Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspect Dropper Malware


  • Please log in to reply
14 replies to this topic

#1 Bleky

Bleky

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:02:03 AM

Posted 20 August 2014 - 07:19 AM

Mod Edit:  Split from http://www.bleepingcomputer.com/forums/t/542564/ctb-locker-or-decryptallfilestxt-encrypting-ransomware-sets-extension-to-ctbl/ - Hamluis.

 

I think I have the dropper.It came in fake Amazon order confirmation message with a zip archive.
I didn't run anything.


Edited by hamluis, 24 August 2014 - 07:00 AM.
Moved to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 PM

Posted 25 August 2014 - 10:45 AM

Hello Blecky,t's look at these logs.

Download 51a46ae42d560-malwarebytes_anti_malware.MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
  • If no threats were found, click View detailed log.
    • Click Export and save the log as a .txt file on your Desktop or another location.
  • If the scan detected any threats, click Apply Actions.
    • To complete any actions taken you will be prompted to restart your computer...click on Yes.
    • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
    • Check the box next to Scan Log. Choose the most current scan and click View.
    • Click Export and save the log as a .txt file on your Desktop or another location.
Providing the MalwareBytes' Anti-Malware log file
  • Attach the log file you just saved to your next reply for further review.
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:02:03 AM

Posted 26 August 2014 - 04:07 AM

Thank you Boopme,the scans will take a while beacuse on the computer is about 2TB of data :)

Edited by Bleky, 26 August 2014 - 04:08 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 PM

Posted 26 August 2014 - 09:05 AM

No problem , post them when they finish... one at a time or all at once...
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:02:03 AM

Posted 26 August 2014 - 11:13 AM

Ok,MBAM found a backdoor,when I try to export the log it terminates itself...

I will do ESET now :)



#6 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:02:03 AM

Posted 26 August 2014 - 12:07 PM

ESET still scanning,found some Ask toolbar things, a trojan downloader and other...

#7 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:02:03 AM

Posted 26 August 2014 - 01:25 PM

C:\Documents and Settings\Default User\Local Settings\Application Data\AskToolbar\avira.cab a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Documents and Settings\Default User\Local Settings\Application Data\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar\avira.cab a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Application Data\AskToolbar\avira.cab a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Application Data\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GT3SNR8I\ajs[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\T3FXEPSU\rates[1].php Win32/TrojanDownloader.Wauchos.AD trojan cleaned by deleting - quarantined
C:\Program Files\Ask.com\AviraBrowserSecurity.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Program Files\Ask.com\precache.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Program Files\Ask.com\SaUpdate.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Program Files\Ask.com\UpdateTask.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Program Files\Ask.com\Updater\Updater.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\RECYCLER\S-1-5-21-448539723-842925246-725345543-1003\Dc4314.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\WINDOWS\Installer\232b4.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\WINDOWS\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined


#8 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:02:03 AM

Posted 26 August 2014 - 01:29 PM

MiniToolBox by Farbar  Version: 21-07-2014
Ran by User (administrator) on 26-08-2014 at 20:29:44
Running from "C:\Documents and Settings\User\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Hamachi"
 
set address name="Hamachi" source=dhcp 
set dns name="Hamachi" source=dhcp register=NONE
set wins name="Hamachi" source=dhcp
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=static addr=192.168.1.2 mask=255.255.255.0
set address name="Local Area Connection" gateway=192.168.1.1 gwmetric=0
set dns name="Local Area Connection" source=static addr=192.168.1.1 register=PRIMARY
set wins name="Local Area Connection" source=static addr=none
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : user-6a5379dc44
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Unknown
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Hamachi:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Hamachi Network Interface
 
        Physical Address. . . . . . . . . : 7A-79-05-3C-1F-0A
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : No
 
        IP Address. . . . . . . . . . . . : 5.60.31.10
 
        Subnet Mask . . . . . . . . . . . : 255.0.0.0
 
        Default Gateway . . . . . . . . . : 
 
        DHCP Server . . . . . . . . . . . : 5.0.0.1
 
        Lease Obtained. . . . . . . . . . : 26. kolovoz 2014 20:28:10
 
        Lease Expires . . . . . . . . . . : 26. kolovoz 2014 20:32:25
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC
 
        Physical Address. . . . . . . . . : 00-16-76-85-DA-94
 
        Dhcp Enabled. . . . . . . . . . . : No
 
        IP Address. . . . . . . . . . . . : 192.168.1.2
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.1
 
        DNS Servers . . . . . . . . . . . : 192.168.1.1
 
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  208.117.229.50, 208.117.229.54, 208.117.229.55, 208.117.229.59
 208.117.229.20, 208.117.229.24, 208.117.229.25, 208.117.229.29, 208.117.229.30
 208.117.229.34, 208.117.229.35, 208.117.229.39, 208.117.229.40, 208.117.229.44
 208.117.229.45, 208.117.229.49
 
 
 
Pinging google.com [208.117.229.20] with 32 bytes of data:
 
 
 
Reply from 208.117.229.20: bytes=32 time=17ms TTL=58
 
Reply from 208.117.229.20: bytes=32 time=14ms TTL=58
 
 
 
Ping statistics for 208.117.229.20:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 14ms, Maximum = 17ms, Average = 15ms
 
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45
 
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
 
 
 
Reply from 98.139.183.24: bytes=32 time=135ms TTL=51
 
Reply from 98.139.183.24: bytes=32 time=134ms TTL=51
 
 
 
Ping statistics for 98.139.183.24:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 134ms, Maximum = 135ms, Average = 134ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...7a 79 05 3c 1f 0a ...... Hamachi Network Interface
0x10004 ...00 16 76 85 da 94 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.2  20
          5.0.0.0        255.0.0.0       5.60.31.10      5.60.31.10  20
       5.60.31.10  255.255.255.255        127.0.0.1       127.0.0.1  20
    5.255.255.255  255.255.255.255       5.60.31.10      5.60.31.10  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
  141.101.123.117  255.255.255.255      192.168.1.1     192.168.1.2  20
      192.168.1.0    255.255.255.0      192.168.1.2     192.168.1.2  20
      192.168.1.2  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.1.255  255.255.255.255      192.168.1.2     192.168.1.2  20
        224.0.0.0        240.0.0.0       5.60.31.10      5.60.31.10  20
        224.0.0.0        240.0.0.0      192.168.1.2     192.168.1.2  20
  255.255.255.255  255.255.255.255       5.60.31.10      5.60.31.10  1
  255.255.255.255  255.255.255.255      192.168.1.2     192.168.1.2  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/26/2014 06:14:46 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (08/26/2014 06:13:13 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, faulting module mscoree.dll, version 2.0.50727.42, fault address 0x00030152.
Processing media-specific event for [mbam.exe!ws!]
 
Error: (08/26/2014 06:08:53 PM) (Source: MSSQLServerADHelper) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.
 
Error: (08/26/2014 06:03:53 PM) (Source: MSSQLServerADHelper) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.
 
Error: (08/26/2014 05:14:29 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, faulting module mscoree.dll, version 2.0.50727.42, fault address 0x00030152.
Processing media-specific event for [mbam.exe!ws!]
 
Error: (08/25/2014 11:11:24 AM) (Source: .NET Runtime) (User: )
Description: Unable to open shim database version registry key - v2.0.50727.00000
 
Error: (08/25/2014 10:35:41 AM) (Source: MSSQLServerADHelper) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.
 
Error: (08/22/2014 02:56:49 PM) (Source: MSSQLServerADHelper) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.
 
Error: (08/22/2014 01:17:54 PM) (Source: .NET Runtime) (User: )
Description: Unable to open shim database version registry key - v2.0.50727.00000
 
Error: (08/22/2014 01:16:25 PM) (Source: MSSQLServerADHelper) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.
 
 
System errors:
=============
Error: (08/26/2014 06:09:33 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (08/26/2014 06:09:00 PM) (Source: Service Control Manager) (User: )
Description: The SQL Server Active Directory Helper service terminated with service-specific error 3221225572 (0xC0000064).
 
Error: (08/26/2014 06:07:12 PM) (Source: System Error) (User: )
Description: Error code 000000de, parameter1 00000000, parameter2 89f2fbe0, parameter3 e356f340, parameter4 688c5121.
 
Error: (08/26/2014 06:07:08 PM) (Source: System Error) (User: )
Description: Error code 100000d1, parameter1 f2a50000, parameter2 00000006, parameter3 00000001, parameter4 ba70d6d6.
 
Error: (08/26/2014 06:07:02 PM) (Source: System Error) (User: )
Description: Error code 100000d1, parameter1 00000003, parameter2 000000ff, parameter3 00000001, parameter4 ba27ab02.
 
Error: (08/26/2014 06:06:52 PM) (Source: System Error) (User: )
Description: Error code 100000be, parameter1 e360e818, parameter2 39083900, parameter3 ae8f35b0, parameter4 0000000e.
 
Error: (08/26/2014 06:06:31 PM) (Source: System Error) (User: )
Description: Error code 0000004e, parameter1 00000099, parameter2 00000000, parameter3 00000000, parameter4 00000000.
 
Error: (08/26/2014 06:06:24 PM) (Source: System Error) (User: )
Description: Error code 1000000a, parameter1 99390ebb, parameter2 00000002, parameter3 00000000, parameter4 80512c56.
 
Error: (08/26/2014 06:06:07 PM) (Source: System Error) (User: )
Description: Error code 0000004e, parameter1 00000099, parameter2 00000000, parameter3 00000000, parameter4 00000000.
 
Error: (08/26/2014 06:05:04 PM) (Source: System Error) (User: )
Description: Error code 1000000a, parameter1 c03c1e80, parameter2 00000002, parameter3 00000000, parameter4 8050eb5b.
 
 
Microsoft Office Sessions:
=========================
Error: (08/26/2014 06:14:46 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.
 
Error: (08/26/2014 06:13:13 PM) (Source: Application Error)(User: )
Description: mbam.exe1.0.0.532mscoree.dll2.0.50727.4200030152
 
Error: (08/26/2014 06:08:53 PM) (Source: MSSQLServerADHelper)(User: )
Description: 0
 
Error: (08/26/2014 06:03:53 PM) (Source: MSSQLServerADHelper)(User: )
Description: 0
 
Error: (08/26/2014 05:14:29 PM) (Source: Application Error)(User: )
Description: mbam.exe1.0.0.532mscoree.dll2.0.50727.4200030152
 
Error: (08/25/2014 11:11:24 AM) (Source: .NET Runtime)(User: )
Description: Unable to open shim database version registry key - v2.0.50727.00000
 
Error: (08/25/2014 10:35:41 AM) (Source: MSSQLServerADHelper)(User: )
Description: 0
 
Error: (08/22/2014 02:56:49 PM) (Source: MSSQLServerADHelper)(User: )
Description: 0
 
Error: (08/22/2014 01:17:54 PM) (Source: .NET Runtime)(User: )
Description: Unable to open shim database version registry key - v2.0.50727.00000
 
Error: (08/22/2014 01:16:25 PM) (Source: MSSQLServerADHelper)(User: )
Description: 0
 
 
 
=========================== Installed Programs ============================
7-Zip 4.57 (HKLM\...\7-Zip) (Version:  - )
ActivClient x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)
Ad-Aware SE Personal (HKLM\...\Ad-Aware SE Personal) (Version: 1.06 - Lavasoft)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe AIR (Version: 2.0.3.13070 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com)
ATI Catalyst Control Center (HKLM\...\{888A8DA6-E129-4EBD-994A-5C3DC2F4B805}) (Version: 1.2.2217.16585 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.22-060115a1-031138C-Intel - )
Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.3.0.23930 - Ask.com)
Canon iP4500 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series) (Version:  - )
Canon iP4500 series User Registration (HKLM\...\Canon iP4500 series User Registration) (Version:  - )
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version:  - Canon Inc.)
Canon LBP2900 (HKLM\...\Canon LBP2900) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
DataLab PANTHEON 5.0 (HKLM\...\{DFD4A822-1118-45CA-8222-B7C8E3480370}) (Version: 5.0 - Datalab d.o.o.)
DataLab Pantheon 5.5 (HKLM\...\DataLab Pantheon 5.5) (Version:  - Datalab tehnologije d.d.)
DataLab Pantheon 5.5 (Version: 5.5 - DataLab tehnologije d.d.) Hidden
Device Installer x86 (HKLM\...\{99FB318C-9E65-4AC3-9FC2-9DA7FF55C244}) (Version: 2.3 - ActivIdentity)
ePorezna - 1  (HKCU\...\3cf7c319c4ab1c2c) (Version: 2.5.9.1 - Elektroničke usluge Porezne uprave)
ePorezna (HKCU\...\778fff1aa5f9451e) (Version: 2.5.7.2 - Elektroničke usluge Porezne uprave)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
GO-Global Client (HKLM\...\{29C9C9B5-1BA2-4782-9D0E-E357FECCE242}) (Version: 3.2.0 - GraphOn)
GO-Global Server (HKLM\...\{D0F3F17E-0E8A-4D23-9B3C-87DD26BB4DE9}) (Version: 3.2.0 - GraphOn)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Hamachi 1.0.3.0 (HKLM\...\Hamachi) (Version:  - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Honey Bee (HKLM\...\{44E42834-8AB7-4D7D-9745-ADE04D723385}) (Version:  - )
IBackup for Windows Version - 9.0 (HKLM\...\IBackup for Windows_is1) (Version: 9.0 - Pro Softnet Corp)
iKBnet Internet bankarstvo 1.3 (HKLM\...\{7A8BB0E8-42D8-4607-9BE1-CE789E42B98B}) (Version: 1.3 - Istarska Kreditna Banka)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.210 - Oracle)
Malwarebytes Anti-Malware verzija 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 2.0 (Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Office Basic Edition 2003 (HKLM\...\{9113041A-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (Version: 8.0.55129 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.3.4035.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Management Studio Express (HKLM\...\{A4512736-8D63-4298-9271-5329931FA46B}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{56B4002F-671C-49F4-984C-C760FE3806B5}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
Nero 8 (HKLM\...\{3C5F1B30-B10B-4579-86DD-D00F662E487A}) (Version: 8.3.173 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NOD32 FiX v1.3 (HKLM\...\{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1) (Version:  - )
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
PIXMA Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
REALTEK Gigabit and Fast Ethernet NIC Driver (HKLM\...\{94FB906A-CF42-4128-A509-D353026A607E}) (Version: 1.70 - REALTEK Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.03 - Realtek Semiconductor Corp.)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090411.134454 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows paket jezičnog sučelja (HKLM\...\{E6D7E1A8-3DF6-4EAD-B382-C2BA8CD41EEB}) (Version: 2.2.2600.0 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 48%
Total physical RAM: 1917.83 MB
Available physical RAM: 987.39 MB
Total Pagefile: 2437.07 MB
Available Pagefile: 1641.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.86 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:231.93 GB) (Free:203.28 GB) NTFS
2 Drive d: () (Fixed) (Total:233.83 GB) (Free:233.58 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\USER-6A5379DC44
 
Administrator            Guest                    HelpAssistant            
SUPPORT_388945a0         User                     
 
 
**** End of log ****


#9 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:02:03 AM

Posted 26 August 2014 - 01:34 PM

20:33:13.0875 0x0110  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
20:33:17.0140 0x0110  ============================================================
20:33:17.0140 0x0110  Current date / time: 2014/08/26 20:33:17.0140
20:33:17.0140 0x0110  SystemInfo:
20:33:17.0140 0x0110  
20:33:17.0140 0x0110  OS Version: 5.1.2600 ServicePack: 3.0
20:33:17.0140 0x0110  Product type: Workstation
20:33:17.0140 0x0110  ComputerName: USER-6A5379DC44
20:33:17.0140 0x0110  UserName: User
20:33:17.0140 0x0110  Windows directory: C:\WINDOWS
20:33:17.0140 0x0110  System windows directory: C:\WINDOWS
20:33:17.0140 0x0110  Processor architecture: Intel x86
20:33:17.0140 0x0110  Number of processors: 1
20:33:17.0140 0x0110  Page size: 0x1000
20:33:17.0140 0x0110  Boot type: Normal boot
20:33:17.0140 0x0110  ============================================================
20:33:19.0375 0x0110  KLMD registered as C:\WINDOWS\system32\drivers\11893362.sys
20:33:19.0625 0x0110  System UUID: {734AB3E3-BEAE-8920-39AA-23F7F490AE4D}
20:33:20.0796 0x0110  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:33:20.0796 0x0110  ============================================================
20:33:20.0796 0x0110  \Device\Harddisk0\DR0:
20:33:20.0796 0x0110  MBR partitions:
20:33:20.0796 0x0110  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1CFDA105
20:33:20.0812 0x0110  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1CFDA183, BlocksNum 0x1D3AAABE
20:33:20.0812 0x0110  ============================================================
20:33:20.0843 0x0110  C: <-> \Device\Harddisk0\DR0\Partition1
20:33:20.0875 0x0110  D: <-> \Device\Harddisk0\DR0\Partition2
20:33:20.0890 0x0110  ============================================================
20:33:20.0890 0x0110  Initialize success
20:33:20.0890 0x0110  ============================================================
20:33:27.0250 0x0c20  ============================================================
20:33:27.0250 0x0c20  Scan started
20:33:27.0250 0x0c20  Mode: Manual; 
20:33:27.0250 0x0c20  ============================================================
20:33:27.0250 0x0c20  KSN ping started
20:33:29.0687 0x0c20  KSN ping finished: true
20:33:30.0562 0x0c20  ================ Scan system memory ========================
20:33:30.0562 0x0c20  System memory - ok
20:33:30.0562 0x0c20  ================ Scan services =============================
20:33:30.0640 0x0c20  Abiosdsk - ok
20:33:30.0656 0x0c20  abp480n5 - ok
20:33:30.0687 0x0c20  [ 00659E56339389469473AEC41587E706, 33CF74B079268D7B1205969212F2F6145095F0A5500C1B96957F0EB08C2D9D4E ] ac.sharedstore  C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
20:33:30.0703 0x0c20  ac.sharedstore - ok
20:33:30.0843 0x0c20  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:33:30.0843 0x0c20  ACPI - ok
20:33:30.0875 0x0c20  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:33:30.0875 0x0c20  ACPIEC - ok
20:33:30.0890 0x0c20  actccid - ok
20:33:30.0921 0x0c20  [ 179E807502EE0245E5CA731558622308, 4D2728A37C39FCA27D82D8C02F4565DA326C34C9B52043D55D8F42F32BBE47B1 ] ActivIdentity USB Reader V3 C:\WINDOWS\system32\DRIVERS\ActU3_2K.sys
20:33:30.0921 0x0c20  ActivIdentity USB Reader V3 - ok
20:33:30.0968 0x0c20  [ 476BB014F3F68C0C15EDDD5B444DA8FF, 94E8FDC4390672C31081EACF3B3AE57486ED06669C4120F139DB3A62AAE77071 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:33:30.0968 0x0c20  AdobeFlashPlayerUpdateSvc - ok
20:33:30.0984 0x0c20  adpu160m - ok
20:33:31.0000 0x0c20  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:33:31.0015 0x0c20  aec - ok
20:33:31.0031 0x0c20  [ 322D0E36693D6E24A2398BEE62A268CD, FB0BFF5846E50DBCC2826639318A6A1DE79EE7DEA2719ED74A5F6F44454E13D0 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:33:31.0046 0x0c20  AFD - ok
20:33:31.0062 0x0c20  Aha154x - ok
20:33:31.0062 0x0c20  aic78u2 - ok
20:33:31.0078 0x0c20  aic78xx - ok
20:33:31.0109 0x0c20  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:33:31.0109 0x0c20  Alerter - ok
20:33:31.0156 0x0c20  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
20:33:31.0156 0x0c20  ALG - ok
20:33:31.0171 0x0c20  AliIde - ok
20:33:31.0171 0x0c20  amsint - ok
20:33:31.0203 0x0c20  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
20:33:31.0218 0x0c20  AppMgmt - ok
20:33:31.0234 0x0c20  asc - ok
20:33:31.0234 0x0c20  asc3350p - ok
20:33:31.0250 0x0c20  asc3550 - ok
20:33:31.0296 0x0c20  [ D33C507942299753868204CC7642FA27, 4E7096D6F4B1176C4823540427219988AC9180E70954D3BF32A6C15ED1332670 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:33:31.0296 0x0c20  aspnet_state - ok
20:33:31.0312 0x0c20  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:33:31.0312 0x0c20  AsyncMac - ok
20:33:31.0328 0x0c20  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:33:31.0343 0x0c20  atapi - ok
20:33:31.0343 0x0c20  Atdisk - ok
20:33:31.0390 0x0c20  [ 1D4EDB435C59BA0193683739A95E59A6, EB948782BA723BA1850911FDA38B7D194556182116F2CB9FCA0B5B14C598507F ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:33:31.0406 0x0c20  Ati HotKey Poller - ok
20:33:31.0453 0x0c20  [ 2DA0A78E4BB2EB8722FF696E580A0DB9, 00AF17366BD805CDEACADD92C9CBF6111A854FFEFCB0177E3033E400B3664A8B ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe
20:33:31.0453 0x0c20  ATI Smart - ok
20:33:31.0546 0x0c20  [ 1CABA9EA8ADC5E9A5EBA3882F6A90F9B, CF331AA216A721DBBBED93ABB9BC574DC60BA3794439053F0013D3690F0914EF ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:33:31.0578 0x0c20  ati2mtag - ok
20:33:31.0625 0x0c20  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:33:31.0625 0x0c20  Atmarpc - ok
20:33:31.0656 0x0c20  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:33:31.0671 0x0c20  AudioSrv - ok
20:33:31.0703 0x0c20  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:33:31.0703 0x0c20  audstub - ok
20:33:31.0734 0x0c20  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:33:31.0734 0x0c20  Beep - ok
20:33:31.0796 0x0c20  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:33:31.0843 0x0c20  BITS - ok
20:33:31.0859 0x0c20  [ A06CE3399D16DB864F55FAEB1F1927A9, 3430FA8552D91670D9FB0A921C735ADBE2DA7FF108C199DDEEF2FB2E50713AF3 ] Browser         C:\WINDOWS\System32\browser.dll
20:33:31.0875 0x0c20  Browser - ok
20:33:31.0906 0x0c20  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:33:31.0906 0x0c20  cbidf2k - ok
20:33:31.0921 0x0c20  cd20xrnt - ok
20:33:31.0921 0x0c20  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:33:31.0937 0x0c20  Cdaudio - ok
20:33:31.0953 0x0c20  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:33:31.0953 0x0c20  Cdfs - ok
20:33:31.0984 0x0c20  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:33:31.0984 0x0c20  Cdrom - ok
20:33:32.0000 0x0c20  Changer - ok
20:33:32.0015 0x0c20  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:33:32.0015 0x0c20  CiSvc - ok
20:33:32.0046 0x0c20  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:33:32.0046 0x0c20  ClipSrv - ok
20:33:32.0078 0x0c20  [ 3C4D595E7F9B747325AEF28B4ADCAAE5, 4A283F3E2E659DA996EC16BC8181E9F521BDFDFCF246D0E432D65D2672AC9629 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:33:32.0078 0x0c20  clr_optimization_v2.0.50727_32 - ok
20:33:32.0093 0x0c20  CmdIde - ok
20:33:32.0109 0x0c20  COMSysApp - ok
20:33:32.0125 0x0c20  Cpqarray - ok
20:33:32.0171 0x0c20  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:33:32.0171 0x0c20  CryptSvc - ok
20:33:32.0187 0x0c20  dac2w2k - ok
20:33:32.0203 0x0c20  dac960nt - ok
20:33:32.0218 0x0c20  [ 2589FE6015A316C0F5D5112B4DA7B509, 2753785BA07A1A7A25E275332F5F9F403F6E8CBF396FD0905D6BA84B98C403A6 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:33:32.0234 0x0c20  DcomLaunch - ok
20:33:32.0265 0x0c20  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:33:32.0265 0x0c20  Dhcp - ok
20:33:32.0281 0x0c20  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:33:32.0281 0x0c20  Disk - ok
20:33:32.0296 0x0c20  dmadmin - ok
20:33:32.0343 0x0c20  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:33:32.0390 0x0c20  dmboot - ok
20:33:32.0406 0x0c20  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:33:32.0406 0x0c20  dmio - ok
20:33:32.0421 0x0c20  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:33:32.0421 0x0c20  dmload - ok
20:33:32.0453 0x0c20  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:33:32.0453 0x0c20  dmserver - ok
20:33:32.0484 0x0c20  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:33:32.0484 0x0c20  DMusic - ok
20:33:32.0500 0x0c20  [ 474B4DC3983173E4B4C9740B0DAC98A6, C0B1B5B3A87529FFA93BCFCC2BC013A96CAD7F5049ED4D999E8D5D9AC91F95B7 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:33:32.0500 0x0c20  Dnscache - ok
20:33:32.0546 0x0c20  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:33:32.0546 0x0c20  Dot3svc - ok
20:33:32.0562 0x0c20  dpti2o - ok
20:33:32.0578 0x0c20  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:33:32.0578 0x0c20  drmkaud - ok
20:33:32.0609 0x0c20  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:33:32.0625 0x0c20  EapHost - ok
20:33:32.0640 0x0c20  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:33:32.0640 0x0c20  ERSvc - ok
20:33:32.0671 0x0c20  [ 0E776ED5F7CC9F94299E70461B7B8185, 22750B3829133D1D4BB3CE2FA6247BE2373B5D15A6ED1C8A71673AA1CE7D9530 ] Eventlog        C:\WINDOWS\system32\services.exe
20:33:32.0671 0x0c20  Eventlog - ok
20:33:32.0703 0x0c20  [ 19A799805B24990867B00C120D300C3A, 3C8CB64BE0508B5136D4F4919DA665AB86366EFFFFDD890A9B27E7CE39DCF098 ] EventSystem     C:\WINDOWS\system32\es.dll
20:33:32.0718 0x0c20  EventSystem - ok
20:33:32.0750 0x0c20  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:33:32.0750 0x0c20  Fastfat - ok
20:33:32.0796 0x0c20  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:33:32.0812 0x0c20  FastUserSwitchingCompatibility - ok
20:33:32.0828 0x0c20  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
20:33:32.0828 0x0c20  Fdc - ok
20:33:32.0859 0x0c20  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:33:32.0859 0x0c20  Fips - ok
20:33:32.0875 0x0c20  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:33:32.0875 0x0c20  Flpydisk - ok
20:33:32.0890 0x0c20  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:33:32.0906 0x0c20  FltMgr - ok
20:33:32.0921 0x0c20  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:33:32.0921 0x0c20  Fs_Rec - ok
20:33:32.0937 0x0c20  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:33:32.0953 0x0c20  Ftdisk - ok
20:33:32.0984 0x0c20  [ B523D18E0AB5B7CAE8B0DF499A6DF2B5, 806973AB02FB5B3C247B08F737BA4E053CF75C322839EA767C39888688E27636 ] ggse            C:\WINDOWS\system32\DRIVERS\ggse.sys
20:33:33.0000 0x0c20  ggse - ok
20:33:33.0109 0x0c20  [ DB3FCD434C0E7FF186711CBE31525386, C8B566BDF73FD1600769F07766EBD8904F7F75C5616E6A01BFAA25709D189339 ] GO-Global Application Publishing Service C:\Program Files\GraphOn\GO-Global Server\Programs\aps.exe
20:33:33.0156 0x0c20  GO-Global Application Publishing Service - ok
20:33:33.0218 0x0c20  [ 338DEABD788009F2D043D3080E29930D, D36CEC7747B5D695639C7C93D9F541CE247E8813D301672F3FC969C8B027475A ] GO-Global License Manager  C:\Program Files\GraphOn\GO-Global Server\Programs\lmgrd.exe
20:33:33.0250 0x0c20  GO-Global License Manager  - ok
20:33:33.0281 0x0c20  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:33:33.0281 0x0c20  Gpc - ok
20:33:33.0312 0x0c20  [ 7929A161F9951D173CA9900FE7067391, 35F329B3476D34E02C31B8050E1AB8C74BA0F3114A6B48AFED8F98751EFF44AB ] hamachi         C:\WINDOWS\system32\DRIVERS\hamachi.sys
20:33:33.0312 0x0c20  hamachi - ok
20:33:33.0343 0x0c20  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:33:33.0343 0x0c20  HDAudBus - ok
20:33:33.0390 0x0c20  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:33:33.0406 0x0c20  helpsvc - ok
20:33:33.0406 0x0c20  HidServ - ok
20:33:33.0453 0x0c20  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:33:33.0453 0x0c20  HidUsb - ok
20:33:33.0500 0x0c20  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:33:33.0500 0x0c20  hkmsvc - ok
20:33:33.0515 0x0c20  hpn - ok
20:33:33.0531 0x0c20  [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:33:33.0562 0x0c20  HTTP - ok
20:33:33.0593 0x0c20  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:33:33.0593 0x0c20  HTTPFilter - ok
20:33:33.0609 0x0c20  i2omgmt - ok
20:33:33.0609 0x0c20  i2omp - ok
20:33:33.0640 0x0c20  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:33:33.0640 0x0c20  i8042prt - ok
20:33:33.0687 0x0c20  [ D1687ED4585A0C99EAEFE1BBF6484256, 897FA19690FA72E06FF7ABCEF3007EC49342BF4068059464BF5835C2DEF71F57 ] IBWin Service   C:\IBackup for Windows\IBWin Service_955.exe
20:33:33.0687 0x0c20  IBWin Service - ok
20:33:33.0734 0x0c20  [ 2F95BEF56AEEEB45DE55EC44668E2695, A846FA2A4A426252EA351B593E8C887BFE02EB137E9F0C9AEB094465A4555235 ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
20:33:33.0734 0x0c20  IJPLMSVC - ok
20:33:33.0765 0x0c20  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:33:33.0765 0x0c20  Imapi - ok
20:33:33.0812 0x0c20  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:33:33.0812 0x0c20  ImapiService - ok
20:33:33.0828 0x0c20  ini910u - ok
20:33:34.0015 0x0c20  [ 90E1B42E49D9E91E5ACCAAAAEFA10CE8, 19165B5685300D5245575694C6B49B381CC25BA350414845124CE6E19E0012BE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:33:34.0125 0x0c20  IntcAzAudAddService - ok
20:33:34.0156 0x0c20  IntelIde - ok
20:33:34.0171 0x0c20  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:33:34.0171 0x0c20  intelppm - ok
20:33:34.0187 0x0c20  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
20:33:34.0203 0x0c20  Ip6Fw - ok
20:33:34.0218 0x0c20  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:33:34.0218 0x0c20  IpFilterDriver - ok
20:33:34.0234 0x0c20  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:33:34.0234 0x0c20  IpInIp - ok
20:33:34.0265 0x0c20  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:33:34.0265 0x0c20  IpNat - ok
20:33:34.0281 0x0c20  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:33:34.0296 0x0c20  IPSec - ok
20:33:34.0296 0x0c20  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:33:34.0296 0x0c20  IRENUM - ok
20:33:34.0312 0x0c20  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:33:34.0328 0x0c20  isapnp - ok
20:33:34.0375 0x0c20  [ 5739F2821D49975CEDE6BF0153D0CF01, DF45BD1A9F6DDB893C99F28C3730C50C61A612C4297A4B00D857533FC0973CD9 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:33:34.0375 0x0c20  JavaQuickStarterService - ok
20:33:34.0390 0x0c20  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:33:34.0390 0x0c20  Kbdclass - ok
20:33:34.0421 0x0c20  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:33:34.0421 0x0c20  kmixer - ok
20:33:34.0437 0x0c20  [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:33:34.0437 0x0c20  KSecDD - ok
20:33:34.0468 0x0c20  [ F385F4B02C535BFFE1D70CAB80838123, A1695E161673BCB77CE150C2D98A07FCB454C53F10EEBECD754D2CC40DEAA1E0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:33:34.0468 0x0c20  lanmanserver - ok
20:33:34.0500 0x0c20  [ 1B67B632786FEF1C1BBAEF46C2F3F2E6, 48A6DB1EC7515F0DDD0639AEE3056F32C273B4D541F3647915A32ABA140DA34A ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:33:34.0500 0x0c20  lanmanworkstation - ok
20:33:34.0515 0x0c20  lbrtfdc - ok
20:33:34.0546 0x0c20  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:33:34.0546 0x0c20  LmHosts - ok
20:33:34.0578 0x0c20  [ AED25CDB09FB4E56F45DAF6C9A1D3ED3, 4915FF84EE63846778C5517A90769D8EA8D25CCAF029AB5383159555648FDE1B ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
20:33:34.0578 0x0c20  mbamchameleon - ok
20:33:34.0609 0x0c20  [ 8683C1B450F4B3872839308D836E0F92, C6CEEEA780D2191AEAC2537FD96324FF5501D92CE46313FB95ABB51765D919ED ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
20:33:34.0609 0x0c20  MBAMProtector - ok
20:33:34.0703 0x0c20  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
20:33:34.0734 0x0c20  MBAMScheduler - ok
20:33:34.0796 0x0c20  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
20:33:34.0828 0x0c20  MBAMService - ok
20:33:34.0859 0x0c20  [ 12E71DA845D76665B56753AD149E32B3, 0E403710CCBACD5AB85FD4C32AAB6CB2C27BC1F043E8008EE49EE96ECA944146 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
20:33:34.0859 0x0c20  MBAMSwissArmy - ok
20:33:34.0890 0x0c20  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:33:34.0906 0x0c20  Messenger - ok
20:33:34.0921 0x0c20  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:33:34.0921 0x0c20  mnmdd - ok
20:33:34.0968 0x0c20  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
20:33:34.0968 0x0c20  mnmsrvc - ok
20:33:34.0984 0x0c20  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:33:34.0984 0x0c20  Modem - ok
20:33:35.0000 0x0c20  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:33:35.0000 0x0c20  Mouclass - ok
20:33:35.0015 0x0c20  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:33:35.0015 0x0c20  MountMgr - ok
20:33:35.0031 0x0c20  mraid35x - ok
20:33:35.0046 0x0c20  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:33:35.0046 0x0c20  MRxDAV - ok
20:33:35.0093 0x0c20  [ 68755F0FF16070178B54674FE5B847B0, 2FFBCE3A67FA7E30E373624521C602E5510C5565F04381C6C9F961253DA928A6 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:33:35.0109 0x0c20  MRxSmb - ok
20:33:35.0140 0x0c20  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
20:33:35.0140 0x0c20  MSDTC - ok
20:33:35.0156 0x0c20  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:33:35.0156 0x0c20  Msfs - ok
20:33:35.0171 0x0c20  MSIServer - ok
20:33:35.0187 0x0c20  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:33:35.0187 0x0c20  MSKSSRV - ok
20:33:35.0187 0x0c20  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:33:35.0203 0x0c20  MSPCLOCK - ok
20:33:35.0203 0x0c20  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:33:35.0203 0x0c20  MSPQM - ok
20:33:35.0234 0x0c20  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:33:35.0234 0x0c20  mssmbios - ok
20:33:35.0281 0x0c20  MSSQL$SQLEXPRESS - ok
20:33:35.0312 0x0c20  MSSQLSERVER - ok
20:33:35.0375 0x0c20  [ C06EA83F6FC2959E897C117255B6B1D5, 012C6E5AA61BAAED47CB0E59E2F3E6E87941F555C5581ECAC7DF1051795AF681 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
20:33:35.0375 0x0c20  MSSQLServerADHelper - ok
20:33:35.0390 0x0c20  [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:33:35.0390 0x0c20  Mup - ok
20:33:35.0421 0x0c20  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:33:35.0437 0x0c20  napagent - ok
20:33:35.0484 0x0c20  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:33:35.0484 0x0c20  NDIS - ok
20:33:35.0500 0x0c20  [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:33:35.0500 0x0c20  NdisTapi - ok
20:33:35.0531 0x0c20  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:33:35.0531 0x0c20  Ndisuio - ok
20:33:35.0546 0x0c20  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:33:35.0562 0x0c20  NdisWan - ok
20:33:35.0562 0x0c20  [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:33:35.0578 0x0c20  NDProxy - ok
20:33:35.0671 0x0c20  [ 40D7D0A208EE863BCA8D89E299216F15, 4686E416A80D883B7C6CBE21E8D8D6C814D16DC48495F8ACFE7B4664560CA5E3 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
20:33:35.0687 0x0c20  Nero BackItUp Scheduler 3 - ok
20:33:35.0703 0x0c20  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:33:35.0703 0x0c20  NetBIOS - ok
20:33:35.0718 0x0c20  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:33:35.0734 0x0c20  NetBT - ok
20:33:35.0765 0x0c20  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:33:35.0765 0x0c20  NetDDE - ok
20:33:35.0781 0x0c20  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:33:35.0781 0x0c20  NetDDEdsdm - ok
20:33:35.0812 0x0c20  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:33:35.0812 0x0c20  Netlogon - ok
20:33:35.0875 0x0c20  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
20:33:35.0875 0x0c20  Netman - ok
20:33:35.0921 0x0c20  [ B4138E99236F0F57D4CF49BAE98A0746, DDEAE046C1165C41F06933E808B143118208B02BB83FA80BEF8F550D4DC78149 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:33:35.0937 0x0c20  Nla - ok
20:33:36.0000 0x0c20  [ EBA1B4BF2E2375ABDADEDB649F283541, 8B27AE794678C55791F95F34E67E12BAD5BE753F812C49D6511BB657CF453B52 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
20:33:36.0031 0x0c20  NMIndexingService - ok
20:33:36.0046 0x0c20  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:33:36.0046 0x0c20  Npfs - ok
20:33:36.0078 0x0c20  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:33:36.0093 0x0c20  Ntfs - ok
20:33:36.0109 0x0c20  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
20:33:36.0109 0x0c20  NtLmSsp - ok
20:33:36.0156 0x0c20  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:33:36.0187 0x0c20  NtmsSvc - ok
20:33:36.0187 0x0c20  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:33:36.0187 0x0c20  Null - ok
20:33:36.0218 0x0c20  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:33:36.0218 0x0c20  NwlnkFlt - ok
20:33:36.0234 0x0c20  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:33:36.0234 0x0c20  NwlnkFwd - ok
20:33:36.0265 0x0c20  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:33:36.0281 0x0c20  ose - ok
20:33:36.0312 0x0c20  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
20:33:36.0312 0x0c20  Parport - ok
20:33:36.0328 0x0c20  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:33:36.0328 0x0c20  PartMgr - ok
20:33:36.0359 0x0c20  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:33:36.0359 0x0c20  ParVdm - ok
20:33:36.0375 0x0c20  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:33:36.0375 0x0c20  PCI - ok
20:33:36.0390 0x0c20  PCIDump - ok
20:33:36.0406 0x0c20  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:33:36.0406 0x0c20  PCIIde - ok
20:33:36.0437 0x0c20  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:33:36.0437 0x0c20  Pcmcia - ok
20:33:36.0453 0x0c20  PDCOMP - ok
20:33:36.0453 0x0c20  PDFRAME - ok
20:33:36.0468 0x0c20  PDRELI - ok
20:33:36.0484 0x0c20  PDRFRAME - ok
20:33:36.0500 0x0c20  perc2 - ok
20:33:36.0500 0x0c20  perc2hib - ok
20:33:36.0546 0x0c20  [ 875E4E0661F3A5994DF9E5E3A0A4F96B, 7198C02935B3714C455EE94305D2A21D900D72AC67049C11A1E842572AD6C5E1 ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
20:33:36.0562 0x0c20  PLFlash DeviceIoControl Service - ok
20:33:36.0578 0x0c20  [ 0E776ED5F7CC9F94299E70461B7B8185, 22750B3829133D1D4BB3CE2FA6247BE2373B5D15A6ED1C8A71673AA1CE7D9530 ] PlugPlay        C:\WINDOWS\system32\services.exe
20:33:36.0578 0x0c20  PlugPlay - ok
20:33:36.0593 0x0c20  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:33:36.0593 0x0c20  PolicyAgent - ok
20:33:36.0625 0x0c20  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:33:36.0625 0x0c20  PptpMiniport - ok
20:33:36.0625 0x0c20  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:33:36.0640 0x0c20  ProtectedStorage - ok
20:33:36.0640 0x0c20  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:33:36.0656 0x0c20  PSched - ok
20:33:36.0687 0x0c20  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:33:36.0687 0x0c20  Ptilink - ok
20:33:36.0703 0x0c20  ql1080 - ok
20:33:36.0703 0x0c20  Ql10wnt - ok
20:33:36.0718 0x0c20  ql12160 - ok
20:33:36.0734 0x0c20  ql1240 - ok
20:33:36.0750 0x0c20  ql1280 - ok
20:33:36.0765 0x0c20  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:33:36.0765 0x0c20  RasAcd - ok
20:33:36.0796 0x0c20  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:33:36.0796 0x0c20  RasAuto - ok
20:33:36.0812 0x0c20  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:33:36.0812 0x0c20  Rasl2tp - ok
20:33:36.0859 0x0c20  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:33:36.0875 0x0c20  RasMan - ok
20:33:36.0890 0x0c20  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:33:36.0906 0x0c20  RasPppoe - ok
20:33:36.0921 0x0c20  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:33:36.0921 0x0c20  Raspti - ok
20:33:36.0937 0x0c20  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:33:36.0937 0x0c20  Rdbss - ok
20:33:36.0953 0x0c20  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:33:36.0953 0x0c20  RDPCDD - ok
20:33:36.0984 0x0c20  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:33:37.0000 0x0c20  rdpdr - ok
20:33:37.0046 0x0c20  [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:33:37.0046 0x0c20  RDPWD - ok
20:33:37.0078 0x0c20  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:33:37.0078 0x0c20  RDSessMgr - ok
20:33:37.0109 0x0c20  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:33:37.0109 0x0c20  redbook - ok
20:33:37.0140 0x0c20  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:33:37.0140 0x0c20  RemoteAccess - ok
20:33:37.0171 0x0c20  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
20:33:37.0187 0x0c20  RemoteRegistry - ok
20:33:37.0187 0x0c20  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:33:37.0203 0x0c20  RpcLocator - ok
20:33:37.0234 0x0c20  [ 2589FE6015A316C0F5D5112B4DA7B509, 2753785BA07A1A7A25E275332F5F9F403F6E8CBF396FD0905D6BA84B98C403A6 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:33:37.0250 0x0c20  RpcSs - ok
20:33:37.0281 0x0c20  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:33:37.0281 0x0c20  RSVP - ok
20:33:37.0296 0x0c20  [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:33:37.0296 0x0c20  rtl8139 - ok
20:33:37.0312 0x0c20  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:33:37.0312 0x0c20  SamSs - ok
20:33:37.0328 0x0c20  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:33:37.0343 0x0c20  SCardSvr - ok
20:33:37.0359 0x0c20  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:33:37.0359 0x0c20  Schedule - ok
20:33:37.0406 0x0c20  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:33:37.0406 0x0c20  Secdrv - ok
20:33:37.0421 0x0c20  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:33:37.0421 0x0c20  seclogon - ok
20:33:37.0453 0x0c20  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
20:33:37.0453 0x0c20  SENS - ok
20:33:37.0468 0x0c20  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
20:33:37.0468 0x0c20  serenum - ok
20:33:37.0515 0x0c20  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
20:33:37.0515 0x0c20  Serial - ok
20:33:37.0531 0x0c20  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:33:37.0531 0x0c20  Sfloppy - ok
20:33:37.0562 0x0c20  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:33:37.0578 0x0c20  SharedAccess - ok
20:33:37.0609 0x0c20  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:33:37.0609 0x0c20  ShellHWDetection - ok
20:33:37.0625 0x0c20  Simbad - ok
20:33:37.0640 0x0c20  Sparrow - ok
20:33:37.0656 0x0c20  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:33:37.0656 0x0c20  splitter - ok
20:33:37.0671 0x0c20  [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B, 130D686A220AF97EBF33DD481B79990F259B4EE38DD95A35CD3D0F0517790FF0 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:33:37.0687 0x0c20  Spooler - ok
20:33:37.0718 0x0c20  [ B2EC3E1DEAC5F0A764BD3486D213A0AF, 77597D6AF90BF0FD50AF7271C800D84BE69E288760116B7A252FB8B068614A52 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:33:37.0734 0x0c20  SQLBrowser - ok
20:33:37.0750 0x0c20  SQLSERVERAGENT - ok
20:33:37.0796 0x0c20  [ D2F4F32B59440011174B4F8137AF4E0C, 82862C39B34D1ED6ED170DAAB385B6ABE5078A6CC995E396828695F2CE2542D9 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:33:37.0796 0x0c20  SQLWriter - ok
20:33:37.0828 0x0c20  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:33:37.0843 0x0c20  sr - ok
20:33:37.0875 0x0c20  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:33:37.0890 0x0c20  srservice - ok
20:33:37.0906 0x0c20  [ 5252605079810904E31C332E241CD59B, 039DD965DE2137219168F95CA3BF1CA7353957026BDD0481F7964E2578DF2128 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:33:37.0921 0x0c20  Srv - ok
20:33:37.0953 0x0c20  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:33:37.0953 0x0c20  SSDPSRV - ok
20:33:38.0000 0x0c20  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:33:38.0015 0x0c20  stisvc - ok
20:33:38.0031 0x0c20  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:33:38.0031 0x0c20  swenum - ok
20:33:38.0046 0x0c20  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:33:38.0062 0x0c20  swmidi - ok
20:33:38.0062 0x0c20  SwPrv - ok
20:33:38.0078 0x0c20  symc810 - ok
20:33:38.0093 0x0c20  symc8xx - ok
20:33:38.0109 0x0c20  sym_hi - ok
20:33:38.0125 0x0c20  sym_u3 - ok
20:33:38.0140 0x0c20  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:33:38.0140 0x0c20  sysaudio - ok
20:33:38.0156 0x0c20  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:33:38.0171 0x0c20  SysmonLog - ok
20:33:38.0203 0x0c20  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:33:38.0218 0x0c20  TapiSrv - ok
20:33:38.0250 0x0c20  [ 93EA8D04EC73A85DB02EB8805988F733, 013008E23F5F14E0C836C28524D1181759BAF84530C6331163882A772217F398 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:33:38.0265 0x0c20  Tcpip - ok
20:33:38.0296 0x0c20  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:33:38.0296 0x0c20  TDPIPE - ok
20:33:38.0312 0x0c20  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:33:38.0312 0x0c20  TDTCP - ok
20:33:38.0546 0x0c20  [ 0F2A43DB0A4A70EF400295F413527293, D67D78CFB47E9EA1C1D9B37BFFFB44320A6ECC2D0C029768517C64F3A1882E19 ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
20:33:38.0671 0x0c20  TeamViewer8 - ok
20:33:38.0718 0x0c20  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:33:38.0718 0x0c20  TermDD - ok
20:33:38.0750 0x0c20  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
20:33:38.0765 0x0c20  TermService - ok
20:33:38.0796 0x0c20  [ 1926899BF9FFE2602B63074971700412, F5C48EDBE5C6507527630B49C95BAA9F1E47EACC5A910F2B9A4528733E81A966 ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:33:38.0812 0x0c20  Themes - ok
20:33:38.0843 0x0c20  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
20:33:38.0843 0x0c20  TlntSvr - ok
20:33:38.0859 0x0c20  TosIde - ok
20:33:38.0890 0x0c20  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:33:38.0890 0x0c20  TrkWks - ok
20:33:38.0937 0x0c20  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:33:38.0937 0x0c20  Udfs - ok
20:33:38.0953 0x0c20  ultra - ok
20:33:38.0984 0x0c20  [ C81B8635DEE0D3EF5F64B3DD643023A5, 6D7438A5FB7168352099F726BD0980AD398A7CFE929B8D2BD362B238C1540D85 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
20:33:38.0984 0x0c20  UMWdf - ok
20:33:39.0031 0x0c20  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:33:39.0046 0x0c20  Update - ok
20:33:39.0078 0x0c20  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:33:39.0093 0x0c20  upnphost - ok
20:33:39.0125 0x0c20  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
20:33:39.0125 0x0c20  UPS - ok
20:33:39.0156 0x0c20  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:33:39.0171 0x0c20  usbccgp - ok
20:33:39.0187 0x0c20  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:33:39.0203 0x0c20  usbehci - ok
20:33:39.0234 0x0c20  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:33:39.0234 0x0c20  usbhub - ok
20:33:39.0265 0x0c20  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:33:39.0265 0x0c20  usbohci - ok
20:33:39.0312 0x0c20  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:33:39.0312 0x0c20  usbprint - ok
20:33:39.0328 0x0c20  [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:33:39.0343 0x0c20  usbscan - ok
20:33:39.0359 0x0c20  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:33:39.0359 0x0c20  USBSTOR - ok
20:33:39.0390 0x0c20  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:33:39.0390 0x0c20  VgaSave - ok
20:33:39.0406 0x0c20  ViaIde - ok
20:33:39.0437 0x0c20  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:33:39.0437 0x0c20  VolSnap - ok
20:33:39.0468 0x0c20  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
20:33:39.0484 0x0c20  VSS - ok
20:33:39.0515 0x0c20  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
20:33:39.0515 0x0c20  W32Time - ok
20:33:39.0531 0x0c20  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:33:39.0531 0x0c20  Wanarp - ok
20:33:39.0546 0x0c20  WDICA - ok
20:33:39.0562 0x0c20  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:33:39.0578 0x0c20  wdmaud - ok
20:33:39.0625 0x0c20  [ 5980BAA653D0D3AA99FF62EFEB082D58, B7348DB8C1413B52B1081DE4E6FF5C6F340EF2F2BDB238D0942CC0960BD71298 ] WDMCAPI         C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys
20:33:39.0656 0x0c20  WDMCAPI - ok
20:33:39.0671 0x0c20  [ BD83671EB0ED5B81257D0945EF0EF0D3, 82AF64A4690400DABBD67F3B6FC3CA48E21A2167060468BA43C1DFAB6B9753DE ] WDMWANMP        C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys
20:33:39.0671 0x0c20  WDMWANMP - ok
20:33:39.0687 0x0c20  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:33:39.0703 0x0c20  WebClient - ok
20:33:39.0765 0x0c20  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:33:39.0781 0x0c20  winmgmt - ok
20:33:39.0828 0x0c20  [ A477391B7A8B0A0DAABADB17CF533A4B, 9B1929B5BBF2738BA3D402809FCB8DAA09EF4727F860567895D5E73EBE43E627 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:33:39.0828 0x0c20  WmdmPmSN - ok
20:33:39.0875 0x0c20  [ BAB489A5FE26F2D0C910CF7AF7E4CF92, 700325258CA7A2BC2D7AA6E3176194D21229BEA76EA37BEAE117BBF87CE4ECD4 ] Wmi             C:\WINDOWS\System32\advapi32.dll
20:33:39.0906 0x0c20  Wmi - ok
20:33:39.0921 0x0c20  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:33:39.0937 0x0c20  WmiApSrv - ok
20:33:39.0968 0x0c20  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:33:39.0968 0x0c20  WS2IFSL - ok
20:33:39.0984 0x0c20  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:33:39.0984 0x0c20  wscsvc - ok
20:33:40.0031 0x0c20  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:33:40.0031 0x0c20  wuauserv - ok
20:33:40.0078 0x0c20  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:33:40.0093 0x0c20  WZCSVC - ok
20:33:40.0125 0x0c20  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:33:40.0125 0x0c20  xmlprov - ok
20:33:40.0140 0x0c20  ================ Scan global ===============================
20:33:40.0171 0x0c20  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
20:33:40.0187 0x0c20  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C, 1ED920E475221228EF215708701EC166A0B1BBCBD236E5B047420EBD0FF1371A ] C:\WINDOWS\system32\winsrv.dll
20:33:40.0234 0x0c20  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C, 1ED920E475221228EF215708701EC166A0B1BBCBD236E5B047420EBD0FF1371A ] C:\WINDOWS\system32\winsrv.dll
20:33:40.0250 0x0c20  [ 0E776ED5F7CC9F94299E70461B7B8185, 22750B3829133D1D4BB3CE2FA6247BE2373B5D15A6ED1C8A71673AA1CE7D9530 ] C:\WINDOWS\system32\services.exe
20:33:40.0250 0x0c20  [ Global ] - ok
20:33:40.0265 0x0c20  ================ Scan MBR ==================================
20:33:40.0281 0x0c20  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:33:40.0453 0x0c20  \Device\Harddisk0\DR0 - ok
20:33:40.0453 0x0c20  ================ Scan VBR ==================================
20:33:40.0468 0x0c20  [ 33FF06FDB37E8BC82A540B0AA4E584E9 ] \Device\Harddisk0\DR0\Partition1
20:33:40.0500 0x0c20  \Device\Harddisk0\DR0\Partition1 - ok
20:33:40.0515 0x0c20  [ 655BB6D10EE95F5C7135EDB568E0D7B4 ] \Device\Harddisk0\DR0\Partition2
20:33:40.0531 0x0c20  \Device\Harddisk0\DR0\Partition2 - ok
20:33:40.0546 0x0c20  ================ Scan generic autorun ======================
20:33:40.0593 0x0c20  [ 64C4C17BF6A40FF1CD21205E6FD415B8, 89FB7E081E4D9808FC36B53E610C0445B69833ED1586AFCDCD00663576A72B35 ] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
20:33:40.0593 0x0c20  ATICCC - ok
20:33:41.0234 0x0c20  [ 0B4A7B6DCC667AC50660E0AAA5914704, 0E8E3CFE193F2464A9B3B524EA78FBC8CB713EA67108F1793CB2A987913FA597 ] C:\WINDOWS\RTHDCPL.EXE
20:33:41.0562 0x0c20  RTHDCPL - ok
20:33:41.0671 0x0c20  [ 8B4CBBA1EA526830C7F97E7822E2493A, 1DFD05B1C0050DB44F5B4293E5574BFC292AF804A63FC0A70131BB498C326977 ] C:\WINDOWS\ALCMTR.EXE
20:33:41.0671 0x0c20  Alcmtr - ok
20:33:41.0734 0x0c20  [ FEDB6110D3E0A7EFE6996F93CD8C48E7, 719F6B648AE9841B03C8FB9FC9D0CB1233FDD3030FBD3C420C3E8CEB59A12214 ] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
20:33:41.0765 0x0c20  CanonSolutionMenu - ok
20:33:41.0890 0x0c20  [ 2F0F0E6AA6F5874E13E792996077138B, 9D12D4D61139436E3BFDC74577195A1D2C62B8D2C30034093197452287E22C15 ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
20:33:41.0921 0x0c20  CanonMyPrinter - ok
20:33:41.0953 0x0c20  [ 437B6AFAA18703620FFB7817398A1C6A, 3118849AA2DC320668E45F8DC36C8D9DE95B3456FC2EA5DC40E53EE73134D9D8 ] C:\IBackup for Windows\IBackground_955.exe
20:33:41.0953 0x0c20  IBWin Background process - ok
20:33:42.0046 0x0c20  [ F55939DDE3CA3B11CCB11D245E089BBC, 3F395934993B67801C8D048B65C31FB3E6B13F20D93D77898BF5AB61165B67E0 ] C:\IBackup for Windows\IBMonitor.exe
20:33:42.0093 0x0c20  IBWin Monitor - ok
20:33:42.0406 0x0c20  [ 7A0F07E892716871F3F8C905A387AA33, B644E27D09E20263D1836284BD55DD58F699453FB823E295CA3A2283E21AC9CF ] C:\IBackup for Windows\IBackupForWindows_955.exe
20:33:42.0687 0x0c20  IBWIN - ok
20:33:42.0781 0x0c20  [ 1AE0189F6E0C89751D7810DFA4432EAC, A1422453DCCD8163C0A7620CEFDE42184C26DD40BFA4208715B394E2558C19EA ] C:\Program Files\ActivIdentity\ActivClient\acevents.exe
20:33:42.0781 0x0c20  acevents - ok
20:33:42.0828 0x0c20  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\CTFMON.EXE
20:33:42.0828 0x0c20  CTFMON.EXE - ok
20:33:42.0843 0x0c20  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\CTFMON.EXE
20:33:42.0843 0x0c20  CTFMON.EXE - ok
20:33:42.0859 0x0c20  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
20:33:42.0859 0x0c20  CTFMON.EXE - ok
20:33:42.0968 0x0c20  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
20:33:42.0968 0x0c20  Google Update - ok
20:33:42.0968 0x0c20  Waiting for KSN requests completion. In queue: 152
20:33:43.0968 0x0c20  Waiting for KSN requests completion. In queue: 152
20:33:44.0968 0x0c20  Waiting for KSN requests completion. In queue: 152
20:33:46.0078 0x0c20  Win FW state via NFM: enabled
20:33:48.0437 0x0c20  ============================================================
20:33:48.0437 0x0c20  Scan finished
20:33:48.0437 0x0c20  ============================================================
20:33:48.0453 0x05b0  Detected object count: 0
20:33:48.0453 0x05b0  Actual detected object count: 0


#10 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:02:03 AM

Posted 26 August 2014 - 01:43 PM

# AdwCleaner v3.308 - Report created 26/08/2014 at 20:39:14
# Updated 20/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - USER-6A5379DC44
# Running from : C:\Documents and Settings\User\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\User\Application Data\AskToolbar
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3647 octets] - [26/08/2014 20:37:39]
AdwCleaner[S0].txt - [3626 octets] - [26/08/2014 20:39:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3686 octets] ##########


#11 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:02:03 AM

Posted 26 August 2014 - 01:53 PM

JRT detects bad driver,reboots the computer,CMD opens and nothing happens.

I tried running JRT few more times but same problem.



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 PM

Posted 26 August 2014 - 02:17 PM

Can you write down the line from the MBAM scan the names the backdoor and did it delete or quarantine it?

In Control Panel remove these...
Adobe Reader 9.5.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.210 - Oracle)

Restart the machine.

Is ESET still running? If so wait to do the Uninstall.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:02:03 AM

Posted 27 August 2014 - 04:07 AM

Backdoor.DCRND.gen

It did quarantine it.



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 PM

Posted 27 August 2014 - 09:50 AM

Ok, thanks... after ESET you should change all Passwords as that back door has them.

How is it running?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Bleky

Bleky
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere on internet
  • Local time:02:03 AM

Posted 27 August 2014 - 10:00 AM

The computer is faster,thank you Boopme! :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users