17/2014 04:30:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The RTSTOR service terminated with the following error:
%%126

Error: (06/17/2014 04:30:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Tfsnifs service terminated with the following error:
%%126

Error: (06/17/2014 04:30:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Matlabserver service terminated with the following error:
%%126

Error: (06/17/2014 04:30:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Websenseusagemonitor service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================
Error: (06/13/2014 03:32:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: taskmgr.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (06/12/2014 11:29:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/12/2014 11:14:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/12/2014 11:14:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/12/2014 10:52:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: msseces.exe4.5.216.0hungapp0.0.0.000000000

Error: (06/12/2014 10:52:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: msseces.exe4.5.216.0hungapp0.0.0.000000000

Error: (06/12/2014 10:52:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: msseces.exe4.5.216.0hungapp0.0.0.000000000

Error: (06/12/2014 03:12:08 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (06/12/2014 02:52:36 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (06/11/2014 09:43:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 1006.63 MB
Available physical RAM: 443.42 MB
Total Pagefile: 2413.01 MB
Available Pagefile: 1970.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:89.86 GB) (Free:32.96 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:3.3 GB) (Free:1.13 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 93 GB) (Disk ID: FC6BA95F)
Partition 1: (Active) - (Size=90 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=3 GB) - (Type=0B)

==================== End Of Log ============================



#10 riley45

riley45
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 18 June 2014 - 05:31 PM

Here is the log from the latest TDSSKiller scan:

 

16:45:42.0671 0x06b0  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
16:45:48.0468 0x06b0  ============================================================
16:45:48.0468 0x06b0  Current date / time: 2014/06/17 16:45:48.0468
16:45:48.0468 0x06b0  SystemInfo:
16:45:48.0468 0x06b0 
16:45:48.0468 0x06b0  OS Version: 5.1.2600 ServicePack: 3.0
16:45:48.0468 0x06b0  Product type: Workstation
16:45:48.0468 0x06b0  ComputerName: KEN
16:45:48.0468 0x06b0  UserName: Owner
16:45:48.0468 0x06b0  Windows directory: C:\WINDOWS
16:45:48.0468 0x06b0  System windows directory: C:\WINDOWS
16:45:48.0468 0x06b0  Processor architecture: Intel x86
16:45:48.0468 0x06b0  Number of processors: 1
16:45:48.0468 0x06b0  Page size: 0x1000
16:45:48.0468 0x06b0  Boot type: Normal boot
16:45:48.0468 0x06b0  ============================================================
16:45:58.0703 0x06b0  KLMD registered as C:\WINDOWS\system32\drivers\71961174.sys
16:46:04.0218 0x06b0  System UUID: {F8CC8F0A-49F4-AB2B-F9FA-AA09383FF593}
16:46:07.0828 0x06b0  Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 ( 93.16 Gb ), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:46:08.0500 0x06b0  ============================================================
16:46:08.0500 0x06b0  \Device\Harddisk0\DR0:
16:46:08.0515 0x06b0  MBR partitions:
16:46:08.0515 0x06b0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x69A6EF, BlocksNum 0xB3B6752
16:46:08.0515 0x06b0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x69A6B0
16:46:08.0515 0x06b0  ============================================================
16:46:08.0781 0x06b0  C: <-> \Device\Harddisk0\DR0\Partition1
16:46:08.0812 0x06b0  D: <-> \Device\Harddisk0\DR0\Partition2
16:46:08.0828 0x06b0  ============================================================
16:46:08.0828 0x06b0  Initialize success
16:46:08.0828 0x06b0  ============================================================
16:46:15.0375 0x0188  ============================================================
16:46:15.0375 0x0188  Scan started
16:46:15.0375 0x0188  Mode: Manual;
16:46:15.0375 0x0188  ============================================================
16:46:15.0375 0x0188  KSN ping started
16:46:18.0281 0x0188  KSN ping finished: true
16:46:37.0281 0x0188  ================ Scan system memory ========================
16:46:37.0281 0x0188  System memory - ok
16:46:37.0281 0x0188  ================ Scan services =============================
16:46:37.0468 0x0188  [ C0393EB99A6C72C6BEF9BFC4A72B33A6, 72BF029C6A37DE131FFD61C2374C8920556236218613E37B5F348AA89FA12E42 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:46:37.0500 0x0188  !SASCORE - ok
16:46:38.0218 0x0188  Abiosdsk - ok
16:46:38.0234 0x0188  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:46:38.0250 0x0188  abp480n5 - ok
16:46:38.0343 0x0188  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:46:38.0406 0x0188  ACPI - ok
16:46:38.0453 0x0188  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
16:46:38.0453 0x0188  ACPIEC - ok
16:46:38.0500 0x0188  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:46:38.0531 0x0188  adpu160m - ok
16:46:38.0609 0x0188  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
16:46:38.0656 0x0188  aec - ok
16:46:38.0750 0x0188  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
16:46:38.0796 0x0188  AFD - ok
16:46:38.0859 0x0188  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
16:46:38.0875 0x0188  agp440 - ok
16:46:38.0890 0x0188  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:46:38.0921 0x0188  agpCPQ - ok
16:46:38.0953 0x0188  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:46:38.0968 0x0188  Aha154x - ok
16:46:39.0000 0x0188  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:46:39.0015 0x0188  aic78u2 - ok
16:46:39.0046 0x0188  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:46:39.0062 0x0188  aic78xx - ok
16:46:39.0859 0x0188  [ 95AA37BEC6C72C277C2CAEAEE736DD2D, BA02A0B78963E653E219BDD5F7C24FDBC46510DCDE94EBB23A55E6FF5AA27FCD ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:46:40.0656 0x0188  ALCXWDM - ok
16:46:40.0718 0x0188  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
16:46:40.0734 0x0188  Alerter - ok
16:46:40.0765 0x0188  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
16:46:40.0781 0x0188  ALG - ok
16:46:40.0843 0x0188  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
16:46:40.0843 0x0188  AliIde - ok
16:46:40.0890 0x0188  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:46:40.0906 0x0188  alim1541 - ok
16:46:40.0921 0x0188  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:46:40.0937 0x0188  amdagp - ok
16:46:40.0968 0x0188  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
16:46:40.0968 0x0188  amsint - ok
16:46:41.0468 0x0188  [ 60A92C8C19F007679F65521D779DCB93, 0B7A5AF1AD45DF38EB68D586891726ABCB6A217A53711BB6BA519C3FD3C44932 ] AOL ACS         C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
16:46:41.0875 0x0188  AOL ACS - ok
16:46:41.0890 0x0188  AppMgmt - ok
16:46:41.0953 0x0188  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
16:46:41.0968 0x0188  asc - ok
16:46:41.0984 0x0188  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:46:41.0984 0x0188  asc3350p - ok
16:46:42.0015 0x0188  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:46:42.0015 0x0188  asc3550 - ok
16:46:42.0187 0x0188  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:46:42.0187 0x0188  aspnet_state - ok
16:46:42.0234 0x0188  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:46:42.0250 0x0188  AsyncMac - ok
16:46:42.0312 0x0188  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
16:46:42.0312 0x0188  atapi - ok
16:46:42.0328 0x0188  Atdisk - ok
16:46:42.0375 0x0188  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:46:42.0390 0x0188  Atmarpc - ok
16:46:42.0453 0x0188  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
16:46:42.0484 0x0188  AudioSrv - ok
16:46:42.0546 0x0188  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
16:46:42.0546 0x0188  audstub - ok
16:46:42.0593 0x0188  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
16:46:42.0593 0x0188  Beep - ok
16:46:42.0765 0x0188  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
16:46:42.0953 0x0188  BITS - ok
16:46:43.0015 0x0188  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
16:46:43.0046 0x0188  Browser - ok
16:46:43.0093 0x0188  [ 2FE6D5BE0629F706197B30C0AA05DE30, 528ED3AA8129FDD6C8EF698E5ECE9BB93C0249CF0200115F13B36410A353F353 ] BrPar           C:\WINDOWS\System32\drivers\BrPar.sys
16:46:43.0109 0x0188  BrPar - ok
16:46:43.0156 0x0188  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:46:43.0156 0x0188  cbidf - ok
16:46:43.0171 0x0188  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
16:46:43.0171 0x0188  cbidf2k - ok
16:46:43.0203 0x0188  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:46:43.0203 0x0188  cd20xrnt - ok
16:46:43.0218 0x0188  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
16:46:43.0234 0x0188  Cdaudio - ok
16:46:43.0296 0x0188  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
16:46:43.0312 0x0188  Cdfs - ok
16:46:43.0375 0x0188  [ 814ACB9B8A55804D9878248B3C79F862, 1A88B286C7F4472EA30DB3D911FBA89D2D63BC89C58873F2ADA6ADF95271B0ED ] Cdr4_xp         C:\WINDOWS\system32\drivers\Cdr4_xp.sys
16:46:43.0390 0x0188  Cdr4_xp - ok
16:46:43.0421 0x0188  [ BCE7213F8AA1BC9D5C08F81CB05E10A7, DAE2D78BD4304C387A56D51C0BD8D9374F34C0788C1CF99BE3E9882033930934 ] Cdralw2k        C:\WINDOWS\system32\drivers\Cdralw2k.sys
16:46:43.0437 0x0188  Cdralw2k - ok
16:46:43.0515 0x0188  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:46:43.0640 0x0188  Cdrom - ok
16:46:43.0656 0x0188  Changer - ok
16:46:43.0750 0x0188  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
16:46:43.0750 0x0188  CiSvc - ok
16:46:43.0828 0x0188  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
16:46:43.0843 0x0188  ClipSrv - ok
16:46:43.0953 0x0188  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:46:44.0093 0x0188  clr_optimization_v2.0.50727_32 - ok
16:46:44.0187 0x0188  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:46:44.0203 0x0188  CmdIde - ok
16:46:44.0203 0x0188  COMSysApp - ok
16:46:44.0234 0x0188  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:46:44.0234 0x0188  Cpqarray - ok
16:46:44.0343 0x0188  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
16:46:44.0359 0x0188  CryptSvc - ok
16:46:44.0375 0x0188  ctdvda2k - ok
16:46:44.0390 0x0188  CTEXFIFX.DLL - ok
16:46:44.0531 0x0188  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:46:44.0640 0x0188  dac2w2k - ok
16:46:44.0656 0x0188  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:46:44.0656 0x0188  dac960nt - ok
16:46:44.0875 0x0188  [ 7F19CB9CFAEE15D80107A795F83F9ECA, A8C4F10AF09073B5F3CB57539A2C5C5E603C8F9294B1369A68E6E0302F8C9A09 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
16:46:45.0046 0x0188  DcomLaunch - detected Trojan.Win32.Patched.pj ( 0 )
16:46:47.0453 0x0188  DcomLaunch ( Trojan.Win32.Patched.pj ) - infected
16:46:47.0453 0x0188  Force sending object to P2P due to detect: DcomLaunch
16:47:29.0703 0x0188  Object send P2P result: false
16:47:32.0671 0x0188  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
16:47:32.0750 0x0188  Dhcp - ok
16:47:32.0828 0x0188  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
16:47:32.0875 0x0188  Disk - ok
16:47:32.0890 0x0188  dmadmin - ok
16:47:33.0171 0x0188  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
16:47:33.0468 0x0188  dmboot - ok
16:47:33.0531 0x0188  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
16:47:33.0593 0x0188  dmio - ok
16:47:33.0625 0x0188  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
16:47:33.0625 0x0188  dmload - ok
16:47:33.0687 0x0188  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
16:47:33.0703 0x0188  dmserver - ok
16:47:33.0781 0x0188  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
16:47:33.0812 0x0188  DMusic - ok
16:47:33.0875 0x0188  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
16:47:33.0890 0x0188  Dnscache - ok
16:47:34.0000 0x0188  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
16:47:34.0046 0x0188  Dot3svc - ok
16:47:34.0078 0x0188  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:47:34.0093 0x0188  dpti2o - ok
16:47:34.0109 0x0188  driverhardwarev2 - ok
16:47:34.0156 0x0188  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
16:47:34.0156 0x0188  drmkaud - ok
16:47:34.0250 0x0188  [ 7D91DC6342248369F94D6EBA0CF42E99, 3A0B94862AF1E085F1FD9B8B96FC1F7BD6FF00342AC04D697AB65BC686F7BC2F ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:47:34.0312 0x0188  E100B - ok
16:47:34.0453 0x0188  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
16:47:34.0484 0x0188  EapHost - ok
16:47:34.0500 0x0188  EBPYWGVK - ok
16:47:34.0546 0x0188  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
16:47:34.0562 0x0188  ERSvc - ok
16:47:34.0640 0x0188  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
16:47:34.0671 0x0188  Eventlog - ok
16:47:34.0843 0x0188  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
16:47:34.0921 0x0188  EventSystem - ok
16:47:35.0031 0x0188  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
16:47:35.0078 0x0188  Fastfat - ok
16:47:35.0796 0x0188  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:47:35.0843 0x0188  FastUserSwitchingCompatibility - ok
16:47:35.0875 0x0188  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
16:47:35.0890 0x0188  Fdc - ok
16:47:35.0937 0x0188  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
16:47:35.0953 0x0188  Fips - ok
16:47:36.0000 0x0188  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:47:36.0000 0x0188  Flpydisk - ok
16:47:36.0093 0x0188  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
16:47:36.0140 0x0188  FltMgr - ok
16:47:36.0218 0x0188  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:47:36.0421 0x0188  FontCache3.0.0.0 - ok
16:47:36.0515 0x0188  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:47:36.0515 0x0188  Fs_Rec - ok
16:47:36.0609 0x0188  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:47:36.0656 0x0188  Ftdisk - ok
16:47:36.0750 0x0188  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:47:36.0796 0x0188  Gpc - ok
16:47:37.0187 0x0188  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:47:37.0328 0x0188  gupdate - ok
16:47:37.0453 0x0188  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:47:37.0453 0x0188  gupdatem - ok
16:47:37.0468 0x0188  hclinetd - ok
16:47:37.0703 0x0188  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:47:37.0718 0x0188  helpsvc - ok
16:47:37.0875 0x0188  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
16:47:37.0953 0x0188  HidServ - ok
16:47:38.0062 0x0188  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:47:38.0156 0x0188  HidUsb - ok
16:47:38.0359 0x0188  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
16:47:38.0484 0x0188  hkmsvc - ok
16:47:38.0625 0x0188  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
16:47:38.0640 0x0188  hpn - ok
16:47:38.0890 0x0188  [ 33DFC0AFA95F9A2C753FF2ADB7D4A21F, 2D9A9066E1A3FC253AC0E411BD58DA73432BF0E4768C92CB1A90A46CC06F33F4 ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
16:47:39.0031 0x0188  HSFHWBS2 - ok
16:47:39.0890 0x0188  [ B2DFC168D6F7512FAEA085253C5A37AD, 25B8FE027F8D0A383F9A475D98C0A587BF8DB26D7AC2747DDC115BC6E7D91EBA ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:47:40.0578 0x0188  HSF_DP - ok
16:47:40.0750 0x0188  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
16:47:41.0125 0x0188  HTTP - ok
16:47:41.0234 0x0188  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
16:47:41.0312 0x0188  HTTPFilter - ok
16:47:41.0343 0x0188  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
16:47:41.0390 0x0188  i2omgmt - ok
16:47:41.0500 0x0188  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:47:41.0500 0x0188  i2omp - ok
16:47:41.0625 0x0188  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:47:41.0781 0x0188  i8042prt - ok
16:47:42.0546 0x0188  [ 0ACEBB31989CBF9A5663FE4A33D28D21, A56D11A09ED162E3865E69150A71E2462C818E558E4D2DCA0F27C6C67575EA4B ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:47:43.0609 0x0188  ialm - ok
16:47:44.0421 0x0188  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:47:45.0296 0x0188  idsvc - ok
16:47:45.0421 0x0188  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
16:47:45.0468 0x0188  Imapi - ok
16:47:45.0609 0x0188  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
16:47:45.0718 0x0188  ImapiService - ok
16:47:46.0062 0x0188  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:47:46.0109 0x0188  ini910u - ok
16:47:46.0125 0x0188  int15 - ok
16:47:46.0187 0x0188  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
16:47:46.0218 0x0188  IntelIde - ok
16:47:46.0328 0x0188  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:47:46.0390 0x0188  intelppm - ok
16:47:46.0406 0x0188  iomegaaccess - ok
16:47:46.0468 0x0188  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
16:47:46.0531 0x0188  Ip6Fw - ok
16:47:46.0703 0x0188  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:47:46.0734 0x0188  IpFilterDriver - ok
16:47:46.0781 0x0188  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:47:46.0781 0x0188  IpInIp - ok
16:47:46.0937 0x0188  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:47:47.0062 0x0188  IpNat - ok
16:47:47.0109 0x0188  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:47:47.0171 0x0188  IPSec - ok
16:47:47.0281 0x0188  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
16:47:47.0343 0x0188  IRENUM - ok
16:47:47.0437 0x0188  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:47:47.0453 0x0188  isapnp - ok
16:47:48.0296 0x0188  [ 77430E8234A0050ECCC5E2F5B30A7BEF, 3D05B97C01B1B7E0700369DEB15C8B5A083309518B6FDBADE6924637DEC4ABFF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:47:48.0453 0x0188  JavaQuickStarterService - ok
16:47:48.0531 0x0188  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:47:48.0546 0x0188  Kbdclass - ok
16:47:48.0640 0x0188  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:47:48.0640 0x0188  kbdhid - ok
16:47:48.0750 0x0188  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
16:47:48.0843 0x0188  kmixer - ok
16:47:48.0968 0x0188  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
16:47:49.0031 0x0188  KSecDD - ok
16:47:49.0156 0x0188  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
16:47:49.0203 0x0188  lanmanserver - ok
16:47:49.0359 0x0188  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:47:49.0453 0x0188  lanmanworkstation - ok
16:47:49.0468 0x0188  lbrtfdc - ok
16:47:49.0484 0x0188  leqpktih - ok
16:47:50.0078 0x0188  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
16:47:50.0078 0x0188  LmHosts - ok
16:47:50.0093 0x0188  lmouflt2 - ok
16:47:50.0109 0x0188  mclserviceatl - ok
16:47:50.0125 0x0188  mctskshd.exe - ok
16:47:50.0218 0x0188  [ 3C318B9CD391371BED62126581EE9961, 1254273DE950EF8D5922F26D67B55C9D9082F45CDE168E3DAB20A2E53208DC3A ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:47:50.0218 0x0188  mdmxsdk - ok
16:47:50.0328 0x0188  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
16:47:50.0359 0x0188  Messenger - ok
16:47:51.0187 0x0188  MFE_RR - ok
16:47:51.0203 0x0188  MKEMUSB - ok
16:47:51.0281 0x0188  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
16:47:51.0281 0x0188  mnmdd - ok
16:47:51.0390 0x0188  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
16:47:51.0406 0x0188  mnmsrvc - ok
16:47:51.0500 0x0188  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
16:47:51.0515 0x0188  Modem - ok
16:47:51.0578 0x0188  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:47:51.0578 0x0188  Mouclass - ok
16:47:51.0671 0x0188  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:47:51.0671 0x0188  mouhid - ok
16:47:51.0765 0x0188  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
16:47:51.0781 0x0188  MountMgr - ok
16:47:51.0953 0x0188  [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:47:52.0031 0x0188  MpFilter - ok
16:47:52.0093 0x0188  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:47:52.0093 0x0188  mraid35x - ok
16:47:52.0218 0x0188  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:47:52.0296 0x0188  MRxDAV - ok
16:47:52.0515 0x0188  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:47:52.0718 0x0188  MRxSmb - ok
16:47:52.0906 0x0188  [ B490BD0678CB6A4890A86020ED106C75, 7EB16824974F197A7181DDFEC1BD86A220FB6D2AD0217E2D1D1A6101931CCB5C ] MSCSPTISRV      C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
16:47:53.0000 0x0188  MSCSPTISRV - ok
16:47:53.0093 0x0188  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
16:47:53.0093 0x0188  MSDTC - ok
16:47:53.0156 0x0188  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
16:47:53.0156 0x0188  Msfs - ok
16:47:53.0171 0x0188  MSIServer - ok
16:47:53.0250 0x0188  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:47:53.0250 0x0188  MSKSSRV - ok
16:47:53.0406 0x0188  [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:47:53.0421 0x0188  MsMpSvc - ok
16:47:53.0515 0x0188  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:47:53.0531 0x0188  MSPCLOCK - ok
16:47:53.0593 0x0188  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
16:47:53.0625 0x0188  MSPQM - ok
16:47:53.0687 0x0188  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:47:53.0703 0x0188  mssmbios - ok
16:47:53.0812 0x0188  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
16:47:53.0859 0x0188  Mup - ok
16:47:53.0953 0x0188  [ E1CDF20697D992CF83FF86DD04DF1285, F11EFA7B96672225BFB4302CD2272AD0D189973CBC24E9DA71FC3C7DAA78D4EA ] mxnic           C:\WINDOWS\system32\DRIVERS\mxnic.sys
16:47:53.0968 0x0188  mxnic - ok
16:47:54.0140 0x0188  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
16:47:54.0265 0x0188  napagent - ok
16:47:54.0421 0x0188  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
16:47:54.0484 0x0188  NDIS - ok
16:47:54.0578 0x0188  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:47:54.0578 0x0188  NdisTapi - ok
16:47:54.0656 0x0188  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:47:54.0671 0x0188  Ndisuio - ok
16:47:54.0781 0x0188  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:47:54.0812 0x0188  NdisWan - ok
16:47:54.0906 0x0188  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
16:47:54.0921 0x0188  NDProxy - ok
16:47:55.0015 0x0188  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
16:47:55.0218 0x0188  NetBIOS - ok
16:47:55.0484 0x0188  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
16:47:55.0546 0x0188  NetBT - ok
16:47:55.0656 0x0188  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
16:47:55.0703 0x0188  NetDDE - ok
16:47:55.0750 0x0188  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
16:47:55.0750 0x0188  NetDDEdsdm - ok
16:47:55.0828 0x0188  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
16:47:55.0843 0x0188  Netlogon - ok
16:47:55.0984 0x0188  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
16:47:56.0046 0x0188  Netman - ok
16:47:56.0281 0x0188  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:47:56.0484 0x0188  NetTcpPortSharing - ok
16:47:56.0640 0x0188  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
16:47:56.0718 0x0188  Nla - ok
16:47:56.0734 0x0188  nnsvc - ok
16:47:56.0828 0x0188  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
16:47:56.0859 0x0188  Npfs - ok
16:47:57.0109 0x0188  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
16:47:57.0359 0x0188  Ntfs - ok
16:47:57.0421 0x0188  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
16:47:57.0421 0x0188  NtLmSsp - ok
16:47:57.0640 0x0188  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
16:47:57.0875 0x0188  NtmsSvc - ok
16:47:57.0984 0x0188  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
16:47:58.0000 0x0188  Null - ok
16:47:58.0015 0x0188  nuvvid2 - ok
16:47:58.0812 0x0188  [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:47:59.0640 0x0188  nv - ok
16:47:59.0718 0x0188  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:47:59.0718 0x0188  NwlnkFlt - ok
16:47:59.0750 0x0188  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:47:59.0781 0x0188  NwlnkFwd - ok
16:47:59.0781 0x0188  olregcap - ok
16:48:00.0000 0x0188  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:48:00.0031 0x0188  ose - ok
16:48:00.0140 0x0188  [ C90018BAFDC7098619A4A95B046B30F3, 1826E46F237AD65BA189B83803A46A6C2B29089C1BA146106ADD9F2B04D4A89D ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
16:48:00.0171 0x0188  P3 - ok
16:48:00.0296 0x0188  [ DCACC2FC7DC0A3D7A60BEB81FA233822, 98866D1B93A5EAF2A7B008EACDB56A7CD3E06830F53A86330D5A0319AF8FF938 ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
16:48:00.0343 0x0188  PACSPTISVR - ok
16:48:00.0453 0x0188  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
16:48:00.0484 0x0188  Parport - ok
16:48:00.0546 0x0188  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
16:48:00.0562 0x0188  PartMgr - ok
16:48:00.0656 0x0188  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
16:48:00.0656 0x0188  ParVdm - ok
16:48:00.0765 0x0188  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
16:48:00.0796 0x0188  PCI - ok
16:48:00.0796 0x0188  PCIDump - ok
16:48:00.0859 0x0188  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
16:48:00.0890 0x0188  PCIIde - ok
16:48:00.0984 0x0188  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
16:48:01.0062 0x0188  Pcmcia - ok
16:48:01.0078 0x0188  PDCOMP - ok
16:48:01.0093 0x0188  PDFRAME - ok
16:48:01.0093 0x0188  PDRELI - ok
16:48:01.0109 0x0188  PDRFRAME - ok
16:48:01.0218 0x0188  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
16:48:01.0218 0x0188  perc2 - ok
16:48:01.0234 0x0188  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:48:01.0234 0x0188  perc2hib - ok
16:48:01.0343 0x0188  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
16:48:01.0343 0x0188  PlugPlay - ok
16:48:01.0375 0x0188  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
16:48:01.0375 0x0188  PolicyAgent - ok
16:48:01.0484 0x0188  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:48:01.0500 0x0188  PptpMiniport - ok
16:48:01.0734 0x0188  [ BDDCAF3DDD6C54229E8703E6382CA761, 7F5A839D822F409F6F7257869384956FBA6FC9D2CA87FE90477B60BDF2F74D5A ] PrismXL         C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
16:48:01.0984 0x0188  PrismXL - ok
16:48:02.0031 0x0188  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:48:02.0031 0x0188  ProtectedStorage - ok
16:48:02.0171 0x0188  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
16:48:02.0234 0x0188  PSched - ok
16:48:02.0328 0x0188  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:48:02.0359 0x0188  Ptilink - ok
16:48:02.0437 0x0188  [ 86724469CD077901706854974CD13C3E, 23C6B45928E43AC2893033DFC4265C2C87B3D185CB20553B9EAB818A46FB8C18 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:48:02.0453 0x0188  PxHelp20 - ok
16:48:02.0468 0x0188  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:48:02.0484 0x0188  ql1080 - ok
16:48:02.0531 0x0188  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:48:02.0546 0x0188  Ql10wnt - ok
16:48:02.0578 0x0188  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:48:02.0593 0x0188  ql12160 - ok
16:48:02.0609 0x0188  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:48:02.0625 0x0188  ql1240 - ok
16:48:02.0656 0x0188  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:48:02.0671 0x0188  ql1280 - ok
16:48:02.0718 0x0188  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:48:02.0734 0x0188  RasAcd - ok
16:48:02.0843 0x0188  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
16:48:02.0921 0x0188  RasAuto - ok
16:48:03.0000 0x0188  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:48:03.0015 0x0188  Rasl2tp - ok
16:48:03.0140 0x0188  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
16:48:03.0203 0x0188  RasMan - ok
16:48:03.0265 0x0188  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:48:03.0281 0x0188  RasPppoe - ok
16:48:03.0390 0x0188  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
16:48:03.0437 0x0188  Raspti - ok
16:48:03.0765 0x0188  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:48:03.0937 0x0188  Rdbss - ok
16:48:03.0953 0x0188  RDID1007 - ok
16:48:04.0000 0x0188  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:48:04.0046 0x0188  RDPCDD - ok
16:48:04.0234 0x0188  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:48:04.0312 0x0188  rdpdr - ok
16:48:04.0531 0x0188  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
16:48:04.0578 0x0188  RDPWD - ok
16:48:04.0750 0x0188  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
16:48:04.0828 0x0188  RDSessMgr - ok
16:48:05.0046 0x0188  [ 89525CC2DBAD44F7199B9CC188B3F9C5, 09708EFA65BC1CCF92E6F2E143FCF88C645B1633AFE0DED833CDF945CB077D8C ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
16:48:05.0078 0x0188  RealNetworks Downloader Resolver Service - ok
16:48:05.0156 0x0188  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
16:48:05.0187 0x0188  redbook - ok
16:48:05.0328 0x0188  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
16:48:05.0375 0x0188  RemoteAccess - ok
16:48:05.0484 0x0188  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
16:48:05.0515 0x0188  RpcLocator - ok
16:48:05.0703 0x0188  [ 7F19CB9CFAEE15D80107A795F83F9ECA, A8C4F10AF09073B5F3CB57539A2C5C5E603C8F9294B1369A68E6E0302F8C9A09 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
16:48:05.0984 0x0188  RpcSs - detected Trojan.Win32.Patched.pj ( 0 )
16:48:05.0984 0x0188  RpcSs ( Trojan.Win32.Patched.pj ) - infected
16:48:05.0984 0x0188  Force sending object to P2P due to detect: RpcSs
16:48:08.0796 0x0188  Object send P2P result: true
16:48:11.0296 0x0188  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
16:48:11.0343 0x0188  RSVP - ok
16:48:11.0359 0x0188  s116bus - ok
16:48:11.0390 0x0188  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
16:48:11.0406 0x0188  SamSs - ok
16:48:11.0453 0x0188  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:48:11.0484 0x0188  SASDIFSV - ok
16:48:11.0546 0x0188  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:48:11.0578 0x0188  SASKUTIL - ok
16:48:11.0671 0x0188  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
16:48:11.0703 0x0188  SCardSvr - ok
16:48:11.0812 0x0188  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
16:48:11.0875 0x0188  Schedule - ok
16:48:11.0890 0x0188  SeaPort - ok
16:48:11.0953 0x0188  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:48:11.0953 0x0188  Secdrv - ok
16:48:12.0000 0x0188  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
16:48:12.0015 0x0188  seclogon - ok
16:48:12.0062 0x0188  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
16:48:12.0078 0x0188  SENS - ok
16:48:12.0125 0x0188  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
16:48:12.0140 0x0188  Serenum - ok
16:48:12.0171 0x0188  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
16:48:12.0203 0x0188  Serial - ok
16:48:12.0250 0x0188  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
16:48:12.0265 0x0188  Sfloppy - ok
16:48:12.0265 0x0188  sfsync04 - ok
16:48:12.0421 0x0188  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
16:48:12.0546 0x0188  SharedAccess - ok
16:48:12.0609 0x0188  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:48:12.0609 0x0188  ShellHWDetection - ok
16:48:12.0625 0x0188  Simbad - ok
16:48:12.0671 0x0188  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:48:12.0687 0x0188  sisagp - ok
16:48:12.0734 0x0188  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:48:12.0734 0x0188  Sparrow - ok
16:48:12.0781 0x0188  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
16:48:12.0781 0x0188  splitter - ok
16:48:12.0843 0x0188  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
16:48:12.0875 0x0188  Spooler - ok
16:48:12.0890 0x0188  sprtsvc_dellsupportcenter - ok
16:48:12.0968 0x0188  [ 1B7447278005E38E464B34A7E841D628, CBEF504A8F499753E45FFC34DB25BB7AFCF3F5447A834289626BCFBB2AE4978F ] SPTISRV         C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
16:48:12.0984 0x0188  SPTISRV - ok
16:48:13.0062 0x0188  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
16:48:13.0093 0x0188  sr - ok
16:48:13.0187 0x0188  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
16:48:13.0250 0x0188  srservice - ok
16:48:13.0421 0x0188  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
16:48:13.0578 0x0188  Srv - ok
16:48:13.0812 0x0188  [ D795709932C74E00B804D99CF9A3AFD6, FC84B1D67878D5F7B86E47FDC94C690D321B963EA0D0BCDC2C6D195AC76C3E20 ] SS1022          C:\WINDOWS\system32\DRIVERS\SSUSBN51.sys
16:48:14.0343 0x0188  SS1022 - ok
16:48:14.0453 0x0188  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
16:48:14.0484 0x0188  SSDPSRV - ok
16:48:14.0593 0x0188  [ F05B8D10BD6AD4CBB561E29D5BE2C674, 765F26FC5890A587B0B309A45867CA4F4BB2A2C4A36C33F033B532481E293B33 ] SSScsiSV        C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
16:48:14.0625 0x0188  SSScsiSV - ok
16:48:14.0828 0x0188  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
16:48:14.0937 0x0188  stisvc - ok
16:48:15.0062 0x0188  [ 86CA1A5C15A5A98D5533945FB1120B05, FFAA8F42D88A69B6893343A61DE5F34AAA04400BF9EAC7A2A6469D001FD9C0DC ] SunkFilt        C:\WINDOWS\System32\Drivers\sunkfilt.sys
16:48:15.0078 0x0188  SunkFilt - ok
16:48:15.0156 0x0188  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
16:48:15.0171 0x0188  swenum - ok
16:48:15.0250 0x0188  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
16:48:15.0281 0x0188  swmidi - ok
16:48:15.0296 0x0188  SwPrv - ok
16:48:15.0406 0x0188  [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
16:48:15.0421 0x0188  symc810 - ok
16:48:15.0437 0x0188  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:48:15.0453 0x0188  symc8xx - ok
16:48:15.0484 0x0188  [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:48:15.0484 0x0188  sym_hi - ok
16:48:15.0515 0x0188  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:48:15.0546 0x0188  sym_u3 - ok
16:48:15.0609 0x0188  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
16:48:15.0625 0x0188  sysaudio - ok
16:48:15.0640 0x0188  sysdown - ok
16:48:15.0750 0x0188  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
16:48:15.0781 0x0188  SysmonLog - ok
16:48:15.0953 0x0188  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
16:48:16.0078 0x0188  TapiSrv - ok
16:48:16.0265 0x0188  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:48:16.0453 0x0188  Tcpip - ok
16:48:16.0531 0x0188  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
16:48:16.0546 0x0188  TDPIPE - ok
16:48:16.0609 0x0188  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
16:48:16.0640 0x0188  TDTCP - ok
16:48:16.0703 0x0188  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
16:48:16.0718 0x0188  TermDD - ok
16:48:16.0890 0x0188  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
16:48:17.0015 0x0188  TermService - ok
16:48:17.0109 0x0188  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
16:48:17.0109 0x0188  Themes - ok
16:48:17.0218 0x0188  [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
16:48:17.0218 0x0188  TosIde - ok
16:48:17.0328 0x0188  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
16:48:17.0359 0x0188  TrkWks - ok
16:48:17.0375 0x0188  tsmservice - ok
16:48:17.0484 0x0188  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
16:48:17.0515 0x0188  Udfs - ok
16:48:17.0625 0x0188  [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
16:48:17.0640 0x0188  ultra - ok
16:48:17.0843 0x0188  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
16:48:18.0031 0x0188  Update - ok
16:48:18.0187 0x0188  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
16:48:18.0265 0x0188  upnphost - ok
16:48:18.0328 0x0188  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
16:48:18.0328 0x0188  UPS - ok
16:48:18.0421 0x0188  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:48:18.0437 0x0188  usbccgp - ok
16:48:18.0531 0x0188  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:48:18.0546 0x0188  usbehci - ok
16:48:18.0656 0x0188  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:48:18.0671 0x0188  usbhub - ok
16:48:18.0734 0x0188  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:48:18.0750 0x0188  usbprint - ok
16:48:18.0828 0x0188  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:48:18.0843 0x0188  usbscan - ok
16:48:18.0921 0x0188  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:48:18.0937 0x0188  USBSTOR - ok
16:48:19.0015 0x0188  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:48:19.0031 0x0188  usbuhci - ok
16:48:19.0109 0x0188  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
16:48:19.0125 0x0188  VgaSave - ok
16:48:19.0218 0x0188  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:48:19.0250 0x0188  viaagp - ok
16:48:19.0265 0x0188  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
16:48:19.0281 0x0188  ViaIde - ok
16:48:19.0343 0x0188  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
16:48:19.0359 0x0188  VolSnap - ok
16:48:19.0515 0x0188  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
16:48:19.0656 0x0188  VSS - ok
16:48:19.0796 0x0188  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
16:48:19.0859 0x0188  W32Time - ok
16:48:19.0937 0x0188  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:48:19.0968 0x0188  Wanarp - ok
16:48:20.0093 0x0188  [ 0A716C08CB13C3A8F4F51E882DBF7416, 66FFDC9151CB3676B5DF073431DE055E7F2CDA5722F7EAAC6EC45F2CF9910882 ] wanatw          C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:48:20.0109 0x0188  wanatw - ok
16:48:20.0125 0x0188  WDICA - ok
16:48:20.0203 0x0188  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
16:48:20.0234 0x0188  wdmaud - ok
16:48:20.0328 0x0188  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
16:48:20.0359 0x0188  WebClient - ok
16:48:20.0671 0x0188  [ 2DC7C0B6175A0A8ED84A4F70199C93B5, 2EF9A3A555938D4F6FE8167D2E04C996623CFF587FDEBD3AD41A96045CC8646E ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:48:21.0000 0x0188  winachsf - ok
16:48:21.0281 0x0188  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
16:48:21.0375 0x0188  winmgmt - ok
16:48:21.0468 0x0188  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
16:48:21.0484 0x0188  WmdmPmSN - ok
16:48:21.0625 0x0188  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:48:21.0671 0x0188  WmiApSrv - ok
16:48:22.0218 0x0188  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
16:48:22.0593 0x0188  WMPNetworkSvc - ok
16:48:22.0671 0x0188  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
16:48:22.0687 0x0188  WpdUsb - ok
16:48:22.0796 0x0188  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:48:22.0812 0x0188  WS2IFSL - ok
16:48:22.0921 0x0188  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
16:48:22.0968 0x0188  wscsvc - ok
16:48:23.0031 0x0188  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
16:48:23.0031 0x0188  wuauserv - ok
16:48:23.0140 0x0188  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:48:23.0171 0x0188  WudfPf - ok
16:48:23.0250 0x0188  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
16:48:23.0265 0x0188  WudfSvc - ok
16:48:23.0531 0x0188  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
16:48:23.0734 0x0188  WZCSVC - ok
16:48:23.0828 0x0188  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
16:48:23.0875 0x0188  xmlprov - ok
16:48:23.0890 0x0188  ================ Scan global ===============================
16:48:23.0984 0x0188  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
16:48:24.0218 0x0188  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
16:48:24.0421 0x0188  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
16:48:24.0515 0x0188  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
16:48:24.0515 0x0188  [ Global ] - ok
16:48:24.0515 0x0188  ================ Scan MBR ==================================
16:48:24.0562 0x0188  [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk0\DR0
16:48:26.0750 0x0188  \Device\Harddisk0\DR0 - ok
16:48:26.0750 0x0188  ================ Scan VBR ==================================
16:48:26.0796 0x0188  [ 6C0A6A8E1A06F04AFB246ED24371E3E1 ] \Device\Harddisk0\DR0\Partition1
16:48:26.0859 0x0188  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
16:48:26.0859 0x0188  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
16:48:29.0421 0x0188  [ 8D6C2BB44A4BE012F2B4DACFEB0EC120 ] \Device\Harddisk0\DR0\Partition2
16:48:29.0421 0x0188  \Device\Harddisk0\DR0\Partition2 - ok
16:48:29.0421 0x0188  ================ Scan generic autorun ======================
16:48:29.0656 0x0188  [ D3CC7A3813123E955B3A497C04B404E2, 3D4D7BFBD6801155908EF0CB916B45ADEF41A63B39E30CCD9B62F360AC5FF20A ] C:\WINDOWS\SMINST\RECGUARD.EXE
16:48:29.0765 0x0188  Recguard - ok
16:48:30.0031 0x0188  [ C341CCFBE98BC7DF6E0B856BB9FC265A, 7EA0A5407591EC8D97A9658DBEB7CB57550E143C526C3502E73F12FEF46F778C ] C:\Program Files\QuickTime\qttask.exe
16:48:30.0109 0x0188  QuickTime Task - ok
16:48:30.0375 0x0188  [ 7F2691FD961C9A704DA221745CCE6295, E33F879D1F5E50DD5FC37754B717EA3EA269CC6809F00C5C5DA189545110BF8C ] C:\program files\real\realplayer\update\realsched.exe
16:48:30.0468 0x0188  TkBellExe - ok
16:48:30.0734 0x0188  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
16:48:30.0906 0x0188  SunJavaUpdateSched - ok
16:48:31.0328 0x0188  [ 882B5B999A71F56D5DF294D93AE1E7D1, 690B93C4A3E476595808EBDBE5CF620FC4A86D41FCD66023DE0DA7972F8941E4 ] c:\Program Files\Microsoft Security Client\msseces.exe
16:48:31.0703 0x0188  MSC - ok
16:48:32.0000 0x0188  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
16:48:32.0093 0x0188  Google Update - ok
16:48:32.0812 0x0188  [ 3E930C641079443D4DE036167A69CAA2, DEBA83978850F17B33A3C4C06C5E707B9A3FACA30FE0DFC5A9425EF2CA592473 ] C:\Program Files\Messenger\msmsgs.exe
16:48:33.0515 0x0188  MSMSGS - ok
16:48:33.0531 0x0188  Waiting for KSN requests completion. In queue: 7
16:48:34.0531 0x0188  Waiting for KSN requests completion. In queue: 7
16:48:35.0531 0x0188  Waiting for KSN requests completion. In queue: 7
16:48:37.0546 0x0188  AV detected via SS1: Microsoft Security Essentials, 4.5.0216.0, disabled, updated
16:48:37.0562 0x0188  Win FW state via NFM: enabled
16:48:40.0078 0x0188  ============================================================
16:48:40.0078 0x0188  Scan finished
16:48:40.0078 0x0188  ============================================================
16:48:40.0125 0x07a8  Detected object count: 3
16:48:40.0125 0x07a8  Actual detected object count: 3
16:49:58.0859 0x07a8  C:\WINDOWS\system32\rpcss.dll - copied to quarantine
16:50:12.0046 0x07a8  DcomLaunch ( Trojan.Win32.Patched.pj ) - User select action: Quarantine
16:50:12.0906 0x07a8  C:\WINDOWS\System32\rpcss.dll - copied to quarantine
16:50:13.0078 0x07a8  RpcSs ( Trojan.Win32.Patched.pj ) - User select action: Quarantine
16:50:13.0156 0x07a8  \Device\Harddisk0\DR0\Partition1 - copied to quarantine
16:50:21.0328 0x07a8  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Quarantine
16:56:12.0906 0x0b38  ============================================================
16:56:12.0906 0x0b38  Scan started
16:56:12.0906 0x0b38  Mode: Manual;
16:56:12.0906 0x0b38  ============================================================
16:56:12.0906 0x0b38  KSN ping started
16:56:15.0859 0x0b38  KSN ping finished: true
16:56:17.0421 0x0b38  ================ Scan system memory ========================
16:56:17.0421 0x0b38  System memory - ok
16:56:17.0421 0x0b38  ================ Scan services =============================
16:56:17.0703 0x0b38  [ C0393EB99A6C72C6BEF9BFC4A72B33A6, 72BF029C6A37DE131FFD61C2374C8920556236218613E37B5F348AA89FA12E42 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:56:17.0968 0x0b38  !SASCORE - ok
16:56:22.0250 0x0b38  Abiosdsk - ok
16:56:22.0718 0x0b38  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:56:22.0734 0x0b38  abp480n5 - ok
16:56:23.0031 0x0b38  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:56:23.0140 0x0b38  ACPI - ok
16:56:23.0203 0x0b38  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
16:56:23.0218 0x0b38  ACPIEC - ok
16:56:23.0343 0x0b38  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:56:23.0437 0x0b38  adpu160m - ok
16:56:23.0656 0x0b38  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
16:56:23.0703 0x0b38  aec - ok
16:56:23.0828 0x0b38  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
16:56:23.0875 0x0b38  AFD - ok
16:56:24.0093 0x0b38  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
16:56:24.0125 0x0b38  agp440 - ok
16:56:24.0281 0x0b38  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:56:24.0312 0x0b38  agpCPQ - ok
16:56:24.0421 0x0b38  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:56:24.0437 0x0b38  Aha154x - ok
16:56:24.0578 0x0b38  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:56:24.0609 0x0b38  aic78u2 - ok
16:56:24.0906 0x0b38  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:56:24.0937 0x0b38  aic78xx - ok
16:56:28.0296 0x0b38  [ 95AA37BEC6C72C277C2CAEAEE736DD2D, BA02A0B78963E653E219BDD5F7C24FDBC46510DCDE94EBB23A55E6FF5AA27FCD ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:56:29.0734 0x0b38  ALCXWDM - ok
16:56:29.0843 0x0b38  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
16:56:29.0890 0x0b38  Alerter - ok
16:56:29.0921 0x0b38  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
16:56:29.0953 0x0b38  ALG - ok
16:56:30.0031 0x0b38  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
16:56:30.0078 0x0b38  AliIde - ok
16:56:30.0187 0x0b38  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:56:30.0218 0x0b38  alim1541 - ok
16:56:30.0531 0x0b38  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:56:30.0562 0x0b38  amdagp - ok
16:56:30.0593 0x0b38  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
16:56:30.0625 0x0b38  amsint - ok
16:56:33.0968 0x0b38  [ 60A92C8C19F007679F65521D779DCB93, 0B7A5AF1AD45DF38EB68D586891726ABCB6A217A53711BB6BA519C3FD3C44932 ] AOL ACS         C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
16:56:34.0765 0x0b38  AOL ACS - ok
16:56:34.0812 0x0b38  AppMgmt - ok
16:56:34.0906 0x0b38  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
16:56:34.0921 0x0b38  asc - ok
16:56:34.0953 0x0b38  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:56:34.0968 0x0b38  asc3350p - ok
16:56:35.0031 0x0b38  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:56:35.0046 0x0b38  asc3550 - ok
16:56:35.0734 0x0b38  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:56:35.0781 0x0b38  aspnet_state - ok
16:56:35.0843 0x0b38  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:56:35.0875 0x0b38  AsyncMac - ok
16:56:36.0171 0x0b38  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
16:56:36.0218 0x0b38  atapi - ok
16:56:36.0234 0x0b38  Atdisk - ok
16:56:36.0265 0x0b38  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:56:36.0312 0x0b38  Atmarpc - ok
16:56:36.0406 0x0b38  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
16:56:36.0421 0x0b38  AudioSrv - ok
16:56:36.0500 0x0b38  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
16:56:36.0515 0x0b38  audstub - ok
16:56:36.0593 0x0b38  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
16:56:36.0609 0x0b38  Beep - ok
16:56:36.0812 0x0b38  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
16:56:37.0015 0x0b38  BITS - ok
16:56:37.0203 0x0b38  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
16:56:37.0328 0x0b38  Browser - ok
16:56:37.0734 0x0b38  [ 2FE6D5BE0629F706197B30C0AA05DE30, 528ED3AA8129FDD6C8EF698E5ECE9BB93C0249CF0200115F13B36410A353F353 ] BrPar           C:\WINDOWS\System32\drivers\BrPar.sys
16:56:38.0000 0x0b38  BrPar - ok
16:56:38.0093 0x0b38  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:56:38.0125 0x0b38  cbidf - ok
16:56:38.0156 0x0b38  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
16:56:38.0156 0x0b38  cbidf2k - ok
16:56:38.0250 0x0b38  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:56:38.0281 0x0b38  cd20xrnt - ok
16:56:38.0531 0x0b38  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
16:56:38.0546 0x0b38  Cdaudio - ok
16:56:38.0640 0x0b38  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
16:56:38.0812 0x0b38  Cdfs - ok
16:56:39.0031 0x0b38  [ 814ACB9B8A55804D9878248B3C79F862, 1A88B286C7F4472EA30DB3D911FBA89D2D63BC89C58873F2ADA6ADF95271B0ED ] Cdr4_xp         C:\WINDOWS\system32\drivers\Cdr4_xp.sys
16:56:39.0515 0x0b38  Cdr4_xp - ok
16:56:39.0781 0x0b38  [ BCE7213F8AA1BC9D5C08F81CB05E10A7, DAE2D78BD4304C387A56D51C0BD8D9374F34C0788C1CF99BE3E9882033930934 ] Cdralw2k        C:\WINDOWS\system32\drivers\Cdralw2k.sys
16:56:39.0828 0x0b38  Cdralw2k - ok
16:56:39.0968 0x0b38  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:56:40.0000 0x0b38  Cdrom - ok
16:56:40.0015 0x0b38  Changer - ok
16:56:40.0750 0x0b38  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
16:56:41.0546 0x0b38  CiSvc - ok
16:56:41.0765 0x0b38  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
16:56:41.0828 0x0b38  ClipSrv - ok
16:56:41.0906 0x0b38  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:56:42.0140 0x0b38  clr_optimization_v2.0.50727_32 - ok
16:56:42.0359 0x0b38  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:56:42.0375 0x0b38  CmdIde - ok
16:56:42.0390 0x0b38  COMSysApp - ok
16:56:42.0437 0x0b38  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:56:42.0484 0x0b38  Cpqarray - ok
16:56:42.0718 0x0b38  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
16:56:42.0765 0x0b38  CryptSvc - ok
16:56:42.0765 0x0b38  ctdvda2k - ok
16:56:42.0781 0x0b38  CTEXFIFX.DLL - ok
16:56:42.0921 0x0b38  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:56:43.0328 0x0b38  dac2w2k - ok
16:56:43.0718 0x0b38  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:56:43.0734 0x0b38  dac960nt - ok
16:56:44.0171 0x0b38  [ 7F19CB9CFAEE15D80107A795F83F9ECA, A8C4F10AF09073B5F3CB57539A2C5C5E603C8F9294B1369A68E6E0302F8C9A09 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
16:56:44.0203 0x0b38  DcomLaunch - detected Trojan.Win32.Patched.pj ( 0 )
16:56:44.0203 0x0b38  DcomLaunch ( Trojan.Win32.Patched.pj ) - infected
16:56:44.0203 0x0b38  Force sending object to P2P due to detect: DcomLaunch
16:56:47.0000 0x0b38  Object send P2P result: true
16:56:49.0812 0x0b38  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
16:56:49.0828 0x0b38  Dhcp - ok
16:56:49.0875 0x0b38  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
16:56:49.0906 0x0b38  Disk - ok
16:56:49.0906 0x0b38  dmadmin - ok
16:56:50.0218 0x0b38  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
16:56:51.0437 0x0b38  dmboot - ok
16:56:51.0609 0x0b38  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
16:56:51.0734 0x0b38  dmio - ok
16:56:51.0828 0x0b38  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
16:56:51.0843 0x0b38  dmload - ok
16:56:52.0328 0x0b38  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
16:56:52.0375 0x0b38  dmserver - ok
16:56:52.0812 0x0b38  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
16:56:53.0171 0x0b38  DMusic - ok
16:56:54.0218 0x0b38  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
16:56:54.0218 0x0b38  Dnscache - ok
16:56:54.0593 0x0b38  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
16:56:54.0734 0x0b38  Dot3svc - ok
16:56:54.0781 0x0b38  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:56:54.0796 0x0b38  dpti2o - ok
16:56:54.0921 0x0b38  driverhardwarev2 - ok
16:56:54.0968 0x0b38  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
16:56:55.0015 0x0b38  drmkaud - ok
16:56:55.0234 0x0b38  [ 7D91DC6342248369F94D6EBA0CF42E99, 3A0B94862AF1E085F1FD9B8B96FC1F7BD6FF00342AC04D697AB65BC686F7BC2F ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:56:55.0328 0x0b38  E100B - ok
16:56:55.0531 0x0b38  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
16:56:55.0578 0x0b38  EapHost - ok
16:56:55.0578 0x0b38  EBPYWGVK - ok
16:56:55.0750 0x0b38  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
16:56:55.0781 0x0b38  ERSvc - ok
16:56:55.0859 0x0b38  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
16:56:55.0890 0x0b38  Eventlog - ok
16:56:56.0171 0x0b38  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
16:56:56.0265 0x0b38  EventSystem - ok
16:56:56.0671 0x0b38  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
16:56:56.0796 0x0b38  Fastfat - ok
16:56:57.0843 0x0b38  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:56:57.0984 0x0b38  FastUserSwitchingCompatibility - ok
16:56:58.0031 0x0b38  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
16:56:58.0062 0x0b38  Fdc - ok
16:56:58.0093 0x0b38  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
16:56:58.0359 0x0b38  Fips - ok
16:56:58.0734 0x0b38  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:56:58.0984 0x0b38  Flpydisk - ok
16:56:59.0109 0x0b38  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
16:56:59.0234 0x0b38  FltMgr - ok
16:57:00.0390 0x0b38  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:57:00.0468 0x0b38  FontCache3.0.0.0 - ok
16:57:01.0062 0x0b38  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:57:01.0406 0x0b38  Fs_Rec - ok
16:57:01.0515 0x0b38  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:57:01.0593 0x0b38  Ftdisk - ok
16:57:01.0656 0x0b38  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:57:01.0765 0x0b38  Gpc - ok
16:57:02.0500 0x0b38  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:57:02.0718 0x0b38  gupdate - ok
16:57:03.0031 0x0b38  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:57:03.0031 0x0b38  gupdatem - ok
16:57:03.0046 0x0b38  hclinetd - ok
16:57:03.0656 0x0b38  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:57:03.0890 0x0b38  helpsvc - ok
16:57:03.0953 0x0b38  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
16:57:03.0984 0x0b38  HidServ - ok
16:57:04.0109 0x0b38  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:57:04.0140 0x0b38  HidUsb - ok
16:57:04.0234 0x0b38  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
16:57:04.0265 0x0b38  hkmsvc - ok
16:57:04.0343 0x0b38  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
16:57:04.0375 0x0b38  hpn - ok
16:57:04.0765 0x0b38  [ 33DFC0AFA95F9A2C753FF2ADB7D4A21F, 2D9A9066E1A3FC253AC0E411BD58DA73432BF0E4768C92CB1A90A46CC06F33F4 ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
16:57:05.0109 0x0b38  HSFHWBS2 - ok
16:57:06.0093 0x0b38  [ B2DFC168D6F7512FAEA085253C5A37AD, 25B8FE027F8D0A383F9A475D98C0A587BF8DB26D7AC2747DDC115BC6E7D91EBA ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:57:06.0921 0x0b38  HSF_DP - ok
16:57:07.0093 0x0b38  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
16:57:07.0187 0x0b38  HTTP - ok
16:57:07.0312 0x0b38  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
16:57:07.0343 0x0b38  HTTPFilter - ok
16:57:07.0484 0x0b38  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
16:57:07.0500 0x0b38  i2omgmt - ok
16:57:07.0593 0x0b38  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:57:07.0625 0x0b38  i2omp - ok
16:57:07.0890 0x0b38  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:57:07.0921 0x0b38  i8042prt - ok
16:57:09.0218 0x0b38  [ 0ACEBB31989CBF9A5663FE4A33D28D21, A56D11A09ED162E3865E69150A71E2462C818E558E4D2DCA0F27C6C67575EA4B ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:57:09.0859 0x0b38  ialm - ok
16:57:10.0765 0x0b38  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:57:11.0750 0x0b38  idsvc - ok
16:57:11.0921 0x0b38  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
16:57:11.0937 0x0b38  Imapi - ok
16:57:12.0343 0x0b38  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
16:57:12.0453 0x0b38  ImapiService - ok
16:57:12.0515 0x0b38  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:57:12.0531 0x0b38  ini910u - ok
16:57:12.0546 0x0b38  int15 - ok
16:57:12.0578 0x0b38  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
16:57:12.0578 0x0b38  IntelIde - ok
16:57:12.0625 0x0b38  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:57:12.0640 0x0b38  intelppm - ok
16:57:12.0656 0x0b38  iomegaaccess - ok
16:57:12.0687 0x0b38  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
16:57:12.0703 0x0b38  Ip6Fw - ok
16:57:12.0750 0x0b38  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:57:12.0765 0x0b38  IpFilterDriver - ok
16:57:12.0812 0x0b38  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:57:12.0812 0x0b38  IpInIp - ok
16:57:12.0906 0x0b38  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:57:12.0953 0x0b38  IpNat - ok
16:57:13.0000 0x0b38  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:57:13.0015 0x0b38  IPSec - ok
16:57:13.0062 0x0b38  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
16:57:13.0062 0x0b38  IRENUM - ok
16:57:13.0109 0x0b38  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:57:13.0125 0x0b38  isapnp - ok
16:57:13.0281 0x0b38  [ 77430E8234A0050ECCC5E2F5B30A7BEF, 3D05B97C01B1B7E0700369DEB15C8B5A083309518B6FDBADE6924637DEC4ABFF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:57:13.0343 0x0b38  JavaQuickStarterService - ok
16:57:13.0390 0x0b38  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:57:13.0406 0x0b38  Kbdclass - ok
16:57:13.0562 0x0b38  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:57:13.0562 0x0b38  kbdhid - ok
16:57:13.0875 0x0b38  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
16:57:13.0937 0x0b38  kmixer - ok
16:57:14.0000 0x0b38  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
16:57:14.0015 0x0b38  KSecDD - ok
16:57:14.0093 0x0b38  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
16:57:14.0125 0x0b38  lanmanserver - ok
16:57:14.0203 0x0b38  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:57:14.0296 0x0b38  lanmanworkstation - ok
16:57:14.0296 0x0b38  lbrtfdc - ok
16:57:14.0312 0x0b38  leqpktih - ok
16:57:14.0359 0x0b38  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
16:57:14.0359 0x0b38  LmHosts - ok
16:57:14.0375 0x0b38  lmouflt2 - ok
16:57:14.0375 0x0b38  mclserviceatl - ok
16:57:14.0390 0x0b38  mctskshd.exe - ok
16:57:14.0562 0x0b38  [ 3C318B9CD391371BED62126581EE9961, 1254273DE950EF8D5922F26D67B55C9D9082F45CDE168E3DAB20A2E53208DC3A ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:57:14.0562 0x0b38  mdmxsdk - ok
16:57:14.0625 0x0b38  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
16:57:14.0656 0x0b38  Messenger - ok
16:57:15.0015 0x0b38  MFE_RR - ok
16:57:15.0015 0x0b38  MKEMUSB - ok
16:57:15.0078 0x0b38  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
16:57:15.0078 0x0b38  mnmdd - ok
16:57:15.0140 0x0b38  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
16:57:15.0156 0x0b38  mnmsrvc - ok
16:57:15.0203 0x0b38  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
16:57:15.0218 0x0b38  Modem - ok
16:57:15.0234 0x0b38  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:57:15.0250 0x0b38  Mouclass - ok
16:57:15.0296 0x0b38  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:57:15.0296 0x0b38  mouhid - ok
16:57:15.0359 0x0b38  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
16:57:15.0375 0x0b38  MountMgr - ok
16:57:15.0484 0x0b38  [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:57:15.0562 0x0b38  MpFilter - ok
16:57:15.0609 0x0b38  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:57:15.0609 0x0b38  mraid35x - ok
16:57:15.0703 0x0b38  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:57:15.0781 0x0b38  MRxDAV - ok
16:57:15.0984 0x0b38  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:57:16.0203 0x0b38  MRxSmb - ok
16:57:16.0312 0x0b38  [ B490BD0678CB6A4890A86020ED106C75, 7EB16824974F197A7181DDFEC1BD86A220FB6D2AD0217E2D1D1A6101931CCB5C ] MSCSPTISRV      C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
16:57:16.0328 0x0b38  MSCSPTISRV - ok
16:57:16.0375 0x0b38  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
16:57:16.0375 0x0b38  MSDTC - ok
16:57:16.0406 0x0b38  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
16:57:16.0421 0x0b38  Msfs - ok
16:57:16.0421 0x0b38  MSIServer - ok
16:57:16.0468 0x0b38  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:57:16.0468 0x0b38  MSKSSRV - ok
16:57:16.0546 0x0b38  [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:57:16.0562 0x0b38  MsMpSvc - ok
16:57:16.0593 0x0b38  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:57:16.0609 0x0b38  MSPCLOCK - ok
16:57:16.0625 0x0b38  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
16:57:16.0640 0x0b38  MSPQM - ok
16:57:16.0671 0x0b38  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:57:16.0671 0x0b38  mssmbios - ok
16:57:16.0750 0x0b38  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
16:57:16.0765 0x0b38  Mup - ok
16:57:16.0828 0x0b38  [ E1CDF20697D992CF83FF86DD04DF1285, F11EFA7B96672225BFB4302CD2272AD0D189973CBC24E9DA71FC3C7DAA78D4EA ] mxnic           C:\WINDOWS\system32\DRIVERS\mxnic.sys
16:57:16.0828 0x0b38  mxnic - ok
16:57:16.0968 0x0b38  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
16:57:17.0062 0x0b38  napagent - ok
16:57:17.0156 0x0b38  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
16:57:17.0234 0x0b38  NDIS - ok
16:57:17.0265 0x0b38  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:57:17.0265 0x0b38  NdisTapi - ok
16:57:17.0296 0x0b38  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:57:17.0296 0x0b38  Ndisuio - ok
16:57:17.0359 0x0b38  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:57:17.0390 0x0b38  NdisWan - ok
16:57:17.0453 0x0b38  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
16:57:17.0453 0x0b38  NDProxy - ok
16:57:17.0781 0x0b38  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
16:57:17.0796 0x0b38  NetBIOS - ok
16:57:17.0859 0x0b38  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
16:57:17.0921 0x0b38  NetBT - ok
16:57:18.0000 0x0b38  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
16:57:18.0031 0x0b38  NetDDE - ok
16:57:18.0078 0x0b38  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
16:57:18.0093 0x0b38  NetDDEdsdm - ok
16:57:18.0125 0x0b38  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
16:57:18.0140 0x0b38  Netlogon - ok
16:57:18.0218 0x0b38  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
16:57:18.0296 0x0b38  Netman - ok
16:57:18.0406 0x0b38  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:57:18.0546 0x0b38  NetTcpPortSharing - ok
16:57:18.0671 0x0b38  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
16:57:18.0781 0x0b38  Nla - ok
16:57:18.0796 0x0b38  nnsvc - ok
16:57:18.0843 0x0b38  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
16:57:18.0859 0x0b38  Npfs - ok
16:57:19.0062 0x0b38  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
16:57:19.0406 0x0b38  Ntfs - ok
16:57:19.0437 0x0b38  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
16:57:19.0453 0x0b38  NtLmSsp - ok
16:57:19.0859 0x0b38  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
16:57:20.0015 0x0b38  NtmsSvc - ok
16:57:20.0062 0x0b38  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
16:57:20.0078 0x0b38  Null - ok
16:57:20.0093 0x0b38  nuvvid2 - ok
16:57:20.0750 0x0b38  [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:57:21.0421 0x0b38  nv - ok
16:57:21.0468 0x0b38  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:57:21.0468 0x0b38  NwlnkFlt - ok
16:57:21.0500 0x0b38  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:57:21.0515 0x0b38  NwlnkFwd - ok
16:57:21.0515 0x0b38  olregcap - ok
16:57:21.0625 0x0b38  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:57:21.0656 0x0b38  ose - ok
16:57:21.0703 0x0b38  [ C90018BAFDC7098619A4A95B046B30F3, 1826E46F237AD65BA189B83803A46A6C2B29089C1BA146106ADD9F2B04D4A89D ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
16:57:21.0718 0x0b38  P3 - ok
16:57:21.0765 0x0b38  [ DCACC2FC7DC0A3D7A60BEB81FA233822, 98866D1B93A5EAF2A7B008EACDB56A7CD3E06830F53A86330D5A0319AF8FF938 ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
16:57:21.0906 0x0b38  PACSPTISVR - ok
16:57:21.0968 0x0b38  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
16:57:22.0015 0x0b38  Parport - ok
16:57:22.0031 0x0b38  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
16:57:22.0046 0x0b38  PartMgr - ok
16:57:22.0078 0x0b38  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
16:57:22.0078 0x0b38  ParVdm - ok
16:57:22.0140 0x0b38  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
16:57:22.0171 0x0b38  PCI - ok
16:57:22.0187 0x0b38  PCIDump - ok
16:57:22.0218 0x0b38  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
16:57:22.0218 0x0b38  PCIIde - ok
16:57:22.0281 0x0b38  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
16:57:22.0312 0x0b38  Pcmcia - ok
16:57:22.0328 0x0b38  PDCOMP - ok
16:57:22.0343 0x0b38  PDFRAME - ok
16:57:22.0343 0x0b38  PDRELI - ok
16:57:22.0359 0x0b38  PDRFRAME - ok
16:57:22.0406 0x0b38  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
16:57:22.0421 0x0b38  perc2 - ok
16:57:22.0437 0x0b38  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:57:22.0437 0x0b38  perc2hib - ok
16:57:22.0500 0x0b38  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
16:57:22.0500 0x0b38  PlugPlay - ok
16:57:22.0515 0x0b38  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
16:57:22.0515 0x0b38  PolicyAgent - ok
16:57:22.0578 0x0b38  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:57:22.0593 0x0b38  PptpMiniport - ok
16:57:22.0718 0x0b38  [ BDDCAF3DDD6C54229E8703E6382CA761, 7F5A839D822F409F6F7257869384956FBA6FC9D2CA87FE90477B60BDF2F74D5A ] PrismXL         C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
16:57:23.0000 0x0b38  PrismXL - ok
16:57:23.0031 0x0b38  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:57:23.0031 0x0b38  ProtectedStorage - ok
16:57:23.0093 0x0b38  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
16:57:23.0109 0x0b38  PSched - ok
16:57:23.0171 0x0b38  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:57:23.0171 0x0b38  Ptilink - ok
16:57:23.0218 0x0b38  [ 86724469CD077901706854974CD13C3E, 23C6B45928E43AC2893033DFC4265C2C87B3D185CB20553B9EAB818A46FB8C18 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:57:23.0234 0x0b38  PxHelp20 - ok
16:57:23.0250 0x0b38  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:57:23.0265 0x0b38  ql1080 - ok
16:57:23.0296 0x0b38  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:57:23.0312 0x0b38  Ql10wnt - ok
16:57:23.0328 0x0b38  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:57:23.0343 0x0b38  ql12160 - ok
16:57:23.0375 0x0b38  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:57:23.0390 0x0b38  ql1240 - ok
16:57:23.0406 0x0b38  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:57:23.0437 0x0b38  ql1280 - ok
16:57:23.0453 0x0b38  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:57:23.0453 0x0b38  RasAcd - ok
16:57:23.0531 0x0b38  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
16:57:23.0562 0x0b38  RasAuto - ok
16:57:23.0609 0x0b38  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:57:23.0625 0x0b38  Rasl2tp - ok
16:57:23.0718 0x0b38  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
16:57:23.0781 0x0b38  RasMan - ok
16:57:23.0812 0x0b38  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:57:23.0828 0x0b38  RasPppoe - ok
16:57:23.0875 0x0b38  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
16:57:23.0890 0x0b38  Raspti - ok
16:57:23.0953 0x0b38  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:57:24.0015 0x0b38  Rdbss - ok
16:57:24.0031 0x0b38  RDID1007 - ok
16:57:24.0046 0x0b38  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:57:24.0046 0x0b38  RDPCDD - ok
16:57:24.0156 0x0b38  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:57:24.0218 0x0b38  rdpdr - ok
16:57:24.0328 0x0b38  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
16:57:24.0359 0x0b38  RDPWD - ok
16:57:24.0453 0x0b38  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
16:57:24.0500 0x0b38  RDSessMgr - ok
16:57:24.0578 0x0b38  [ 89525CC2DBAD44F7199B9CC188B3F9C5, 09708EFA65BC1CCF92E6F2E143FCF88C645B1633AFE0DED833CDF945CB077D8C ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
16:57:24.0593 0x0b38  RealNetworks Downloader Resolver Service - ok
16:57:24.0640 0x0b38  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
16:57:24.0656 0x0b38  redbook - ok
16:57:24.0718 0x0b38  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
16:57:24.0734 0x0b38  RemoteAccess - ok
16:57:24.0812 0x0b38  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
16:57:24.0843 0x0b38  RpcLocator - ok
16:57:25.0000 0x0b38  [ 7F19CB9CFAEE15D80107A795F83F9ECA, A8C4F10AF09073B5F3CB57539A2C5C5E603C8F9294B1369A68E6E0302F8C9A09 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
16:57:25.0015 0x0b38  RpcSs - detected Trojan.Win32.Patched.pj ( 0 )
16:57:25.0015 0x0b38  RpcSs ( Trojan.Win32.Patched.pj ) - infected
16:57:25.0015 0x0b38  Force sending object to P2P due to detect: RpcSs
16:57:27.0718 0x0b38  Object send P2P result: true
16:57:31.0109 0x0b38  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
16:57:31.0171 0x0b38  RSVP - ok
16:57:31.0187 0x0b38  s116bus - ok
16:57:31.0234 0x0b38  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
16:57:31.0234 0x0b38  SamSs - ok
16:57:31.0296 0x0b38  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:57:31.0312 0x0b38  SASDIFSV - ok
16:57:31.0390 0x0b38  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:57:31.0421 0x0b38  SASKUTIL - ok
16:57:31.0531 0x0b38  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
16:57:31.0578 0x0b38  SCardSvr - ok
16:57:31.0843 0x0b38  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
16:57:31.0921 0x0b38  Schedule - ok
16:57:31.0937 0x0b38  SeaPort - ok
16:57:32.0015 0x0b38  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:57:32.0031 0x0b38  Secdrv - ok
16:57:32.0109 0x0b38  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
16:57:32.0109 0x0b38  seclogon - ok
16:57:32.0187 0x0b38  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
16:57:32.0234 0x0b38  SENS - ok
16:57:32.0328 0x0b38  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
16:57:32.0328 0x0b38  Serenum - ok
16:57:32.0390 0x0b38  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
16:57:32.0437 0x0b38  Serial - ok
16:57:32.0531 0x0b38  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
16:57:32.0546 0x0b38  Sfloppy - ok
16:57:32.0562 0x0b38  sfsync04 - ok
16:57:32.0765 0x0b38  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
16:57:32.0921 0x0b38  SharedAccess - ok
16:57:33.0000 0x0b38  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:57:33.0015 0x0b38  ShellHWDetection - ok
16:57:33.0031 0x0b38  Simbad - ok
16:57:33.0093 0x0b38  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:57:33.0109 0x0b38  sisagp - ok
16:57:33.0171 0x0b38  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:57:33.0171 0x0b38  Sparrow - ok
16:57:33.0250 0x0b38  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
16:57:33.0265 0x0b38  splitter - ok
16:57:33.0343 0x0b38  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
16:57:33.0375 0x0b38  Spooler - ok
16:57:33.0390 0x0b38  sprtsvc_dellsupportcenter - ok
16:57:33.0484 0x0b38  [ 1B7447278005E38E464B34A7E841D628, CBEF504A8F499753E45FFC34DB25BB7AFCF3F5447A834289626BCFBB2AE4978F ] SPTISRV         C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
16:57:33.0750 0x0b38  SPTISRV - ok
16:57:33.0921 0x0b38  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
16:57:33.0984 0x0b38  sr - ok
16:57:34.0125 0x0b38  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
16:57:34.0203 0x0b38  srservice - ok
16:57:34.0453 0x0b38  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
16:57:34.0687 0x0b38  Srv - ok
16:57:34.0953 0x0b38  [ D795709932C74E00B804D99CF9A3AFD6, FC84B1D67878D5F7B86E47FDC94C690D321B963EA0D0BCDC2C6D195AC76C3E20 ] SS1022          C:\WINDOWS\system32\DRIVERS\SSUSBN51.sys
16:57:35.0500 0x0b38  SS1022 - ok
16:57:35.0609 0x0b38  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
16:57:35.0640 0x0b38  SSDPSRV - ok
16:57:35.0765 0x0b38  [ F05B8D10BD6AD4CBB561E29D5BE2C674, 765F26FC5890A587B0B309A45867CA4F4BB2A2C4A36C33F033B532481E293B33 ] SSScsiSV        C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
16:57:35.0828 0x0b38  SSScsiSV - ok
16:57:36.0171 0x0b38  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
16:57:36.0531 0x0b38  stisvc - ok
16:57:36.0703 0x0b38  [ 86CA1A5C15A5A98D5533945FB1120B05, FFAA8F42D88A69B6893343A61DE5F34AAA04400BF9EAC7A2A6469D001FD9C0DC ] SunkFilt        C:\WINDOWS\System32\Drivers\sunkfilt.sys
16:57:37.0031 0x0b38  SunkFilt - ok
16:57:37.0109 0x0b38  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
16:57:37.0265 0x0b38  swenum - ok
16:57:37.0640 0x0b38  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
16:57:37.0671 0x0b38  swmidi - ok
16:57:37.0687 0x0b38  SwPrv - ok
16:57:37.0781 0x0b38  [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
16:57:37.0843 0x0b38  symc810 - ok
16:57:37.0953 0x0b38  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:57:37.0968 0x0b38  symc8xx - ok
16:57:38.0125 0x0b38  [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:57:38.0125 0x0b38  sym_hi - ok
16:57:38.0156 0x0b38  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:57:38.0156 0x0b38  sym_u3 - ok
16:57:38.0203 0x0b38  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
16:57:38.0218 0x0b38  sysaudio - ok
16:57:38.0234 0x0b38  sysdown - ok
16:57:38.0406 0x0b38  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
16:57:38.0546 0x0b38  SysmonLog - ok
16:57:38.0828 0x0b38  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
16:57:39.0109 0x0b38  TapiSrv - ok
16:57:39.0421 0x0b38  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:57:39.0703 0x0b38  Tcpip - ok
16:57:39.0796 0x0b38  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
16:57:39.0812 0x0b38  TDPIPE - ok
16:57:39.0875 0x0b38  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
16:57:39.0890 0x0b38  TDTCP - ok
16:57:39.0937 0x0b38  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
16:57:39.0984 0x0b38  TermDD - ok
16:57:40.0140 0x0b38  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
16:57:40.0328 0x0b38  TermService - ok
16:57:40.0453 0x0b38  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
16:57:40.0468 0x0b38  Themes - ok
16:57:40.0546 0x0b38  [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
16:57:40.0546 0x0b38  TosIde - ok
16:57:40.0671 0x0b38  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
16:57:40.0703 0x0b38  TrkWks - ok
16:57:40.0718 0x0b38  tsmservice - ok
16:57:40.0781 0x0b38  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
16:57:40.0812 0x0b38  Udfs - ok
16:57:40.0875 0x0b38  [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
16:57:40.0890 0x0b38  ultra - ok
16:57:41.0062 0x0b38  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
16:57:41.0218 0x0b38  Update - ok
16:57:41.0328 0x0b38  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
16:57:41.0406 0x0b38  upnphost - ok
16:57:41.0437 0x0b38  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
16:57:41.0453 0x0b38  UPS - ok
16:57:41.0593 0x0b38  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:57:41.0593 0x0b38  usbccgp - ok
16:57:41.0656 0x0b38  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:57:41.0656 0x0b38  usbehci - ok
16:57:41.0734 0x0b38  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:57:41.0750 0x0b38  usbhub - ok
16:57:41.0781 0x0b38  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:57:41.0796 0x0b38  usbprint - ok
16:57:41.0843 0x0b38  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:57:41.0859 0x0b38  usbscan - ok
16:57:41.0890 0x0b38  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:57:41.0890 0x0b38  USBSTOR - ok
16:57:41.0953 0x0b38  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:57:41.0953 0x0b38  usbuhci - ok
16:57:41.0984 0x0b38  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
16:57:42.0000 0x0b38  VgaSave - ok
16:57:42.0046 0x0b38  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:57:42.0062 0x0b38  viaagp - ok
16:57:42.0078 0x0b38  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
16:57:42.0078 0x0b38  ViaIde - ok
16:57:42.0125 0x0b38  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
16:57:42.0140 0x0b38  VolSnap - ok
16:57:42.0265 0x0b38  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
16:57:42.0375 0x0b38  VSS - ok
16:57:42.0453 0x0b38  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
16:57:42.0640 0x0b38  W32Time - ok
16:57:42.0687 0x0b38  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:57:42.0703 0x0b38  Wanarp - ok
16:57:42.0781 0x0b38  [ 0A716C08CB13C3A8F4F51E882DBF7416, 66FFDC9151CB3676B5DF073431DE055E7F2CDA5722F7EAAC6EC45F2CF9910882 ] wanatw          C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:57:42.0781 0x0b38  wanatw - ok
16:57:42.0796 0x0b38  WDICA - ok
16:57:42.0843 0x0b38  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
16:57:42.0875 0x0b38  wdmaud - ok
16:57:42.0953 0x0b38  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
16:57:42.0968 0x0b38  WebClient - ok
16:57:43.0265 0x0b38  [ 2DC7C0B6175A0A8ED84A4F70199C93B5, 2EF9A3A555938D4F6FE8167D2E04C996623CFF587FDEBD3AD41A96045CC8646E ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:57:43.0609 0x0b38  winachsf - ok
16:57:43.0765 0x0b38  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
16:57:43.0890 0x0b38  winmgmt - ok
16:57:44.0312 0x0b38  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
16:57:44.0328 0x0b38  WmdmPmSN - ok
16:57:44.0421 0x0b38  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:57:44.0468 0x0b38  WmiApSrv - ok
16:57:45.0359 0x0b38  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
16:57:46.0281 0x0b38  WMPNetworkSvc - ok
16:57:46.0375 0x0b38  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
16:57:46.0421 0x0b38  WpdUsb - ok
16:57:46.0640 0x0b38  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:57:46.0671 0x0b38  WS2IFSL - ok
16:57:46.0843 0x0b38  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
16:57:46.0937 0x0b38  wscsvc - ok
16:57:46.0984 0x0b38  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
16:57:46.0984 0x0b38  wuauserv - ok
16:57:47.0218 0x0b38  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:57:47.0312 0x0b38  WudfPf - ok
16:57:47.0390 0x0b38  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
16:57:47.0437 0x0b38  WudfSvc - ok
16:57:47.0921 0x0b38  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
16:57:48.0515 0x0b38  WZCSVC - ok
16:57:48.0906 0x0b38  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
16:57:49.0015 0x0b38  xmlprov - ok
16:57:49.0031 0x0b38  ================ Scan global ===============================
16:57:49.0187 0x0b38  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
16:57:49.0828 0x0b38  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
16:57:50.0156 0x0b38  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
16:57:50.0234 0x0b38  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
16:57:50.0250 0x0b38  [ Global ] - ok
16:57:50.0265 0x0b38  ================ Scan MBR ==================================
16:57:50.0312 0x0b38  [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk0\DR0
16:57:57.0718 0x0b38  \Device\Harddisk0\DR0 - ok
16:57:57.0718 0x0b38  ================ Scan VBR ==================================
16:57:57.0734 0x0b38  [ 6C0A6A8E1A06F04AFB246ED24371E3E1 ] \Device\Harddisk0\DR0\Partition1
16:57:57.0796 0x0b38  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
16:57:57.0796 0x0b38  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
16:58:00.0250 0x0b38  [ 8D6C2BB44A4BE012F2B4DACFEB0EC120 ] \Device\Harddisk0\DR0\Partition2
16:58:00.0250 0x0b38  \Device\Harddisk0\DR0\Partition2 - ok
16:58:00.0250 0x0b38  ================ Scan generic autorun ======================
16:58:00.0390 0x0b38  [ D3CC7A3813123E955B3A497C04B404E2, 3D4D7BFBD6801155908EF0CB916B45ADEF41A63B39E30CCD9B62F360AC5FF20A ] C:\WINDOWS\SMINST\RECGUARD.EXE
16:58:00.0468 0x0b38  Recguard - ok
16:58:00.0593 0x0b38  [ C341CCFBE98BC7DF6E0B856BB9FC265A, 7EA0A5407591EC8D97A9658DBEB7CB57550E143C526C3502E73F12FEF46F778C ] C:\Program Files\QuickTime\qttask.exe
16:58:00.0625 0x0b38  QuickTime Task - ok
16:58:00.0781 0x0b38  [ 7F2691FD961C9A704DA221745CCE6295, E33F879D1F5E50DD5FC37754B717EA3EA269CC6809F00C5C5DA189545110BF8C ] C:\program files\real\realplayer\update\realsched.exe
16:58:00.0875 0x0b38  TkBellExe - ok
16:58:01.0031 0x0b38  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
16:58:01.0125 0x0b38  SunJavaUpdateSched - ok
16:58:01.0500 0x0b38  [ 882B5B999A71F56D5DF294D93AE1E7D1, 690B93C4A3E476595808EBDBE5CF620FC4A86D41FCD66023DE0DA7972F8941E4 ] c:\Program Files\Microsoft Security Client\msseces.exe
16:58:01.0843 0x0b38  MSC - ok
16:58:01.0984 0x0b38  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
16:58:02.0031 0x0b38  Google Update - ok
16:58:02.0687 0x0b38  [ 3E930C641079443D4DE036167A69CAA2, DEBA83978850F17B33A3C4C06C5E707B9A3FACA30FE0DFC5A9425EF2CA592473 ] C:\Program Files\Messenger\msmsgs.exe
16:58:03.0265 0x0b38  MSMSGS - ok
16:58:03.0359 0x0b38  AV detected via SS1: Microsoft Security Essentials, 4.5.0216.0, enabled, updated
16:58:03.0359 0x0b38  Win FW state via NFM: enabled
16:58:05.0796 0x0b38  ============================================================
16:58:05.0796 0x0b38  Scan finished
16:58:05.0796 0x0b38  ============================================================
16:58:05.0796 0x0e90  Detected object count: 3
16:58:05.0796 0x0e90  Actual detected object count: 3
16:58:13.0015 0x0e90  C:\WINDOWS\system32\rpcss.dll - copied to quarantine
16:58:15.0906 0x0e90  Backup copy found through SCO, using it..
16:58:16.0312 0x0e90  C:\WINDOWS\system32\rpcss.dll - will be cured on reboot
16:58:16.0312 0x0e90  DcomLaunch ( Trojan.Win32.Patched.pj ) - User select action: Cure
16:58:16.0609 0x0e90  C:\WINDOWS\System32\rpcss.dll - copied to quarantine
16:58:17.0078 0x0e90  Backup copy found through SCO, using it..
16:58:17.0515 0x0e90  C:\WINDOWS\System32\rpcss.dll - will be cured on reboot
16:58:17.0515 0x0e90  RpcSs ( Trojan.Win32.Patched.pj ) - User select action: Cure
16:58:17.0578 0x0e90  \Device\Harddisk0\DR0\Partition1 - copied to quarantine
16:58:18.0359 0x0e90  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
16:58:18.0375 0x0e90  \Device\Harddisk0\DR0\Partition1 - ok
16:58:18.0375 0x0e90  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
16:58:20.0609 0x0e90  KLMD registered as C:\WINDOWS\system32\drivers\95762916.sys
16:58:42.0656 0x0a24  Deinitialize success
 



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:47 AM

Posted 19 June 2014 - 09:39 AM

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 riley45

riley45
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 19 June 2014 - 03:35 PM

I downloaded and ran the ComboFix tool as you instructed.  The ComboFix log is shown below:

 

ComboFix 14-06-19.01 - Owner 06/19/2014  15:51:51.6.1 - x86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-19 to 2014-06-19  )))))))))))))))))))))))))))))))
.
.
2014-06-18 22:15 . 2014-06-05 10:54 8140904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E2DAFDF5-E24F-4EFD-A00D-7C3EC4DC95F4}\mpengine.dll
2014-06-17 20:50 . 2014-06-05 10:54 8140904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-17 11:41 . 2014-06-17 20:49 -------- d-----w- C:\TDSSKiller_Quarantine
2014-06-13 19:12 . 2014-06-17 20:43 -------- d-----w- C:\FRST
2014-06-12 02:39 . 2014-06-12 02:39 -------- d-----w- C:\found.002
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-17 20:59 . 2005-03-23 16:52 402432 ----a-w- c:\windows\system32\rpcss.dll
2014-04-15 00:13 . 2014-04-22 12:32 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-14 23:47 . 2014-04-22 12:32 145408 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-09 03:26 . 2011-02-09 03:26 27024112 ----a-w- c:\program files\PowerPointViewer.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-11 98304]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-05-26 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Siemens SpeedStream Wireless USB.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Siemens SpeedStream Wireless USB.lnk
backup=c:\windows\pss\Siemens SpeedStream Wireless USB.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-05-11 16:23 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
.
R1 leqpktih;leqpktih;c:\windows\system32\drivers\leqpktih.sys [x]
R2 EBPYWGVK;EBPYWGVK;c:\windows\system32\ebpywgvk.agr [x]
R3 MFE_RR;MFE_RR;c:\docume~1\Owner\LOCALS~1\Temp\mfe_rr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
S3 SS1022;Siemens SpeedStream Wireless USB Driver;c:\windows\system32\DRIVERS\SSUSBN51.sys [2002-06-21 588160]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
int15
iomegaaccess
nnsvc
sprtsvc_dellsupportcenter
olregcap
mctskshd.exe
tsmservice
nuvvid2
sfsync04
mclserviceatl
SeaPort
MKEMUSB
hclinetd
CTEXFIFX.DLL
lmouflt2
sysdown
ctdvda2k
s116bus
driverhardwarev2
RDID1007
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 23:58]
.
2014-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 23:58]
.
2014-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1704833363-758890274-2038612096-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-24 13:48]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1704833363-758890274-2038612096-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-24 13:48]
.
2014-06-19 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2014-03-11 14:13]
.
2014-05-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-06 01:59]
.
2014-06-10 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-03-06 06:23]
.
2014-06-19 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06 06:21]
.
2014-06-19 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06 06:21]
.
2014-06-19 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 15:36]
.
2014-06-19 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 15:36]
.
2014-06-19 c:\windows\Tasks\User_Feed_Synchronization-{C6EF6733-F01A-486F-B22E-DC9407039ED5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{ADCCC00B-5FE3-48CC-B779-B4B07275D68C}: DhcpNameServer = 192.168.2.1
DPF: vzTCPConfig - hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-74443811.sys
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-19 16:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\EBPYWGVK]
"ImagePath"="\??\c:\windows\system32\ebpywgvk.agr"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Enum\Root\LEGACY_NDISPROT.SYS\0000]
@DACL=(02 0000)
"Service"="Ndisprot.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="Ndisprot.sys"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\\0084"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1432)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2014-06-19  16:27:30
ComboFix-quarantined-files.txt  2014-06-19 20:27
.
Pre-Run: 35,235,586,048 bytes free
Post-Run: 42,456,346,624 bytes free
.
- - End Of File - - B9C2E8431A7B7C591B824AD419D4033E
B20939CD98B7710036274839082AE757
 



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:47 AM

Posted 23 June 2014 - 02:54 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 riley45

riley45
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 AM

Posted 23 June 2014 - 12:47 PM

After disabling Microsoft Security Essentials (MSE), I downloaded the CFScript.txt file to my desktop and then dragged it into the ComboFix.exe icon in order to run ComboFix.  After the ComboFix run was complete, I enabled MSE and then performed a scan with Malwarebytes.  The logs from both the ComboFix and Malwarebytes scans are shown below.

 

The Malwarebytes scan showed no malicious items.  Nevertheless, while the Malwarebytes scan was running, MSE detected a Virus:DOS/Rovnix.W file located at C:\TDSSKiller_Quarantine\17.06.2014_07.38.25\boot0000\boot0000\tsk0000.dta which I subsequently deleted.  It appears that this file was a quarantined file from a TDSSKiller scan performed on June 17 which was not deleted at that time. 

 

After I performed both these scans, I rebooted my machine.  I still get the window with the system shutdown message due to the NT AUTHORITY\SYSTEM which I mentioned to you last week.  In addition, I can no longer open the Microsoft Works Word Processor or open any Microsoft Works Word Processor documents on my machine.  I get a message saying that one of the Microsoft Works Word Processor files may have been renamed, deleted, or moved.  I noticed this problem shortly after running the first ComboFix scan last Thursday.

 

Despite this problem with the Microsoft Works Word Processor, I have no problems opening or using Microsoft Works Spreadsheet files.

 

ComboFix 14-06-23.01 - Owner 06/23/2014   8:28.8.1 - x86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 * Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\leqpktih.sys"
"c:\windows\system32\ebpywgvk.agr"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Java\jre7\bin\jp2ssv.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EBPYWGVK
-------\Service_EBPYWGVK
-------\Service_leqpktih
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-23 to 2014-06-23  )))))))))))))))))))))))))))))))
.
.
2014-06-19 20:32 . 2014-06-05 10:54 8140904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CFAB947-5CE1-4360-8A7E-9232A5C12256}\mpengine.dll
2014-06-17 20:50 . 2014-06-05 10:54 8140904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-17 11:41 . 2014-06-17 20:49 -------- d-----w- C:\TDSSKiller_Quarantine
2014-06-13 19:12 . 2014-06-17 20:43 -------- d-----w- C:\FRST
2014-06-12 02:39 . 2014-06-12 02:39 -------- d-----w- C:\found.002
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-17 20:59 . 2005-03-23 16:52 402432 ----a-w- c:\windows\system32\rpcss.dll
2014-04-15 00:13 . 2014-04-22 12:32 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-14 23:47 . 2014-04-22 12:32 145408 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-09 03:26 . 2011-02-09 03:26 27024112 ----a-w- c:\program files\PowerPointViewer.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-11 98304]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-05-26 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Siemens SpeedStream Wireless USB.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Siemens SpeedStream Wireless USB.lnk
backup=c:\windows\pss\Siemens SpeedStream Wireless USB.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-05-11 16:23 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
.
R3 MFE_RR;MFE_RR;c:\docume~1\Owner\LOCALS~1\Temp\mfe_rr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
S3 SS1022;Siemens SpeedStream Wireless USB Driver;c:\windows\system32\DRIVERS\SSUSBN51.sys [2002-06-21 588160]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
int15
iomegaaccess
nnsvc
sprtsvc_dellsupportcenter
olregcap
mctskshd.exe
tsmservice
nuvvid2
sfsync04
mclserviceatl
SeaPort
MKEMUSB
hclinetd
CTEXFIFX.DLL
lmouflt2
sysdown
ctdvda2k
s116bus
driverhardwarev2
RDID1007
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 23:58]
.
2014-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 23:58]
.
2014-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1704833363-758890274-2038612096-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-24 13:48]
.
2014-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1704833363-758890274-2038612096-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-24 13:48]
.
2014-06-23 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2014-03-11 14:13]
.
2014-05-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-06 01:59]
.
2014-06-10 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-03-06 06:23]
.
2014-06-23 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06 06:21]
.
2014-06-23 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06 06:21]
.
2014-06-23 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 15:36]
.
2014-06-23 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1704833363-758890274-2038612096-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 15:36]
.
2014-06-23 c:\windows\Tasks\User_Feed_Synchronization-{C6EF6733-F01A-486F-B22E-DC9407039ED5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{ADCCC00B-5FE3-48CC-B779-B4B07275D68C}: DhcpNameServer = 192.168.2.1
DPF: vzTCPConfig - hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-23 08:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Enum\Root\LEGACY_NDISPROT.SYS\0000]
@DACL=(02 0000)
"Service"="Ndisprot.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="Ndisprot.sys"
"Capabilities"=dword:00000000
"Driver"="{8ECC055D-047F-11D1-A537-0000F8753ED1}\\0084"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1488)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2014-06-23  08:51:50
ComboFix-quarantined-files.txt  2014-06-23 12:51
ComboFix2.txt  2014-06-19 20:27
.
Pre-Run: 42,361,536,512 bytes free
Post-Run: 42,365,997,056 bytes free
.
- - End Of File - - D75A6E3DAC6AD54FD7FB7B111C0758C3
B20939CD98B7710036274839082AE757
 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.06.23.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: KEN [administrator]

6/23/2014 09:06:51
mbam-log-2014-06-23 (09-06-51).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 351938
Time elapsed: 3 hour(s), 45 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:47 AM

Posted 24 June 2014 - 07:01 AM

Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the StartBtn.gif button
  • Click My Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.


A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the StartBtn.gif button
  • Click Run.
  • Type "eventvwr" without the quotes and press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Event Viewer (local)" then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Winlogon", with an entry corresponding to the date and time of the disk check.
  • Click on that Winlogon entry to select it.
  • In the box below "Description", Copy all of the contents.
  • Paste the contents into your next reply.

 

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"



Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users