WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

XP, something is running slowing computer to a crawl

Started by gcdi , Jul 31 2014 08:04 PM

Page 3 of 9
1
2
3
4
5

Please log in to reply

122 replies to this topic

#31 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 14 August 2014 - 02:43 PM

Hi gcdi,

Please follow all previous instructions regarding security programs.

Open a new Notepad session

Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.
Copy and paste all the text in the code box below into the Notepad.

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run]

File::
C:\Documents and Settings\All Users\Application Data\EthiKuwn\EthiKuwn.dat
C:\Documents and Settings\All Users\Application Data\UpexEwudj\UpexEwudj.dat
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ezoxid.exe
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ifvai.exe
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\taid.exe
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\wolea.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\duusak.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\egciot.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ezru.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\itizew.exe
C:\Documents and Settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\ahekyl.exe
C:\Documents and Settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\avqo.exe
C:\Documents and Settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\evuwyq.exe
C:\Documents and Settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\olke.exe

Registry::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run]
"IsemhAwixp"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EthiKuwn"=-

Folder::
C:\Documents and Settings\All Users\Application Data\IsemhAwixp
C:\Documents and Settings\All Users\Application Data\UpexEwudj
C:\Documents and Settings\All Users\Application Data\UppoVsip
C:\Documents and Settings\MIKE\Application Data\Saepwoe
C:\Documents and Settings\All Users\Application Data\EthiKuwn
C:\Documents and Settings\MIKE\Application Data\Ebtyzau
C:\Documents and Settings\All Users\Application Data\UrjiTopiy
C:\Documents and Settings\MIKE\Application Data\Nuhiveu
C:\Documents and Settings\All Users\Application Data\UhocMimp
C:\Documents and Settings\MIKE\Application Data\0c7610
C:\Documents and Settings\MIKE\Local Settings\Application Data\0c7610
C:\Documents and Settings\MIKE\Local Settings\Application Data\2085198906
C:\c088cf6

DirLook::
C:\Documents and Settings\MIKE\Local Settings\Application Data\browser_dir
C:\Documents and Settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}

In the notepad

Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Please post back with the Combofix log.

How are things now?

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

Advertisements

Register to Remove

#32 gcdi

Authentic Member

Authentic Member
119 posts

Posted 15 August 2014 - 11:24 PM

Well, I may not be able to.

Currently I can boot the computer if the router is disconnected and if I use task manager it shows cpu usage anywhere from 0 to 25%.

When I connect the router the monitor screen goes all white but I can see a faint scroll bar on the right and the cpu usage goes to 100% with two iexplore,exe being the top two for usage and I can't do anything else with the computer.

Any suggestions?

#33 gcdi

Authentic Member

Authentic Member
119 posts

Posted 15 August 2014 - 11:28 PM

Could I possibly copy the text on to a flash drive using my laptop and then transfer to the problem computer with the router disconnected?

#34 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 15 August 2014 - 11:30 PM

Hi gcdi,

that would most likey be the rest of the malware attempting to call home.

Disconnect the computer from the router. Use your other computer to down load the combofix script. You can save it to a flash drive or a CD. Makesure you save it as CFScript.txt

If you use a flashdrive hold the shift key down when inserting it into the sick computer.

On the sick computer just transfer the file to the computer's desktop. The rest of the instruction will be the same.

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#35 gcdi

Authentic Member

Authentic Member
119 posts

Posted 16 August 2014 - 11:08 AM

OK, got it to run without using laptop, just left it sitting for a few hours.

After I copied the text I disconnected the router, started combo and left it for a few hours.

When I checked it again it had finished but I noticed in the taskbar it looked like a google chrome webpage was open, also showed as app in task mgr but wouldn't switch to it and finally closed it after about seven tries. Connected the router again and cpu usage no longer at 100% but at about 75% and it keeps showing that a google chrome has opened.

Here's the log

ComboFix 14-08-15.01 - MIKE 08/16/2014   5:36.4.4 - x86
Running from: c:\documents and settings\MIKE\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\MIKE\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\duusak.exe"
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\egciot.exe"
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\ezru.exe"
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\itizew.exe"
"c:\documents and settings\All Users\Application Data\EthiKuwn\EthiKuwn.dat"
"c:\documents and settings\All Users\Application Data\UpexEwudj\UpexEwudj.dat"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\ezoxid.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\ifvai.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\taid.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\wolea.exe"
"c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\ahekyl.exe"
"c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\avqo.exe"
"c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\evuwyq.exe"
"c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\olke.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\c088cf6
c:\c088cf6\c088cf6.exe
c:\documents and settings\All Users\Application Data\EthiKuwn
c:\documents and settings\All Users\Application Data\EthiKuwn\EthiKuwn.dat
c:\documents and settings\All Users\Application Data\UhocMimp
c:\documents and settings\All Users\Application Data\UpexEwudj
c:\documents and settings\All Users\Application Data\UpexEwudj\UpexEwudj.dat
c:\documents and settings\All Users\Application Data\UppoVsip
c:\documents and settings\All Users\Application Data\UppoVsip\UppoVsip.dat
c:\documents and settings\All Users\Application Data\UrjiTopiy
c:\documents and settings\All Users\Application Data\UrjiTopiy\UrjiTopiy.dat
c:\documents and settings\MIKE\Application Data\0c7610
c:\documents and settings\MIKE\Application Data\Ebtyzau
c:\documents and settings\MIKE\Application Data\Nuhiveu
c:\documents and settings\MIKE\Application Data\Saepwoe
c:\documents and settings\MIKE\Application Data\Ypazodka\bomoew.exe
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\2B8.tmp
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\2B9.tmp
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Archived History-journal
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Archived History
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Cache\data_0
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Cache\data_1
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Cache\data_2
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Cache\data_3
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Cache\index
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Cookies-journal
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Cookies
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Current Session
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Extension Rules\000003.log
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Extension Rules\CURRENT
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Extension Rules\LOCK
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Extension Rules\LOG
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000002
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Favicons-journal
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Favicons
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Google Profile.ico
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\History-journal
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\History
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Login Data-journal
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Login Data
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Network Action Predictor-journal
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Network Action Predictor
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Preferences
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\README
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Session Storage\000003.log
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Session Storage\CURRENT
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Session Storage\LOCK
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Session Storage\LOG
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000002
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Shortcuts-journal
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Shortcuts
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Top Sites-journal
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Top Sites
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Visited Links
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Web Data-journal
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Default\Web Data
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\First Run
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Local State
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Safe Browsing Cookies-journal
c:\documents and settings\MIKE\Local Settings\Application Data\0c7610\Google\Chrome\User Data\Safe Browsing Cookies
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\35.0.1916.153.manifest
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\chrome.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\chrome_100_percent.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\chrome_200_percent.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\chrome_child.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\chrome_elf.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\d3dcompiler_43.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\d3dcompiler_46.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\default_apps\docs.crx
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\default_apps\drive.crx
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\default_apps\external_extensions.json
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\default_apps\gmail.crx
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\default_apps\search.crx
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\default_apps\youtube.crx
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\delegate_execute.exe
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Extensions\external_extensions.json
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\ffmpegsumo.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\icudtl.dat
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Installer\chrmstp.exe
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Installer\setup.exe
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\libegl.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\libglesv2.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\libpeerconnection.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\am.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\ar.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\bg.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\bn.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\ca.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\cs.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\da.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\de.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\el.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\en-GB.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\en-US.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\es-419.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\es.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\et.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\fa.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\fi.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\fil.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\fr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\gu.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\he.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\hi.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\hr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\hu.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\id.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\it.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\ja.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\kn.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\ko.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\lt.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\lv.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\ml.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\mr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\ms.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\nb.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\nl.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\pl.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\pt-BR.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\pt-PT.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\ro.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\ru.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\sk.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\sl.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\sr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\sv.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\sw.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\ta.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\te.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\th.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\tr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\uk.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\vi.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\zh-CN.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\Locales\zh-TW.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\metro_driver.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\mksnapshot.ia32.exe.assert.manifest
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\nacl_irt_x86_32.nexe
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\nacl_irt_x86_64.nexe
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\nacl64.exe
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\pdf.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\PepperFlash\manifest.json
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\PepperFlash\pepflashplayer.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\ppgooglenaclpluginchrome.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\resources.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\secondarytile.png
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\VisualElements\logo.png
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\VisualElements\smalllogo.png
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\VisualElements\splash-620x300.png
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\widevinecdmadapter.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\35.0.1916.153\xinput1_3.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\36.0.1985.125.manifest
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\chrome.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\chrome_100_percent.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\chrome_200_percent.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\chrome_child.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\chrome_elf.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\d3dcompiler_43.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\d3dcompiler_46.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\default_apps\docs.crx
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\default_apps\drive.crx
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\default_apps\external_extensions.json
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\default_apps\gmail.crx
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\default_apps\search.crx
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\default_apps\youtube.crx
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\delegate_execute.exe
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Extensions\external_extensions.json
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\ffmpegsumo.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\icudtl.dat
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Installer\chrmstp.exe
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Installer\chrome.7z
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Installer\setup.exe
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\libegl.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\libexif.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\libglesv2.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\libpeerconnection.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\am.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\ar.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\bg.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\bn.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\ca.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\cs.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\da.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\de.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\el.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\en-GB.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\en-US.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\es-419.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\es.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\et.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\fa.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\fi.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\fil.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\fr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\gu.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\he.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\hi.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\hr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\hu.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\id.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\it.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\ja.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\kn.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\ko.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\lt.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\lv.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\ml.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\mr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\ms.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\nb.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\nl.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\pl.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\pt-BR.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\pt-PT.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\ro.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\ru.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\sk.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\sl.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\sr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\sv.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\sw.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\ta.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\te.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\th.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\tr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\uk.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\vi.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\zh-CN.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\Locales\zh-TW.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\metro_driver.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\mksnapshot.ia32.exe.assert.manifest
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\nacl_irt_x86_32.nexe
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\nacl_irt_x86_64.nexe
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\nacl64.exe
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\pdf.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\PepperFlash\manifest.json
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\PepperFlash\pepflashplayer.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\ppgooglenaclpluginchrome.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\resources.pak
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\secondarytile.png
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\VisualElements\logo.png
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\VisualElements\smalllogo.png
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\VisualElements\splash-620x300.png
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\widevinecdmadapter.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\36.0.1985.125\xinput1_3.dll
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\chrome.exe
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\debug.log
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\Dictionaries\en-US-3-0.bdic
c:\documents and settings\MIKE\Local Settings\Application Data\2085198906\VisualElementsManifest.xml
c:\windows\system32\config\systemprofile\hnvichoj.exe
c:\windows\system32\config\systemprofile\Local Settings\Application Data\hipouba.dll
c:\windows\TEMP\mqktuow.dll
.
.
CLSID={73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} - infected with Poweliks and removed.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SECURITYCENTERSERVER819359646
-------\Service_SecurityCenterServer819359646
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-16 to 2014-08-16 )))))))))))))))))))))))))))))))
.
.
2014-08-16 11:19 . 2014-08-16 11:19   62576   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{432C8C14-1084-497B-BE3D-077D2879B792}\offreg.dll
2014-08-16 07:42 . 2014-08-16 10:53   --------   d-----w-   c:\documents and settings\MIKE\Local Settings\Application Data\InitVideo
2014-08-16 07:29 . 2011-09-07 02:37   454144   ----a-w-   c:\windows\system32\kagaulqa.exe
2014-08-16 07:29 . 2014-08-16 11:16   --------   d-----w-   c:\documents and settings\MIKE\Application Data\Ypazodka
2014-08-16 07:29 . 2014-08-16 07:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\EvocUmeci
2014-08-16 07:29 . 2014-08-16 07:29   58632   ----a-w-   c:\windows\system32\hnvichoj.exe
2014-08-16 07:28 . 2014-08-16 07:32   --------   d-----w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive
2014-08-16 07:28 . 2014-08-16 07:28   --------   d-----w-   c:\documents and settings\MIKE\Local Settings\Application Data\SearchProcess
2014-08-09 17:26 . 2014-07-02 03:11   8217224   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{432C8C14-1084-497B-BE3D-077D2879B792}\mpengine.dll
2014-08-04 06:49 . 2014-08-04 06:56   --------   d-----w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir
2014-08-03 09:53 . 2014-08-03 09:53   188304   ----a-w-   c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2014-08-03 09:53 . 2014-08-03 09:53   188304   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2014-08-03 04:43 . 2014-08-03 04:43   --------   d-----w-   C:\_OTL
2014-08-02 20:09 . 2014-08-02 20:09   49088   ----a-w-   c:\windows\system32\drivers\mrckvjsi.sys
2014-08-01 05:06 . 2014-07-02 03:11   8217224   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-31 14:48 . 2008-04-14 00:12   221184   ----a-w-   c:\windows\system32\wmpns.dll
2014-07-31 09:25 . 2014-07-31 09:25   --------   d-----w-   c:\program files\NetSurveillance
2014-07-27 19:01 . 2014-07-27 19:03   --------   d-----w-   c:\program files\CMS
2014-07-24 09:12 . 2014-07-24 09:12   --------   d--h--w-   c:\documents and settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-16 11:18 . 2012-09-16 21:01   17488   ----a-w-   c:\windows\gdrv.sys
2014-08-16 04:53 . 2014-07-14 08:14   110296   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B} ----
.
2014-07-24 09:12 . 2014-07-24 09:12   246377   ----a-w-   c:\documents and settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}\shsetup.dll
2014-07-24 09:12 . 2014-07-24 09:12   96   ---ha-w-   c:\documents and settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}\1cc8793d69d888a32
.
---- Directory of c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir ----
.
2014-08-04 06:56 . 2014-08-14 08:08   60500   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\debug.log
2014-08-04 06:53 . 2014-08-04 06:53   73544   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\wow_helper.exe
2014-08-04 06:53 . 2014-08-04 06:53   860488   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\browser.exe
2014-08-04 06:53 . 2014-08-04 06:53   81768   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\xinput1_3.dll
2014-08-04 06:53 . 2014-08-04 06:53   132424   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\widevinecdmadapter.dll
2014-08-04 06:53 . 2014-08-04 06:53   10185   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\VisualElements\splash-620x300.png
2014-08-04 06:53 . 2014-08-04 06:53   3970   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\VisualElements\logo.png
2014-08-04 06:53 . 2014-08-04 06:53   9285   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\VisualElements\smalllogo.png
2014-08-04 06:53 . 2014-08-04 06:53   637   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\secondarytile.png
2014-08-04 06:53 . 2014-08-04 06:53   12197143   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\resources.pak
2014-08-04 06:53 . 2014-08-04 06:53   353096   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\ppgooglenaclpluginchrome.dll
2014-08-04 06:53 . 2014-08-04 06:53   14664008   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\PepperFlash\pepflashplayer.dll
2014-08-04 06:53 . 2014-08-04 06:53   2047   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\PepperFlash\manifest.json
2014-08-04 06:52 . 2014-08-04 06:53   8537928   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\pdf.dll
2014-08-04 06:52 . 2014-08-04 06:52   3709704   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\nacl_irt_x86_64.nexe
2014-08-04 06:52 . 2014-08-04 06:52   4916360   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\nacl_irt_x86_32.nexe
2014-08-04 06:52 . 2014-08-04 06:52   1936712   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\nacl64.exe
2014-08-04 06:52 . 2014-08-04 06:52   751   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\mksnapshot.ia32.exe.assert.manifest
2014-08-04 06:52 . 2014-08-04 06:52   491336   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\metro_driver.dll
2014-08-04 06:52 . 2014-08-04 06:52   225522   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\zh-TW.pak
2014-08-04 06:52 . 2014-08-04 06:52   224278   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\zh-CN.pak
2014-08-04 06:52 . 2014-08-04 06:52   318827   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\vi.pak
2014-08-04 06:52 . 2014-08-04 06:52   435741   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\uk.pak
2014-08-04 06:52 . 2014-08-04 06:52   275467   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\tr.pak
2014-08-04 06:52 . 2014-08-04 06:52   563322   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\th.pak
2014-08-04 06:52 . 2014-08-04 06:52   618411   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\te.pak
2014-08-04 06:52 . 2014-08-04 06:52   664943   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ta.pak
2014-08-04 06:52 . 2014-08-04 06:52   231786   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\sw.pak
2014-08-04 06:52 . 2014-08-04 06:52   254242   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\sv.pak
2014-08-04 06:52 . 2014-08-04 06:52   422027   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\sr.pak
2014-08-04 06:52 . 2014-08-04 06:52   255131   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\sl.pak
2014-08-04 06:52 . 2014-08-04 06:52   288053   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\sk.pak
2014-08-04 06:52 . 2014-08-04 06:52   436983   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ru.pak
2014-08-04 06:52 . 2014-08-04 06:52   285990   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ro.pak
2014-08-04 06:52 . 2014-08-04 06:52   268693   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\pt-BR.pak
2014-08-04 06:52 . 2014-08-04 06:52   273807   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\pt-PT.pak
2014-08-04 06:52 . 2014-08-04 06:52   273903   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\pl.pak
2014-08-04 06:52 . 2014-08-04 06:52   269001   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\nl.pak
2014-08-04 06:52 . 2014-08-04 06:52   251817   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\nb.pak
2014-08-04 06:52 . 2014-08-04 06:52   207391   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ms.pak
2014-08-04 06:52 . 2014-08-04 06:52   561588   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\mr.pak
2014-08-04 06:52 . 2014-08-04 06:52   734361   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ml.pak
2014-08-04 06:52 . 2014-08-04 06:52   277809   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\lv.pak
2014-08-04 06:52 . 2014-08-04 06:52   272427   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\lt.pak
2014-08-04 06:52 . 2014-08-04 06:52   280463   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ko.pak
2014-08-04 06:52 . 2014-08-04 06:52   633922   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\kn.pak
2014-08-04 06:52 . 2014-08-04 06:52   332198   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ja.pak
2014-08-04 06:52 . 2014-08-04 06:52   271041   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\it.pak
2014-08-04 06:52 . 2014-08-04 06:52   250333   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\id.pak
2014-08-04 06:52 . 2014-08-04 06:52   291283   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\hu.pak
2014-08-04 06:52 . 2014-08-04 06:52   259945   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\hr.pak
2014-08-04 06:52 . 2014-08-04 06:52   569058   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\hi.pak
2014-08-04 06:52 . 2014-08-04 06:52   317354   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\he.pak
2014-08-04 06:52 . 2014-08-04 06:52   553105   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\gu.pak
2014-08-04 06:52 . 2014-08-04 06:52   293787   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\fr.pak
2014-08-04 06:52 . 2014-08-04 06:52   282874   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\fil.pak
2014-08-04 06:52 . 2014-08-04 06:52   260948   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\fi.pak
2014-08-04 06:52 . 2014-08-04 06:52   393804   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\fa.pak
2014-08-04 06:52 . 2014-08-04 06:52   243143   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\et.pak
2014-08-04 06:52 . 2014-08-04 06:52   282975   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\es.pak
2014-08-04 06:52 . 2014-08-04 06:52   277670   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\es-419.pak
2014-08-04 06:52 . 2014-08-04 06:52   231965   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\en-US.pak
2014-08-04 06:52 . 2014-08-04 06:52   232020   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\en-GB.pak
2014-08-04 06:52 . 2014-08-04 06:52   503766   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\el.pak
2014-08-04 06:52 . 2014-08-04 06:52   238559   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\de.pak
2014-08-04 06:52 . 2014-08-04 06:52   252446   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\da.pak
2014-08-04 06:52 . 2014-08-04 06:52   277381   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\cs.pak
2014-08-04 06:52 . 2014-08-04 06:52   277892   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ca.pak
2014-08-04 06:52 . 2014-08-04 06:52   586789   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\bn.pak
2014-08-04 06:52 . 2014-08-04 06:52   460815   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\bg.pak
2014-08-04 06:52 . 2014-08-04 06:52   369638   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ar.pak
2014-08-04 06:52 . 2014-08-04 06:52   382743   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\am.pak
2014-08-04 06:52 . 2014-08-04 06:52   2401096   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\libpeerconnection.dll
2014-08-04 06:52 . 2014-08-04 06:52   718664   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\libglesv2.dll
2014-08-04 06:52 . 2014-08-04 06:52   310088   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\libexif.dll
2014-08-04 06:52 . 2014-08-04 06:52   126280   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\libegl.dll
2014-08-04 06:51 . 2014-08-04 06:52   9980368   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\icudtl.dat
2014-08-04 06:51 . 2014-08-04 06:51   1732936   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\ffmpegsumo.dll
2014-08-04 06:51 . 2014-08-04 06:51   99   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Extensions\external_extensions.json
2014-08-04 06:51 . 2014-08-04 06:51   1912136   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\delegate_execute.exe
2014-08-04 06:51 . 2014-08-04 06:51   23668   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\default_apps\youtube.crx
2014-08-04 06:51 . 2014-08-04 06:51   26392   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\default_apps\search.crx
2014-08-04 06:51 . 2014-08-04 06:51   24040   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\default_apps\gmail.crx
2014-08-04 06:51 . 2014-08-04 06:51   982   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\default_apps\external_extensions.json
2014-08-04 06:51 . 2014-08-04 06:51   25561   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\default_apps\drive.crx
2014-08-04 06:51 . 2014-08-04 06:51   4578   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\default_apps\docs.crx
2014-08-04 06:51 . 2014-08-04 06:51   3231688   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\d3dcompiler_46.dll
2014-08-04 06:51 . 2014-08-04 06:51   2106216   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\d3dcompiler_43.dll
2014-08-04 06:51 . 2014-08-04 06:51   131912   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\chrome_elf.dll
2014-08-04 06:50 . 2014-08-04 06:51   33833800   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\chrome_child.dll
2014-08-04 06:50 . 2014-08-04 06:50   1699827   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\chrome_200_percent.pak
2014-08-04 06:50 . 2014-08-04 06:50   1174209   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\chrome_100_percent.pak
2014-08-04 06:49 . 2014-08-04 06:50   30082888   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\chrome.dll
2014-08-04 06:49 . 2014-08-04 06:49   224   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\36.0.1985.125.manifest
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . AD164ECA177705D3BC372015903061B6 . 402944 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . A2D92AFDEAB247E6A76C6900DCBF157D . 402944 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[7] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SearchProcess"="c:\documents and settings\MIKE\Local Settings\Application Data\SearchProcess\SearchProcess.dll" [2014-08-16 294912]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 28160]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2009-08-26 1970176]
"EasyTuneV"="c:\program files\Gigabyte\ET5\ETcall.exe" [2007-08-14 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-08-31 262144]
"ADSK DLMSession"="c:\program files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-05-16 1632216]
"NvMediaCenter"="NvMCTray.dll" [2013-06-21 223008]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-06-21 15677728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"snp2std"="c:\windows\vsnp2std.exe" [2007-08-07 348160]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
ezoxid.exe [2014-8-4 303266]
foorv.exe [2014-8-16 454144]
ifvai.exe [2014-7-31 307232]
taid.exe [2014-8-2 305269]
wolea.exe [2014-8-5 302329]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
duusak.exe [2014-8-5 302329]
egciot.exe [2014-8-2 305269]
ezru.exe [2014-7-31 307232]
gyim.exe [2014-8-16 454144]
itizew.exe [2014-8-4 303266]
.
c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\
ahekyl.exe [2014-8-5 302329]
avqo.exe [2014-8-4 303266]
doosdu.exe [2014-8-16 454144]
evuwyq.exe [2014-7-31 307232]
olke.exe [2014-8-2 305269]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0\0sdnclean.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"e:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"e:\\Program Files\\Activision Value\\Baja 1000\\Baja.exe"=
"c:\\Program Files\\real\\realplayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed ProStreet\\nfs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Atari\\TDU2\\UpLauncher.exe"=
"c:\\Program Files\\Atari\\TDU2\\TestDrive2.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011b\\RpcAgentSrv.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\Gigabyte\\ET5\\update.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"e:\\Program Files\\steam\\Steam.exe"=
"e:\\Program Files\\steam\\SteamApps\\common\\RIDGE RACER Driftopia\\RIDGE RACER Driftopia_46358301.exe"=
"e:\\Program Files\\steam\\SteamApps\\common\\GTI Racing\\GTIRacing.exe"=
"c:\\Program Files\\Activision\\Blur™\\Blur.exe"=
"c:\\Program Files\\Electronic Arts\\SHIFT 2 UNLEASHED\\shift2u.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011b\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\CMS\\CMS.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3074:TCP"= 3074:TCP:fuel
"3074:UDP"= 3074:UDP:fuel
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [5/18/2007 2:53 PM 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [5/18/2007 2:52 PM 55160]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [10/24/2011 3:50 AM 219360]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [3/26/2010 11:52 PM 68136]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [10/24/2011 3:39 AM 22016]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [10/29/2013 11:46 PM 1042272]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 3:46 AM 171096]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 3:46 AM 1324120]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 3:46 AM 72792]
R3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\ET5\MARKFUN.W32 [9/28/2012 4:31 PM 17912]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [9/25/2009 9:57 AM 56576]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [9/25/2009 9:57 AM 138240]
S1 kgcidxyp;kgcidxyp;\??\c:\windows\system32\drivers\kgcidxyp.sys --> c:\windows\system32\drivers\kgcidxyp.sys [?]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [10/29/2013 11:46 PM 3921880]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [10/29/2013 11:46 PM 171416]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/26/2010 11:53 PM 1684736]
S3 AODDriver;AODDriver;\??\c:\program files\GIGABYTE\ET6\i386\AODDriver.sys --> c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [5/31/2011 3:08 AM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 3:46 AM 171096]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 3:46 AM 1324120]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 3:46 AM 72792]
S3 etdrv;etdrv;c:\windows\etdrv.sys [3/27/2010 2:02 AM 17488]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [3/27/2010 12:10 AM 24944]
S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\DRIVERS\mosuport.sys --> c:\windows\system32\DRIVERS\mosuport.sys [?]
S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [4/16/2013 3:07 AM 39056]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [3/28/2010 1:46 PM 39704]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [10/24/2011 3:39 AM 29440]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [9/16/2012 3:37 AM 17536]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011b\RpcAgentSrv.exe [1/24/2011 2:47 AM 93848]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MARKFUN_NT
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 06:03   1104200   ----a-w-   c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-15 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-10-30 15:57]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 06:33]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 06:33]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003Core1cc6f98ed6cb1dc.job
- c:\documents and settings\MIKE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-27 22:31]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003UA.job
- c:\documents and settings\MIKE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-27 22:31]
.
2014-07-15 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\Communicator.exe [2013-03-11 11:47]
.
2014-08-16 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 23:05]
.
2014-07-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2014-07-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2014-07-15 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16 08:09]
.
2014-07-15 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 08:07]
.
2014-07-15 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 08:07]
.
2014-07-15 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 17:45]
.
2014-07-15 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 17:45]
.
2014-07-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 17:45]
.
2014-07-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 17:45]
.
2014-07-15 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-10-30 15:49]
.
2014-07-15 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-10-30 15:51]
.
2014-07-15 c:\windows\Tasks\User_Feed_Synchronization-{7256C714-F702-4676-8958-FD1AD3CD13D2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: $talisma_url$
Trusted Zone: gigabyte.us\www
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} - hxxp://service.samsungportal.com/EP/web/common/cabfiles/ACUBETrustChecker.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\MIKE\Application Data\Mozilla\Firefox\Profiles\rkflthgg.default-1407273293984\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{5043442D-472D-5637-00A7-7A786E7484D7} - (no file)
HKCU-Run-UpexEwudj - c:\documents and settings\All Users\Application Data\UpexEwudj\UpexEwudj.dat
HKCU-Run-Fobiumguux - c:\documents and settings\MIKE\Application Data\Ypazodka\bomoew.exe
HKLM-Run-Fobiumguux - c:\documents and settings\MIKE\Application Data\Ypazodka\bomoew.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-16 06:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5\markfun.w32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-2000478354-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\*]
@Allowed: (Read) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4892)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\msi.dll
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\dfshim.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\CTXFIHLP.EXE
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\Gigabyte\ET5\GUI.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
.
**************************************************************************
.
Completion time: 2014-08-16 06:42:12 - machine was rebooted
ComboFix-quarantined-files.txt 2014-08-16 11:42
ComboFix2.txt 2014-08-14 09:03
ComboFix3.txt 2014-07-31 13:49
ComboFix4.txt 2011-05-25 07:16
.
Pre-Run: 865,202,810,880 bytes free
Post-Run: 866,001,612,800 bytes free
.
- - End Of File - - 3760D5A602D36949AA78644FD92391CC
8F558EB6672622401DA993E1E865C861

#36 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 17 August 2014 - 11:40 AM

Hi gcdi,

I think we got a good chunk of it that time. It looks like some new files may have been downloaded and another infection is now visible which we'll hit with a different tool.

Please download both the CFScript and TDSSKiller before starting the fixes. You can disconnect from the internet during the fixes.

Please read these instructions before running the fixes

Please follow all previous instructions regarding security programs.

Open a new Notepad session

Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.
Copy and paste all the text in the code box below into the Notepad.

File::
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\foorv.exe
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ezoxid.exe
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ifvai.exe
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\taid.exe
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\wolea.exe
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\gyim.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\duusak.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\egciot.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ezru.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\itizew.exe
C:\Documents and Settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\ahekyl.exe
C:\Documents and Settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\avqo.exe
C:\Documents and Settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\evuwyq.exe
C:\Documents and Settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\olke.exe
C:\Documents and Settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\doosdu.exe
c:\windows\system32\kagaulqa.exe
c:\windows\system32\hnvichoj.exe
c:\documents and settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}\1cc8793d69d888a32
c:\documents and settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}\shsetup.dll

Folder::
c:\documents and settings\MIKE\Application Data\Ypazodka
c:\documents and settings\All Users\Application Data\EvocUmeci
c:\documents and settings\MIKE\Local Settings\Application Data\SearchProcess
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir
c:\documents and settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchProcess"=-

DirLook::
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive

In the notepad

Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Next

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Please post back with

combofix log
TDSSKiller log

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#37 gcdi

Authentic Member

Authentic Member
119 posts

Posted 17 August 2014 - 11:35 PM

had to reply from laptop.

completed combofix and got the log saved.

ran tdsskiller, when finished it said had to reboot. on restart got three issues, one was some memory couldn't be read, another was system shutdown initiated by NT Authority System and third was windows had to be reauthorized within three days then computer restarted with same errors so I stopped and am asking what to do next. Also did not see any log from tdsskiller.

#38 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 18 August 2014 - 02:01 AM

Hi gcdi,

Reboot the computer, use safe mode if you need to.

Try normal Windows first. When rebooting if you recieve the message "system shutdown initiated by NT Authority System", quickly click Start then run. In the run box that appears either type shutdown -a and click ok or copy and paste shutdown -a into the run box and click ok. Note: if you type the command there is a space between shutdown and -.

The TDSSK log should have been saved at C:\

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#39 gcdi

Authentic Member

Authentic Member
119 posts

Posted 18 August 2014 - 09:53 PM

OK, here's the logs. Do I need to do anything about the reactivating windows?

ComboFix 14-08-15.01 - MIKE 08/17/2014 23:07:47.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2452 [GMT -5:00]
Running from: c:\documents and settings\MIKE\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\MIKE\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\duusak.exe"
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\egciot.exe"
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\ezru.exe"
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\itizew.exe"
"c:\documents and settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}\1cc8793d69d888a32"
"c:\documents and settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}\shsetup.dll"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\ezoxid.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\foorv.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\gyim.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\ifvai.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\taid.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\wolea.exe"
"c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\ahekyl.exe"
"c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\avqo.exe"
"c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\doosdu.exe"
"c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\evuwyq.exe"
"c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\olke.exe"
"c:\windows\system32\hnvichoj.exe"
"c:\windows\system32\kagaulqa.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}
c:\documents and settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}\1cc8793d69d888a32
c:\documents and settings\All Users\Application Data\{18BE06AC-473B-448E-9193-AFA952B8E90B}\shsetup.dll
c:\documents and settings\All Users\Application Data\EvocUmeci
c:\documents and settings\All Users\Application Data\EvocUmeci\EvocUmeci.dat
c:\documents and settings\MIKE\Application Data\Ypazodka
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\36.0.1985.125.manifest
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\chrome.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\chrome_100_percent.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\chrome_200_percent.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\chrome_child.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\chrome_elf.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\d3dcompiler_43.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\d3dcompiler_46.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\default_apps\docs.crx
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\default_apps\drive.crx
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\default_apps\external_extensions.json
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\default_apps\gmail.crx
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\default_apps\search.crx
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\default_apps\youtube.crx
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\delegate_execute.exe
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Extensions\external_extensions.json
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\ffmpegsumo.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\icudtl.dat
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\libegl.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\libexif.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\libglesv2.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\libpeerconnection.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\am.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ar.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\bg.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\bn.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ca.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\cs.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\da.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\de.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\el.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\en-GB.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\en-US.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\es-419.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\es.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\et.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\fa.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\fi.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\fil.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\fr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\gu.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\he.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\hi.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\hr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\hu.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\id.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\it.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ja.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\kn.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ko.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\lt.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\lv.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ml.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\mr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ms.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\nb.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\nl.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\pl.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\pt-BR.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\pt-PT.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ro.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ru.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\sk.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\sl.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\sr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\sv.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\sw.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\ta.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\te.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\th.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\tr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\uk.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\vi.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\zh-CN.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\Locales\zh-TW.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\metro_driver.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\mksnapshot.ia32.exe.assert.manifest
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\nacl_irt_x86_32.nexe
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\nacl_irt_x86_64.nexe
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\nacl64.exe
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\pdf.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\PepperFlash\manifest.json
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\PepperFlash\pepflashplayer.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\ppgooglenaclpluginchrome.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\resources.pak
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\secondarytile.png
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\VisualElements\logo.png
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\VisualElements\smalllogo.png
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\VisualElements\splash-620x300.png
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\widevinecdmadapter.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\36.0.1985.125\xinput1_3.dll
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\debug.log
c:\documents and settings\MIKE\Local Settings\Application Data\browser_dir\wow_helper.exe
c:\documents and settings\MIKE\Local Settings\Application Data\SearchProcess
c:\documents and settings\MIKE\Local Settings\Application Data\SearchProcess\SearchProcess.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-18 to 2014-08-18 )))))))))))))))))))))))))))))))
.
.
2014-08-18 03:57 . 2014-08-18 03:57   23327   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2014-08-18 03:57 . 2014-08-18 03:57   8782   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2014-08-18 03:57 . 2014-08-18 03:57   7271   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2014-08-18 02:25 . 2014-08-18 02:25   664   ----a-w-   c:\windows\system32\config\systemprofile\Local Settings\Application Data\d3d9caps.tmp
2014-08-18 02:22 . 2014-08-18 02:22   --------   d-----w-   C:\370eed2c1fb4b17355722023dc43020b
2014-08-18 02:18 . 2014-08-18 03:57   62576   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{432C8C14-1084-497B-BE3D-077D2879B792}\offreg.dll
2014-08-16 07:42 . 2014-08-18 03:45   --------   d-----w-   c:\documents and settings\MIKE\Local Settings\Application Data\InitVideo
2014-08-16 07:29 . 2011-09-07 02:37   454144   ----a-w-   c:\windows\system32\kagaulqa.exe
2014-08-16 07:29 . 2014-08-16 07:29   58632   ----a-w-   c:\windows\system32\hnvichoj.exe
2014-08-16 07:28 . 2014-08-16 17:03   --------   d-----w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive
2014-08-09 17:26 . 2014-07-02 03:11   8217224   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{432C8C14-1084-497B-BE3D-077D2879B792}\mpengine.dll
2014-08-03 09:53 . 2014-08-03 09:53   188304   ----a-w-   c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2014-08-03 09:53 . 2014-08-03 09:53   188304   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2014-08-03 04:43 . 2014-08-03 04:43   --------   d-----w-   C:\_OTL
2014-08-02 20:09 . 2014-08-02 20:09   49088   ----a-w-   c:\windows\system32\drivers\mrckvjsi.sys
2014-08-01 05:06 . 2014-07-02 03:11   8217224   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-31 14:48 . 2008-04-14 00:12   221184   ----a-w-   c:\windows\system32\wmpns.dll
2014-07-31 09:25 . 2014-07-31 09:25   --------   d-----w-   c:\program files\NetSurveillance
2014-07-27 19:01 . 2014-07-27 19:03   --------   d-----w-   c:\program files\CMS
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-18 03:55 . 2012-09-16 21:01   17488   ----a-w-   c:\windows\gdrv.sys
2014-08-16 04:53 . 2014-07-14 08:14   110296   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive ----
.
2014-08-16 16:49 . 2014-08-16 17:03   2792   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\NetworkBackup.jrn
2014-08-16 11:28 . 2014-08-18 03:50   3312   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\ClientMemory\DisplayXpCom.js
2014-08-16 11:28 . 2014-08-18 03:50   199   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\ClientMemory\manifest.json
2014-08-16 09:09 . 2014-08-18 03:46   1936   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\debug.log
2014-08-16 07:34 . 2014-08-16 07:34   73544   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\wow_helper.exe
2014-08-16 07:34 . 2014-08-16 07:34   860488   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
2014-08-16 07:34 . 2014-08-16 07:34   81768   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\xinput1_3.dll
2014-08-16 07:34 . 2014-08-16 07:34   132424   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\widevinecdmadapter.dll
2014-08-16 07:34 . 2014-08-16 07:34   10185   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\VisualElements\splash-620x300.png
2014-08-16 07:34 . 2014-08-16 07:34   9285   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\VisualElements\smalllogo.png
2014-08-16 07:34 . 2014-08-16 07:34   3970   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\VisualElements\logo.png
2014-08-16 07:34 . 2014-08-16 07:34   637   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\secondarytile.png
2014-08-16 07:34 . 2014-08-16 07:34   12197143   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\resources.pak
2014-08-16 07:34 . 2014-08-16 07:34   353096   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\ppgooglenaclpluginchrome.dll
2014-08-16 07:34 . 2014-08-16 07:34   14664008   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\PepperFlash\pepflashplayer.dll
2014-08-16 07:34 . 2014-08-16 07:34   2047   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\PepperFlash\manifest.json
2014-08-16 07:34 . 2014-08-16 07:34   8537928   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\pdf.dll
2014-08-16 07:34 . 2014-08-16 07:34   3709704   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\nacl_irt_x86_64.nexe
2014-08-16 07:33 . 2014-08-16 07:34   4916360   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\nacl_irt_x86_32.nexe
2014-08-16 07:33 . 2014-08-16 07:33   1936712   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\nacl64.exe
2014-08-16 07:33 . 2014-08-16 07:33   751   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\mksnapshot.ia32.exe.assert.manifest
2014-08-16 07:33 . 2014-08-16 07:33   491336   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\metro_driver.dll
2014-08-16 07:33 . 2014-08-16 07:33   225522   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\zh-TW.pak
2014-08-16 07:33 . 2014-08-16 07:33   224278   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\zh-CN.pak
2014-08-16 07:33 . 2014-08-16 07:33   318827   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\vi.pak
2014-08-16 07:33 . 2014-08-16 07:33   435741   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\uk.pak
2014-08-16 07:33 . 2014-08-16 07:33   275467   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\tr.pak
2014-08-16 07:33 . 2014-08-16 07:33   563322   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\th.pak
2014-08-16 07:33 . 2014-08-16 07:33   618411   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\te.pak
2014-08-16 07:33 . 2014-08-16 07:33   664943   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ta.pak
2014-08-16 07:33 . 2014-08-16 07:33   231786   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\sw.pak
2014-08-16 07:33 . 2014-08-16 07:33   254242   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\sv.pak
2014-08-16 07:33 . 2014-08-16 07:33   422027   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\sr.pak
2014-08-16 07:33 . 2014-08-16 07:33   255131   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\sl.pak
2014-08-16 07:33 . 2014-08-16 07:33   288053   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\sk.pak
2014-08-16 07:33 . 2014-08-16 07:33   436983   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ru.pak
2014-08-16 07:33 . 2014-08-16 07:33   285990   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ro.pak
2014-08-16 07:33 . 2014-08-16 07:33   273807   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\pt-PT.pak
2014-08-16 07:33 . 2014-08-16 07:33   268693   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\pt-BR.pak
2014-08-16 07:33 . 2014-08-16 07:33   273903   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\pl.pak
2014-08-16 07:33 . 2014-08-16 07:33   269001   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\nl.pak
2014-08-16 07:33 . 2014-08-16 07:33   251817   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\nb.pak
2014-08-16 07:33 . 2014-08-16 07:33   207391   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ms.pak
2014-08-16 07:33 . 2014-08-16 07:33   561588   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\mr.pak
2014-08-16 07:33 . 2014-08-16 07:33   734361   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ml.pak
2014-08-16 07:33 . 2014-08-16 07:33   272427   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\lt.pak
2014-08-16 07:33 . 2014-08-16 07:33   277809   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\lv.pak
2014-08-16 07:33 . 2014-08-16 07:33   280463   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ko.pak
2014-08-16 07:33 . 2014-08-16 07:33   633922   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\kn.pak
2014-08-16 07:33 . 2014-08-16 07:33   332198   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ja.pak
2014-08-16 07:33 . 2014-08-16 07:33   271041   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\it.pak
2014-08-16 07:33 . 2014-08-16 07:33   250333   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\id.pak
2014-08-16 07:33 . 2014-08-16 07:33   291283   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\hu.pak
2014-08-16 07:33 . 2014-08-16 07:33   259945   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\hr.pak
2014-08-16 07:33 . 2014-08-16 07:33   569058   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\hi.pak
2014-08-16 07:33 . 2014-08-16 07:33   317354   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\he.pak
2014-08-16 07:33 . 2014-08-16 07:33   553105   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\gu.pak
2014-08-16 07:33 . 2014-08-16 07:33   293787   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\fr.pak
2014-08-16 07:33 . 2014-08-16 07:33   282874   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\fil.pak
2014-08-16 07:33 . 2014-08-16 07:33   260948   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\fi.pak
2014-08-16 07:33 . 2014-08-16 07:33   393804   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\fa.pak
2014-08-16 07:33 . 2014-08-16 07:33   243143   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\et.pak
2014-08-16 07:33 . 2014-08-16 07:33   282975   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\es.pak
2014-08-16 07:33 . 2014-08-16 07:33   277670   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\es-419.pak
2014-08-16 07:33 . 2014-08-16 07:33   231965   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\en-US.pak
2014-08-16 07:33 . 2014-08-16 07:33   232020   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\en-GB.pak
2014-08-16 07:33 . 2014-08-16 07:33   503766   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\el.pak
2014-08-16 07:33 . 2014-08-16 07:33   238559   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\de.pak
2014-08-16 07:33 . 2014-08-16 07:33   252446   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\da.pak
2014-08-16 07:33 . 2014-08-16 07:33   277381   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\cs.pak
2014-08-16 07:33 . 2014-08-16 07:33   277892   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ca.pak
2014-08-16 07:33 . 2014-08-16 07:33   586789   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\bn.pak
2014-08-16 07:33 . 2014-08-16 07:33   460815   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\bg.pak
2014-08-16 07:33 . 2014-08-16 07:33   369638   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ar.pak
2014-08-16 07:33 . 2014-08-16 07:33   382743   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\am.pak
2014-08-16 07:33 . 2014-08-16 07:33   2401096   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\libpeerconnection.dll
2014-08-16 07:33 . 2014-08-16 07:33   718664   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\libglesv2.dll
2014-08-16 07:33 . 2014-08-16 07:33   310088   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\libexif.dll
2014-08-16 07:33 . 2014-08-16 07:33   126280   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\libegl.dll
2014-08-16 07:33 . 2014-08-16 07:33   9980368   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\icudtl.dat
2014-08-16 07:33 . 2014-08-16 07:33   1732936   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\ffmpegsumo.dll
2014-08-16 07:33 . 2014-08-16 07:33   99   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Extensions\external_extensions.json
2014-08-16 07:33 . 2014-08-16 07:33   1912136   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\delegate_execute.exe
2014-08-16 07:33 . 2014-08-16 07:33   23668   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\default_apps\youtube.crx
2014-08-16 07:33 . 2014-08-16 07:33   26392   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\default_apps\search.crx
2014-08-16 07:33 . 2014-08-16 07:33   24040   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\default_apps\gmail.crx
2014-08-16 07:33 . 2014-08-16 07:33   982   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\default_apps\external_extensions.json
2014-08-16 07:33 . 2014-08-16 07:33   25561   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\default_apps\drive.crx
2014-08-16 07:33 . 2014-08-16 07:33   4578   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\default_apps\docs.crx
2014-08-16 07:33 . 2014-08-16 07:33   3231688   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\d3dcompiler_46.dll
2014-08-16 07:33 . 2014-08-16 07:33   2106216   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\d3dcompiler_43.dll
2014-08-16 07:33 . 2014-08-16 07:33   131912   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\chrome_elf.dll
2014-08-16 07:32 . 2014-08-16 07:33   33833800   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\chrome_child.dll
2014-08-16 07:32 . 2014-08-16 07:32   1699827   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\chrome_200_percent.pak
2014-08-16 07:32 . 2014-08-16 07:32   1174209   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\chrome_100_percent.pak
2014-08-16 07:32 . 2014-08-16 07:32   30082888   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\chrome.dll
2014-08-16 07:32 . 2014-08-16 07:32   224   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\36.0.1985.125.manifest
2014-08-16 07:28 . 2014-08-16 07:32   49308698   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\EthernetMigration.opt
2014-08-16 07:28 . 2014-08-18 04:23   308   ----a-w-   c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\NotifyMouse.inf
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . AD164ECA177705D3BC372015903061B6 . 402944 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . A2D92AFDEAB247E6A76C6900DCBF157D . 402944 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[7] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 28160]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2009-08-26 1970176]
"EasyTuneV"="c:\program files\Gigabyte\ET5\ETcall.exe" [2007-08-14 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-08-31 262144]
"ADSK DLMSession"="c:\program files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-05-16 1632216]
"NvMediaCenter"="NvMCTray.dll" [2013-06-21 223008]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-06-21 15677728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"snp2std"="c:\windows\vsnp2std.exe" [2007-08-07 348160]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
ezoxid.exe [2014-8-4 303266]
foorv.exe [2014-8-16 454144]
ifvai.exe [2014-7-31 307232]
taid.exe [2014-8-2 305269]
wolea.exe [2014-8-5 302329]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
duusak.exe [2014-8-5 302329]
egciot.exe [2014-8-2 305269]
ezru.exe [2014-7-31 307232]
gyim.exe [2014-8-16 454144]
itizew.exe [2014-8-4 303266]
.
c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\
ahekyl.exe [2014-8-5 302329]
avqo.exe [2014-8-4 303266]
doosdu.exe [2014-8-16 454144]
evuwyq.exe [2014-7-31 307232]
olke.exe [2014-8-2 305269]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"e:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"e:\\Program Files\\Activision Value\\Baja 1000\\Baja.exe"=
"c:\\Program Files\\real\\realplayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed ProStreet\\nfs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Atari\\TDU2\\UpLauncher.exe"=
"c:\\Program Files\\Atari\\TDU2\\TestDrive2.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011b\\RpcAgentSrv.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\Gigabyte\\ET5\\update.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"e:\\Program Files\\steam\\Steam.exe"=
"e:\\Program Files\\steam\\SteamApps\\common\\RIDGE RACER Driftopia\\RIDGE RACER Driftopia_46358301.exe"=
"e:\\Program Files\\steam\\SteamApps\\common\\GTI Racing\\GTIRacing.exe"=
"c:\\Program Files\\Activision\\Blur™\\Blur.exe"=
"c:\\Program Files\\Electronic Arts\\SHIFT 2 UNLEASHED\\shift2u.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011b\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\CMS\\CMS.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3074:TCP"= 3074:TCP:fuel
"3074:UDP"= 3074:UDP:fuel
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [5/18/2007 2:53 PM 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [5/18/2007 2:52 PM 55160]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [10/24/2011 3:50 AM 219360]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [3/26/2010 11:52 PM 68136]
R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [10/24/2011 3:39 AM 22016]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 3:46 AM 171096]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 3:46 AM 1324120]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 3:46 AM 72792]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [9/25/2009 9:57 AM 56576]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [9/25/2009 9:57 AM 138240]
S1 kgcidxyp;kgcidxyp;\??\c:\windows\system32\drivers\kgcidxyp.sys --> c:\windows\system32\drivers\kgcidxyp.sys [?]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [10/29/2013 11:46 PM 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [10/29/2013 11:46 PM 1042272]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [10/29/2013 11:46 PM 171416]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/26/2010 11:53 PM 1684736]
S3 AODDriver;AODDriver;\??\c:\program files\GIGABYTE\ET6\i386\AODDriver.sys --> c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [5/31/2011 3:08 AM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 3:46 AM 171096]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 3:46 AM 1324120]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 3:46 AM 72792]
S3 etdrv;etdrv;c:\windows\etdrv.sys [3/27/2010 2:02 AM 17488]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [3/27/2010 12:10 AM 24944]
S3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\DRIVERS\mosuport.sys --> c:\windows\system32\DRIVERS\mosuport.sys [?]
S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [4/16/2013 3:07 AM 39056]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [3/28/2010 1:46 PM 39704]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [10/24/2011 3:39 AM 29440]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [9/16/2012 3:37 AM 17536]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011b\RpcAgentSrv.exe [1/24/2011 2:47 AM 93848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 06:03   1104200   ----a-w-   c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-15 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-10-30 15:57]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 06:33]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 06:33]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003Core1cc6f98ed6cb1dc.job
- c:\documents and settings\MIKE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-27 22:31]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003UA.job
- c:\documents and settings\MIKE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-27 22:31]
.
2014-07-15 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\Communicator.exe [2013-03-11 11:47]
.
2014-08-18 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 23:05]
.
2014-07-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2014-07-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2014-07-15 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16 08:09]
.
2014-07-15 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 08:07]
.
2014-07-15 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 08:07]
.
2014-07-15 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 17:45]
.
2014-07-15 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 17:45]
.
2014-07-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 17:45]
.
2014-07-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 17:45]
.
2014-07-15 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-10-30 15:49]
.
2014-07-15 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-10-30 15:51]
.
2014-07-15 c:\windows\Tasks\User_Feed_Synchronization-{7256C714-F702-4676-8958-FD1AD3CD13D2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: $talisma_url$
Trusted Zone: gigabyte.us\www
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} - hxxp://service.samsungportal.com/EP/web/common/cabfiles/ACUBETrustChecker.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\MIKE\Application Data\Mozilla\Firefox\Profiles\rkflthgg.default-1407273293984\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-17 23:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-2000478354-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\*]
@Allowed: (Read) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-08-17 23:36:09
ComboFix-quarantined-files.txt 2014-08-18 04:36
ComboFix2.txt 2014-08-16 11:42
ComboFix3.txt 2014-08-14 09:03
ComboFix4.txt 2014-07-31 13:49
ComboFix5.txt 2014-08-18 04:04
.
Pre-Run: 864,769,548,288 bytes free
Post-Run: 865,775,656,960 bytes free
.
- - End Of File - - AC33D22A282BDC86A2C1ABD93AC6BE0F
8F558EB6672622401DA993E1E865C861

23:38:31.0312 0x0fd0 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
23:38:36.0343 0x0fd0 ============================================================
23:38:36.0343 0x0fd0 Current date / time: 2014/08/17 23:38:36.0343
23:38:36.0343 0x0fd0 SystemInfo:
23:38:36.0343 0x0fd0
23:38:36.0343 0x0fd0 OS Version: 5.1.2600 ServicePack: 3.0
23:38:36.0343 0x0fd0 Product type: Workstation
23:38:36.0343 0x0fd0 ComputerName: GCDI
23:38:36.0343 0x0fd0 UserName: MIKE
23:38:36.0343 0x0fd0 Windows directory: C:\WINDOWS
23:38:36.0343 0x0fd0 System windows directory: C:\WINDOWS
23:38:36.0343 0x0fd0 Processor architecture: Intel x86
23:38:36.0343 0x0fd0 Number of processors: 4
23:38:36.0343 0x0fd0 Page size: 0x1000
23:38:36.0343 0x0fd0 Boot type: Normal boot
23:38:36.0343 0x0fd0 ============================================================
23:38:43.0718 0x0fd0 KLMD registered as C:\WINDOWS\system32\drivers\75479799.sys
23:38:45.0093 0x0fd0 System UUID: {10910ED2-1C4C-2CE7-C3B8-0B2CB9F114C3}
23:38:48.0328 0x0fd0 Drive \Device\Harddisk0\DR0 - Size: 0xE8E09ADE00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:38:48.0343 0x0fd0 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:38:48.0359 0x0fd0 Drive \Device\Harddisk2\DR2 - Size: 0x114FB27E00 ( 69.25 Gb ), SectorSize: 0x200, Cylinders: 0x234F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:38:48.0359 0x0fd0 ============================================================
23:38:48.0359 0x0fd0 \Device\Harddisk0\DR0:
23:38:48.0359 0x0fd0 MBR partitions:
23:38:48.0359 0x0fd0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x746FDC00
23:38:48.0359 0x0fd0 \Device\Harddisk1\DR1:
23:38:48.0359 0x0fd0 MBR partitions:
23:38:48.0359 0x0fd0 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
23:38:48.0359 0x0fd0 \Device\Harddisk2\DR2:
23:38:48.0359 0x0fd0 MBR partitions:
23:38:48.0359 0x0fd0 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8A7818F
23:38:48.0359 0x0fd0 ============================================================
23:38:48.0406 0x0fd0 C: <-> \Device\Harddisk0\DR0\Partition1
23:38:48.0421 0x0fd0 E: <-> \Device\Harddisk2\DR2\Partition1
23:38:48.0421 0x0fd0 F: <-> \Device\Harddisk1\DR1\Partition1
23:38:48.0421 0x0fd0 ============================================================
23:38:48.0421 0x0fd0 Initialize success
23:38:48.0421 0x0fd0 ============================================================
23:38:51.0515 0x0edc ============================================================
23:38:51.0515 0x0edc Scan started
23:38:51.0515 0x0edc Mode: Manual;
23:38:51.0515 0x0edc ============================================================
23:38:51.0515 0x0edc KSN ping started
23:38:53.0453 0x0edc KSN ping finished: false
23:38:56.0015 0x0edc ================ Scan system memory ========================
23:38:56.0015 0x0edc System memory - ok
23:38:56.0015 0x0edc ================ Scan services =============================
23:38:56.0593 0x0edc Abiosdsk - ok
23:38:56.0593 0x0edc abp480n5 - ok
23:38:56.0734 0x0edc [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:38:56.0734 0x0edc ACPI - ok
23:38:56.0953 0x0edc [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
23:38:56.0968 0x0edc ACPIEC - ok
23:38:56.0968 0x0edc adpu160m - ok
23:38:57.0062 0x0edc [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
23:38:57.0062 0x0edc aec - ok
23:38:57.0187 0x0edc [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
23:38:57.0187 0x0edc AFD - ok
23:38:57.0187 0x0edc Aha154x - ok
23:38:57.0203 0x0edc aic78u2 - ok
23:38:57.0203 0x0edc aic78xx - ok
23:38:57.0250 0x0edc [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
23:38:57.0250 0x0edc Alerter - ok
23:38:57.0296 0x0edc [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
23:38:57.0296 0x0edc ALG - ok
23:38:57.0296 0x0edc AliIde - ok
23:38:58.0312 0x0edc [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
23:38:58.0343 0x0edc Ambfilt - ok
23:38:58.0390 0x0edc [ EFBB0956BAED786E137351B5CA272AEF, 613E34D31C21F5CA9AEDC4BF64B8EE365DA355F914738C4FD638DB3EBE75FBB5 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:38:58.0390 0x0edc AmdK8 - ok
23:38:58.0421 0x0edc [ 033448D435E65C4BD72E70521FD05C76, A5462C22D5461F1BA06E81CD7E1ECE5409092DE53A8E4D3E78D089B65CB474D4 ] AmdPPM          C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
23:38:58.0421 0x0edc AmdPPM - ok
23:38:58.0421 0x0edc amsint - ok
23:38:58.0484 0x0edc AODDriver - ok
23:38:58.0609 0x0edc [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
23:38:58.0609 0x0edc AppMgmt - ok
23:38:58.0671 0x0edc [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:38:58.0671 0x0edc Arp1394 - ok
23:38:58.0703 0x0edc asc - ok
23:38:58.0703 0x0edc asc3350p - ok
23:38:58.0703 0x0edc asc3550 - ok
23:38:58.0843 0x0edc [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:38:58.0843 0x0edc aspnet_state - ok
23:38:58.0875 0x0edc [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:38:58.0875 0x0edc AsyncMac - ok
23:38:58.0937 0x0edc [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
23:38:58.0953 0x0edc atapi - ok
23:38:58.0953 0x0edc Atdisk - ok
23:38:59.0015 0x0edc [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:38:59.0015 0x0edc Atmarpc - ok
23:38:59.0062 0x0edc [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
23:38:59.0062 0x0edc AudioSrv - ok
23:38:59.0093 0x0edc [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
23:38:59.0093 0x0edc audstub - ok
23:38:59.0281 0x0edc [ F29D375926E36E3A56AF4805C7749302, 3B28F1C0BA9E1F00EF2BA1B0C0D679EB1FCD0F52DBB308819F002E482FCB282F ] BCUService      C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
23:38:59.0296 0x0edc BCUService - ok
23:38:59.0343 0x0edc [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
23:38:59.0343 0x0edc Beep - ok
23:38:59.0578 0x0edc [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
23:38:59.0593 0x0edc BITS - ok
23:38:59.0671 0x0edc [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
23:38:59.0671 0x0edc Browser - ok
23:38:59.0750 0x0edc catchme - ok
23:38:59.0781 0x0edc [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
23:38:59.0781 0x0edc cbidf2k - ok
23:38:59.0796 0x0edc [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:38:59.0796 0x0edc CCDECODE - ok
23:38:59.0796 0x0edc cd20xrnt - ok
23:38:59.0843 0x0edc [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
23:38:59.0843 0x0edc Cdaudio - ok
23:38:59.0875 0x0edc [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
23:38:59.0875 0x0edc Cdfs - ok
23:38:59.0953 0x0edc [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:38:59.0953 0x0edc Cdrom - ok
23:38:59.0953 0x0edc Changer - ok
23:38:59.0984 0x0edc [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
23:38:59.0984 0x0edc CiSvc - ok
23:39:00.0015 0x0edc [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
23:39:00.0015 0x0edc ClipSrv - ok
23:39:00.0171 0x0edc [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:39:00.0171 0x0edc clr_optimization_v2.0.50727_32 - ok
23:39:00.0281 0x0edc [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:39:00.0281 0x0edc clr_optimization_v4.0.30319_32 - ok
23:39:00.0281 0x0edc CmdIde - ok
23:39:00.0296 0x0edc COMSysApp - ok
23:39:00.0296 0x0edc Cpqarray - ok
23:39:00.0375 0x0edc [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
23:39:00.0375 0x0edc Creative Audio Engine Licensing Service - ok
23:39:00.0437 0x0edc [ 3C8B6609712F4FF78E521F6DCFC4032B, DFCFD5F2D35DDA25DD91B4D732BDF84D1526AB11084E22523D51ABB2A8608402 ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.EXE
23:39:00.0437 0x0edc Creative Service for CDROM Access - ok
23:39:00.0500 0x0edc [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
23:39:00.0500 0x0edc CryptSvc - ok
23:39:00.0625 0x0edc [ B9106942EB5DD0E034AB40A9D48D056E, 0BC15F6991E5F5C46AA9715F28A6326F6DAE56C8669CF38179B6C02A43C1C7C1 ] CT20XUT         C:\WINDOWS\system32\drivers\CT20XUT.SYS
23:39:00.0640 0x0edc CT20XUT - ok
23:39:00.0734 0x0edc [ B9106942EB5DD0E034AB40A9D48D056E, 0BC15F6991E5F5C46AA9715F28A6326F6DAE56C8669CF38179B6C02A43C1C7C1 ] CT20XUT.SYS     C:\WINDOWS\System32\drivers\CT20XUT.SYS
23:39:00.0734 0x0edc CT20XUT.SYS - ok
23:39:01.0093 0x0edc [ F2B1D0A3D21BD0D9F46457CBCEC1A0E9, FECEF831661AA4745166B8076C767A448336C86A4C8F9768EDF12F715DF2A1BE ] ctac32k         C:\WINDOWS\system32\drivers\ctac32k.sys
23:39:01.0093 0x0edc ctac32k - ok
23:39:01.0421 0x0edc [ 44F60A5E3C3A8A6BBA4C280948EA6095, 2315BA4ACFBCEC9AC3139872018A3D7FE033A3E1B997C4E38F1AAF9A7F984F44 ] ctaud2k         C:\WINDOWS\system32\drivers\ctaud2k.sys
23:39:01.0437 0x0edc ctaud2k - ok
23:39:01.0687 0x0edc [ 07BA6D17E66879018B30B6C3F976EBED, 1759CE25519358A47E1B1FA02A415DB5D3F6B511AD3820D0AE8A1533B5DC83CD ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
23:39:01.0703 0x0edc CTAudSvcService - ok
23:39:01.0937 0x0edc [ 8CBE82D6BBF206E144F22CB33FAB1F2C, AE15BAD45E88A77C2A35ECD8D5D13A0C3994171FB39CAC18B4B65A618521E4AF ] ctdvda2k        C:\WINDOWS\system32\drivers\ctdvda2k.sys
23:39:01.0953 0x0edc ctdvda2k - ok
23:39:02.0703 0x0edc [ 4AE083D16AC9FC9BDF98498F93426226, F958A326B6FEAD5632F4D79492B079376989733DC8174B0779E1F9B7B24E661B ] CTEXFIFX        C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
23:39:02.0718 0x0edc CTEXFIFX - ok
23:39:03.0453 0x0edc [ 4AE083D16AC9FC9BDF98498F93426226, F958A326B6FEAD5632F4D79492B079376989733DC8174B0779E1F9B7B24E661B ] CTEXFIFX.SYS    C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
23:39:03.0515 0x0edc CTEXFIFX.SYS - ok
23:39:03.0578 0x0edc [ B610BFE02F9FC0CB0B1CDE3EC4C13FFA, 7CF7182781092495479305C17DE512C35F30E7F247DE9640F33C4DEC586B085A ] CTHWIUT         C:\WINDOWS\system32\drivers\CTHWIUT.SYS
23:39:03.0578 0x0edc CTHWIUT - ok
23:39:03.0625 0x0edc [ B610BFE02F9FC0CB0B1CDE3EC4C13FFA, 7CF7182781092495479305C17DE512C35F30E7F247DE9640F33C4DEC586B085A ] CTHWIUT.SYS     C:\WINDOWS\System32\drivers\CTHWIUT.SYS
23:39:03.0625 0x0edc CTHWIUT.SYS - ok
23:39:03.0656 0x0edc [ F0F19A13C948E5289601E354B08E0941, B2E00B03BA2B7373F2BFF7B833BFC0915A4E4A25F0918A973C6694A43ACD803F ] ctprxy2k        C:\WINDOWS\system32\drivers\ctprxy2k.sys
23:39:03.0656 0x0edc ctprxy2k - ok
23:39:03.0765 0x0edc [ C7B2C36A6203A5F3D0A378FD78C5DDD6, A8FCFF516A336E7E59DC817B3E495D055F80F6C51DA414E919223248CC16FB6D ] ctsfm2k         C:\WINDOWS\system32\drivers\ctsfm2k.sys
23:39:03.0765 0x0edc ctsfm2k - ok
23:39:03.0781 0x0edc dac2w2k - ok
23:39:03.0796 0x0edc dac960nt - ok
23:39:04.0078 0x0edc [ AD164ECA177705D3BC372015903061B6, A191CABEB8FBD62C8A76F7018DC41A7E61A796265F0325EC8C814A64A0835EC7 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
23:39:04.0078 0x0edc DcomLaunch - detected Trojan.Win32.Patched.pj ( 0 )
23:39:06.0000 0x0edc DcomLaunch ( Trojan.Win32.Patched.pj ) - infected
23:39:06.0000 0x0edc Force sending object to P2P due to detect: DcomLaunch
23:39:06.0140 0x0edc Object send P2P result: false
23:39:06.0250 0x0edc [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
23:39:06.0265 0x0edc Dhcp - ok
23:39:06.0312 0x0edc [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
23:39:06.0328 0x0edc Disk - ok
23:39:06.0328 0x0edc dmadmin - ok
23:39:06.0843 0x0edc [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
23:39:06.0859 0x0edc dmboot - ok
23:39:06.0953 0x0edc [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
23:39:06.0968 0x0edc dmio - ok
23:39:06.0984 0x0edc [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
23:39:06.0984 0x0edc dmload - ok
23:39:07.0015 0x0edc [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
23:39:07.0015 0x0edc dmserver - ok
23:39:07.0062 0x0edc [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
23:39:07.0062 0x0edc DMusic - ok
23:39:07.0140 0x0edc [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
23:39:07.0140 0x0edc Dnscache - ok
23:39:07.0250 0x0edc [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
23:39:07.0250 0x0edc Dot3svc - ok
23:39:07.0265 0x0edc dpti2o - ok
23:39:07.0281 0x0edc [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
23:39:07.0281 0x0edc drmkaud - ok
23:39:07.0328 0x0edc [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
23:39:07.0328 0x0edc EapHost - ok
23:39:07.0406 0x0edc [ FB2D6D4D14AE801F5267B0368FC0CB0C, 579804BFF211E14CA5BFAD99675ADB53E8A6228363C3D3C60D356F426A666F7B ] emupia          C:\WINDOWS\system32\drivers\emupia2k.sys
23:39:07.0406 0x0edc emupia - ok
23:39:07.0437 0x0edc [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
23:39:07.0437 0x0edc ERSvc - ok
23:39:07.0515 0x0edc [ B8FA96995726D1FA58476E352C02AD82, 6BBD49B16A19CC3C3337707EFBEB6BC355CB077CBBBC99D8985A3FBB6E871A89 ] ES lite Service C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
23:39:07.0515 0x0edc ES lite Service - ok
23:39:07.0562 0x0edc [ 57AF1036880449056DD8ADAC9F2D1FE1, 0D0257B58FD9F77CC83788FF303299503504ED6CE1AA70CCC41982FD87623176 ] ET5Drv          C:\WINDOWS\system32\Drivers\ET5Drv.sys
23:39:07.0562 0x0edc ET5Drv - ok
23:39:07.0593 0x0edc [ 3AF0AE042AFE486B22644CD3FBEBF2E2, 755A18C1507D0C3F3BF1B0CFAB96BB7D1C3D9D6F862F94B3069D00FC6B92A8AA ] etdrv           C:\WINDOWS\etdrv.sys
23:39:07.0593 0x0edc etdrv - ok
23:39:07.0687 0x0edc [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
23:39:07.0687 0x0edc Eventlog - ok
23:39:07.0859 0x0edc [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
23:39:07.0890 0x0edc EventSystem - ok
23:39:07.0984 0x0edc [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
23:39:07.0984 0x0edc Fastfat - ok
23:39:08.0093 0x0edc [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:39:08.0093 0x0edc FastUserSwitchingCompatibility - ok
23:39:08.0156 0x0edc [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
23:39:08.0156 0x0edc Fdc - ok
23:39:08.0218 0x0edc [ 95BC4D8493FE30312F5E1AB57EF36083, 96664371FC18B71A37112DF510CB7E0CF31BBA2AE6CCF7AA893713F133DA6D79 ] FETNDISB        C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys
23:39:08.0234 0x0edc FETNDISB - ok
23:39:08.0265 0x0edc [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
23:39:08.0265 0x0edc Fips - ok
23:39:08.0281 0x0edc [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:39:08.0281 0x0edc Flpydisk - ok
23:39:08.0375 0x0edc [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
23:39:08.0390 0x0edc FltMgr - ok
23:39:08.0484 0x0edc [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:39:08.0484 0x0edc FontCache3.0.0.0 - ok
23:39:08.0484 0x0edc [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:39:08.0484 0x0edc Fs_Rec - ok
23:39:08.0562 0x0edc [ B7AA8283EC551D3A3B924E520E0621A7, 648D93BCBEC0CE98D4F7E899F276A72F107A87C4215E07399961511DA3C39FDE ] FTDIBUS         C:\WINDOWS\system32\drivers\ftdibus.sys
23:39:08.0562 0x0edc FTDIBUS - ok
23:39:08.0640 0x0edc [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:39:08.0656 0x0edc Ftdisk - ok
23:39:08.0703 0x0edc [ 065639773D8B03F33577F6CDAEA21063, F20D0F3256F5F894CCA48755B23679619B5D02A0F64A142FC6CB619FC0952067 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
23:39:08.0703 0x0edc gameenum - ok
23:39:08.0734 0x0edc [ D556CB79967E92B5CC69686D16C1D846, F4FF679066269392F6B7C3BA6257FC60DD609E4F9C491B00E1A16E4C405B0B9B ] gdrv            C:\WINDOWS\gdrv.sys
23:39:08.0734 0x0edc gdrv - ok
23:39:08.0781 0x0edc [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:39:08.0781 0x0edc Gpc - ok
23:39:08.0906 0x0edc [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:39:08.0906 0x0edc gupdate - ok
23:39:09.0015 0x0edc [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:39:09.0031 0x0edc gupdatem - ok
23:39:09.0078 0x0edc [ 689A8EEF2A2D62B28A0A578A6196531C, 76732A6D009D498D3D8AE687D8E0FB472C9A660494C86AD6242CA606AE76671F ] GVTDrv          C:\WINDOWS\system32\Drivers\GVTDrv.sys
23:39:09.0078 0x0edc GVTDrv - ok
23:39:09.0781 0x0edc [ 7FF1CED1201C169A783B0E81CC561FBA, E0E501A1365E3F3669A3E5DD6A4963EF6D668B8A4E9F31758A597A2ACF136496 ] ha20x2k         C:\WINDOWS\system32\drivers\ha20x2k.sys
23:39:09.0796 0x0edc ha20x2k - ok
23:39:09.0890 0x0edc [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:39:09.0890 0x0edc HDAudBus - ok
23:39:09.0968 0x0edc [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:39:09.0968 0x0edc helpsvc - ok
23:39:10.0015 0x0edc [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
23:39:10.0015 0x0edc HidServ - ok
23:39:10.0062 0x0edc [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:39:10.0062 0x0edc hidusb - ok
23:39:10.0125 0x0edc [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
23:39:10.0140 0x0edc hkmsvc - ok
23:39:10.0140 0x0edc hpn - ok
23:39:10.0187 0x0edc [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:39:10.0187 0x0edc HPZid412 - ok
23:39:10.0203 0x0edc [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:39:10.0203 0x0edc HPZipr12 - ok
23:39:10.0234 0x0edc [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:39:10.0234 0x0edc HPZius12 - ok
23:39:10.0421 0x0edc [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
23:39:10.0421 0x0edc HTTP - ok
23:39:10.0453 0x0edc [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
23:39:10.0468 0x0edc HTTPFilter - ok
23:39:10.0468 0x0edc i2omgmt - ok
23:39:10.0468 0x0edc i2omp - ok
23:39:10.0531 0x0edc [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:39:10.0531 0x0edc i8042prt - ok
23:39:10.0625 0x0edc [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:39:10.0625 0x0edc IDriverT - ok
23:39:11.0171 0x0edc [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:39:11.0203 0x0edc idsvc - ok
23:39:11.0250 0x0edc [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
23:39:11.0265 0x0edc Imapi - ok
23:39:11.0390 0x0edc [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
23:39:11.0390 0x0edc ImapiService - ok
23:39:11.0406 0x0edc ini910u - ok
23:39:14.0781 0x0edc [ 3D3F703B44A26D9C676EC3E2A03BA811, 245611B24148DAA4C36045D80B6C2EF7618E0EC984CE6715AB70754355160040 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:39:14.0984 0x0edc IntcAzAudAddService - ok
23:39:14.0984 0x0edc IntelIde - ok
23:39:15.0031 0x0edc [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
23:39:15.0031 0x0edc Ip6Fw - ok
23:39:15.0046 0x0edc [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:39:15.0046 0x0edc IpFilterDriver - ok
23:39:15.0078 0x0edc [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:39:15.0078 0x0edc IpInIp - ok
23:39:15.0187 0x0edc [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:39:15.0203 0x0edc IpNat - ok
23:39:15.0250 0x0edc [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:39:15.0250 0x0edc IPSec - ok
23:39:15.0281 0x0edc [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
23:39:15.0281 0x0edc IRENUM - ok
23:39:15.0328 0x0edc [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:39:15.0328 0x0edc isapnp - ok
23:39:15.0515 0x0edc [ 77430E8234A0050ECCC5E2F5B30A7BEF, 3D05B97C01B1B7E0700369DEB15C8B5A083309518B6FDBADE6924637DEC4ABFF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
23:39:15.0531 0x0edc JavaQuickStarterService - ok
23:39:15.0593 0x0edc [ FE372FDE0AFC9F724ED9393A33AC9AA7, A4A27F0155FBD8FF2A7930BCA7990231EBC3DB324D2F319540FD4EE97BB5657D ] JRAID           C:\WINDOWS\system32\DRIVERS\jraid.sys
23:39:15.0593 0x0edc JRAID - ok
23:39:15.0656 0x0edc [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:39:15.0671 0x0edc Kbdclass - ok
23:39:15.0671 0x0edc [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:39:15.0671 0x0edc kbdhid - ok
23:39:15.0687 0x0edc kgcidxyp - ok
23:39:15.0828 0x0edc [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
23:39:15.0828 0x0edc kmixer - ok
23:39:15.0906 0x0edc [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
23:39:15.0906 0x0edc KSecDD - ok
23:39:15.0937 0x0edc [ 702E5FFD2DD24B4B00F798953320FC20, 393CE489359526FE3F9583915F637CDE7AC920C9DC73C93E9B0AC8B87A764EE8 ] L8042Kbd        C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
23:39:15.0937 0x0edc L8042Kbd - ok
23:39:16.0031 0x0edc [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
23:39:16.0031 0x0edc LanmanServer - ok
23:39:16.0125 0x0edc [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:39:16.0140 0x0edc lanmanworkstation - ok
23:39:16.0140 0x0edc lbrtfdc - ok
23:39:16.0203 0x0edc [ DAF45F0A91A508E24F0DF886618E2A80, EFDF4582CF64871D726BE82C83E2D2BDD335CE517BDE3142B33E6DD531F40490 ] LHidKE          C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
23:39:16.0203 0x0edc LHidKE - ok
23:39:16.0250 0x0edc [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
23:39:16.0250 0x0edc LmHosts - ok
23:39:16.0296 0x0edc [ 695CAD01CCDAC6F8DDB80375EA80E4A6, A7C2A54D0A15D68D004439238D9DB023A52BEA8887543B9C87BDFDCBDA13CA6D ] LMouKE          C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
23:39:16.0296 0x0edc LMouKE - ok
23:39:16.0343 0x0edc [ D7010580BF4E45D5E793A1FE75758C69, 318D54D8EEFF37B0E5F279EB9A82701B59EF2B845B6079C18C3D4ED586E96FB3 ] MDC8021X        C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
23:39:16.0343 0x0edc MDC8021X - ok
23:39:16.0593 0x0edc [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:39:16.0625 0x0edc MDM - ok
23:39:16.0671 0x0edc [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
23:39:16.0671 0x0edc Messenger - ok
23:39:16.0687 0x0edc [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
23:39:16.0687 0x0edc mnmdd - ok
23:39:16.0734 0x0edc [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
23:39:16.0734 0x0edc mnmsrvc - ok
23:39:16.0796 0x0edc [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
23:39:16.0796 0x0edc Modem - ok
23:39:17.0703 0x0edc [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
23:39:17.0718 0x0edc Monfilt - ok
23:39:17.0734 0x0edc mosuport - ok
23:39:17.0750 0x0edc [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:39:17.0750 0x0edc Mouclass - ok
23:39:17.0765 0x0edc [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:39:17.0765 0x0edc mouhid - ok
23:39:17.0812 0x0edc [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
23:39:17.0812 0x0edc MountMgr - ok
23:39:17.0937 0x0edc [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:39:17.0937 0x0edc MozillaMaintenance - ok
23:39:18.0062 0x0edc [ 24406D75B40F0F6B3C1AC7031D734565, B58AA80E9C3738CFD826D7C8129D5467166A4397CCFEEEF7F14542DEBB659A51 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
23:39:18.0078 0x0edc MpFilter - ok
23:39:18.0078 0x0edc mraid35x - ok
23:39:18.0156 0x0edc [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
23:39:18.0156 0x0edc MREMP50 - ok
23:39:18.0156 0x0edc MREMP50a64 - ok
23:39:18.0156 0x0edc MREMPR5 - ok
23:39:18.0171 0x0edc MRENDIS5 - ok
23:39:18.0187 0x0edc [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
23:39:18.0187 0x0edc MRESP50 - ok
23:39:18.0203 0x0edc MRESP50a64 - ok
23:39:18.0312 0x0edc [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:39:18.0312 0x0edc MRxDAV - ok
23:39:18.0593 0x0edc [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:39:18.0609 0x0edc MRxSmb - ok
23:39:18.0625 0x0edc [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
23:39:18.0625 0x0edc MSDTC - ok
23:39:18.0656 0x0edc [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
23:39:18.0656 0x0edc Msfs - ok
23:39:18.0656 0x0edc MSIServer - ok
23:39:18.0687 0x0edc [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:39:18.0687 0x0edc MSKSSRV - ok
23:39:18.0765 0x0edc [ 37F77AEBFF23A99D1BFB4F34CD2D07F2, 302B5791166A5051939E7CF747ED0AF299FF97D4493E4E7ADC4815C9408027D4 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:39:18.0781 0x0edc MsMpSvc - ok
23:39:18.0828 0x0edc [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:39:18.0828 0x0edc MSPCLOCK - ok
23:39:18.0843 0x0edc [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
23:39:18.0843 0x0edc MSPQM - ok
23:39:18.0906 0x0edc [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:39:18.0906 0x0edc mssmbios - ok
23:39:18.0937 0x0edc [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
23:39:18.0937 0x0edc MSTEE - ok
23:39:18.0968 0x0edc [ CA3E22598F411199ADC2DFEE76CD0AE0, 73ACE780A198467657CD2AF6019F0FC753B4FC6D26A9D6477C88C5396273F77C ] ms_mpu401       C:\WINDOWS\system32\drivers\msmpu401.sys
23:39:18.0968 0x0edc ms_mpu401 - ok
23:39:19.0046 0x0edc [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
23:39:19.0046 0x0edc Mup - ok
23:39:19.0109 0x0edc [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:39:19.0109 0x0edc NABTSFEC - ok
23:39:19.0296 0x0edc [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
23:39:19.0312 0x0edc napagent - ok
23:39:19.0421 0x0edc [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
23:39:19.0437 0x0edc NDIS - ok
23:39:19.0468 0x0edc [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:39:19.0468 0x0edc NdisIP - ok
23:39:19.0500 0x0edc [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:39:19.0500 0x0edc NdisTapi - ok
23:39:19.0562 0x0edc [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:39:19.0562 0x0edc Ndisuio - ok
23:39:19.0609 0x0edc [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:39:19.0609 0x0edc NdisWan - ok
23:39:19.0671 0x0edc [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
23:39:19.0671 0x0edc NDProxy - ok
23:39:19.0703 0x0edc [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
23:39:19.0703 0x0edc NetBIOS - ok
23:39:19.0828 0x0edc [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
23:39:19.0828 0x0edc NetBT - ok
23:39:19.0921 0x0edc [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
23:39:19.0921 0x0edc NetDDE - ok
23:39:20.0000 0x0edc [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
23:39:20.0000 0x0edc NetDDEdsdm - ok
23:39:20.0031 0x0edc [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
23:39:20.0031 0x0edc Netlogon - ok
23:39:20.0156 0x0edc [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
23:39:20.0171 0x0edc Netman - ok
23:39:20.0281 0x0edc [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:39:20.0281 0x0edc NetTcpPortSharing - ok
23:39:20.0343 0x0edc [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:39:20.0343 0x0edc NIC1394 - ok
23:39:20.0531 0x0edc [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
23:39:20.0546 0x0edc Nla - ok
23:39:20.0578 0x0edc [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
23:39:20.0578 0x0edc Npfs - ok
23:39:20.0906 0x0edc [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
23:39:20.0921 0x0edc Ntfs - ok
23:39:20.0937 0x0edc [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
23:39:20.0937 0x0edc NtLmSsp - ok
23:39:21.0218 0x0edc [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
23:39:21.0250 0x0edc NtmsSvc - ok
23:39:21.0265 0x0edc [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
23:39:21.0265 0x0edc Null - ok
23:39:21.0328 0x0edc [ CCE7C2B70D68A5314CBFDF91E84B248D, B9015C546D38100DA908ECCF0839C16B44D6EFE620A4E6CDB9B8E30091881754 ] nusb3hub        C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
23:39:21.0328 0x0edc nusb3hub - ok
23:39:21.0437 0x0edc [ 5A3EFB79D50726FF98D7B5D8CFF9634B, 385A568383322BE9AC64250E553837012640FE5AF7F6B2B32A7FA0B87BB27979 ] nusb3xhc        C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
23:39:21.0437 0x0edc nusb3xhc - ok
23:39:27.0671 0x0edc [ A613A14FB4D9117F42A3A280F64E9EC4, EF3EBFA4745DDB60B5A53777504E9BFF647A26665ECA94855A2E73C6B83A1933 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:39:28.0078 0x0edc nv - ok
23:39:28.0171 0x0edc [ EDDE04805AC865AC8465388DC4A4CCC7, 4E4CEC4E3DAA5122BEE6656748E4D30F37C03E8E909B42E65EDA6141F949A012 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda32.sys
23:39:28.0187 0x0edc NVHDA - ok
23:39:28.0296 0x0edc [ F1AE0BC50661BE09E7BC5919F4C05505, F93855320C937C983006FFC5E7D9F0091A64C8697750FEA34454F02E2C6868F1 ] nvsvc           C:\WINDOWS\system32\nvsvc32.exe
23:39:28.0296 0x0edc nvsvc - ok
23:39:29.0421 0x0edc [ A9AFE5B0648C8D7A411A72D8222F7F6E, A58AF8C615D97C769DA778D56F7E6999AAEB577C82C65455D3B2A8ED5B742777 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:39:29.0437 0x0edc nvUpdatusService - ok
23:39:29.0468 0x0edc [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:39:29.0468 0x0edc NwlnkFlt - ok
23:39:29.0500 0x0edc [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:39:29.0500 0x0edc NwlnkFwd - ok
23:39:29.0562 0x0edc [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:39:29.0562 0x0edc ohci1394 - ok
23:39:29.0640 0x0edc [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:39:29.0656 0x0edc ose - ok
23:39:29.0765 0x0edc [ AC5BF1A610EFFAAE9CFC48CB53483F08, 85CB5D7E359F3E6F05C78D487CE6247FE45116BBFEAE19BCF83072C946BDB98D ] ossrv           C:\WINDOWS\system32\drivers\ctoss2k.sys
23:39:29.0781 0x0edc ossrv - ok
23:39:29.0859 0x0edc [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
23:39:29.0875 0x0edc Parport - ok
23:39:29.0890 0x0edc [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
23:39:29.0890 0x0edc PartMgr - ok
23:39:29.0906 0x0edc [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
23:39:29.0906 0x0edc ParVdm - ok
23:39:29.0953 0x0edc [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
23:39:29.0953 0x0edc PCI - ok
23:39:29.0953 0x0edc PCIDump - ok
23:39:29.0968 0x0edc [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
23:39:29.0968 0x0edc PCIIde - ok
23:39:30.0062 0x0edc [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
23:39:30.0062 0x0edc Pcmcia - ok
23:39:30.0062 0x0edc PDCOMP - ok
23:39:30.0078 0x0edc PDFRAME - ok
23:39:30.0078 0x0edc PDRELI - ok
23:39:30.0093 0x0edc PDRFRAME - ok
23:39:30.0140 0x0edc [ F7BA50EE70940BB00D1F20C8EF2013D6, D72665CE5FE5D152627653236C976046B997121EDF13DC1AAF5C942F5F19821D ] pe3ah4nc        C:\WINDOWS\system32\drivers\pe3ah4nc.sys
23:39:30.0140 0x0edc pe3ah4nc - ok
23:39:30.0156 0x0edc perc2 - ok
23:39:30.0156 0x0edc perc2hib - ok
23:39:30.0250 0x0edc [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
23:39:30.0250 0x0edc PlugPlay - ok
23:39:30.0343 0x0edc [ 2D091A99624FB9E7EEF0A86D872EC0C3, 465C0772E23F7959EC71DCCFA3304E2E46FD31548AE37D7BA3DAAA59E6B561FD ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
23:39:30.0343 0x0edc Pml Driver HPZ12 - ok
23:39:30.0421 0x0edc [ 831883B107684301F48ACE752C963984, EAF383C4ACC17DBB060BB8398225222175E028E1E332E2CE0548C97DAED3620E ] PnkBstrA        C:\WINDOWS\system32\PnkBstrA.exe
23:39:30.0421 0x0edc PnkBstrA - ok
23:39:30.0437 0x0edc [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
23:39:30.0437 0x0edc PolicyAgent - ok
23:39:30.0484 0x0edc [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:39:30.0484 0x0edc PptpMiniport - ok
23:39:30.0484 0x0edc pr2ah4nc - ok
23:39:30.0515 0x0edc [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
23:39:30.0515 0x0edc Processor - ok
23:39:30.0531 0x0edc [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:39:30.0531 0x0edc ProtectedStorage - ok
23:39:30.0593 0x0edc [ 0A84DC4A8A18F743FCEEF41DDF563C4A, 2AEE6C4AD0B488455E13E24E7CFC3F5CC4F825084BB59E6D478EB313ED01F40A ] ps6ah4nc        C:\WINDOWS\system32\drivers\ps6ah4nc.sys
23:39:30.0593 0x0edc ps6ah4nc - ok
23:39:30.0640 0x0edc [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
23:39:30.0640 0x0edc PSched - ok
23:39:30.0656 0x0edc [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:39:30.0656 0x0edc Ptilink - ok
23:39:30.0671 0x0edc ql1080 - ok
23:39:30.0671 0x0edc Ql10wnt - ok
23:39:30.0671 0x0edc ql12160 - ok
23:39:30.0687 0x0edc ql1240 - ok
23:39:30.0687 0x0edc ql1280 - ok
23:39:30.0718 0x0edc [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:39:30.0718 0x0edc RasAcd - ok
23:39:30.0796 0x0edc [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
23:39:30.0812 0x0edc RasAuto - ok
23:39:30.0843 0x0edc [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:39:30.0843 0x0edc Rasl2tp - ok
23:39:30.0984 0x0edc [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
23:39:31.0000 0x0edc RasMan - ok
23:39:31.0015 0x0edc [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:39:31.0031 0x0edc RasPppoe - ok
23:39:31.0031 0x0edc [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
23:39:31.0046 0x0edc Raspti - ok
23:39:31.0171 0x0edc [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:39:31.0171 0x0edc Rdbss - ok
23:39:31.0187 0x0edc [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:39:31.0187 0x0edc RDPCDD - ok
23:39:31.0312 0x0edc [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:39:31.0312 0x0edc rdpdr - ok
23:39:31.0421 0x0edc [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
23:39:31.0437 0x0edc RDPWD - ok
23:39:31.0546 0x0edc [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
23:39:31.0546 0x0edc RDSessMgr - ok
23:39:31.0640 0x0edc [ B2D01290C0E0465ACA54C2088E947823, 6FB6E6CFAF3F2F948B753A0CFF6F9058BF3ED0E421204EE58848F0DFD694A747 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
23:39:31.0640 0x0edc RealNetworks Downloader Resolver Service - ok
23:39:31.0687 0x0edc [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
23:39:31.0703 0x0edc redbook - ok
23:39:31.0765 0x0edc [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
23:39:31.0781 0x0edc RemoteAccess - ok
23:39:31.0828 0x0edc [ 7553D60B85AC53BD4486C418A0FBFCDF, DF5B602BF2B4E8BEA788478097F6F425778F391F9B9C1EF0B2F1C28A17D9C998 ] RemoteControl-USBLAN C:\WINDOWS\system32\DRIVERS\rcblan.sys
23:39:31.0828 0x0edc RemoteControl-USBLAN - ok
23:39:31.0875 0x0edc [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:39:31.0890 0x0edc RemoteRegistry - ok
23:39:31.0906 0x0edc [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
23:39:31.0906 0x0edc ROOTMODEM - ok
23:39:31.0953 0x0edc [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
23:39:31.0953 0x0edc RpcLocator - ok
23:39:32.0203 0x0edc [ AD164ECA177705D3BC372015903061B6, A191CABEB8FBD62C8A76F7018DC41A7E61A796265F0325EC8C814A64A0835EC7 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
23:39:32.0218 0x0edc RpcSs - detected Trojan.Win32.Patched.pj ( 0 )
23:39:32.0218 0x0edc RpcSs ( Trojan.Win32.Patched.pj ) - infected
23:39:32.0218 0x0edc Force sending object to P2P due to detect: RpcSs
23:39:32.0343 0x0edc Object send P2P result: false
23:39:32.0453 0x0edc [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
23:39:32.0453 0x0edc RSVP - ok
23:39:32.0593 0x0edc [ CB9310A5A910648D359C99A857E22A54, 7E24EF1577FC6AEE5B6102DB4126F8EC5B5A1F1D9C46E5B09203B30F3F979C9E ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:39:32.0609 0x0edc RTLE8023xp - ok
23:39:32.0640 0x0edc [ 376218D4209B1E749953F9EDEF0CEF2E, 68148C7539D7FC1642E1DBDF6E196B6E9BFD63E362F617218C6AE31EA3BE72BD ] RTLTEAMING      C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS
23:39:32.0640 0x0edc RTLTEAMING - ok
23:39:32.0671 0x0edc [ 6EC43DC18746BB9B6DDEC4C99B15B6FC, 92AC8D03345774D55743F443EFBA0479EBFB995BFDBBBD06B630DAB5EF065D05 ] RTLVLAN         C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
23:39:32.0671 0x0edc RTLVLAN - ok
23:39:32.0703 0x0edc [ 5FFD2AAF467B80FAB34929AFB7702060, FCBC04F23D522E959DE388AF2261EEDF28870E7ECA391E4940F14BFBC78AC0EF ] RtNdPt5x        C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys
23:39:32.0703 0x0edc RtNdPt5x - ok
23:39:32.0734 0x0edc [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
23:39:32.0734 0x0edc SamSs - ok
23:39:32.0828 0x0edc [ 230FD3749904CA045EA5EC0AA14006E9, D7C79238F862B471740AFF4CC3982658D1339795E9EC884A8921EFE2E547D7C3 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x86\Sandra.sys
23:39:32.0843 0x0edc SANDRA - ok
23:39:32.0906 0x0edc [ A740F0412A3C994FB3BC1871B79E46CF, E831017CCBF6FAC3120691F6B27C4FEB228CB6A0AA763B15BAD142CC8D462FF9 ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\RpcAgentSrv.exe
23:39:32.0906 0x0edc SandraAgentSrv - ok
23:39:32.0968 0x0edc [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
23:39:32.0968 0x0edc SCardSvr - ok
23:39:33.0109 0x0edc [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
23:39:33.0125 0x0edc Schedule - ok
23:39:35.0515 0x0edc [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
23:39:35.0578 0x0edc SDScannerService - ok
23:39:36.0203 0x0edc [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
23:39:36.0218 0x0edc SDUpdateService - ok
23:39:36.0343 0x0edc [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
23:39:36.0343 0x0edc SDWSCService - ok
23:39:36.0375 0x0edc [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:39:36.0375 0x0edc Secdrv - ok
23:39:36.0406 0x0edc [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
23:39:36.0421 0x0edc seclogon - ok
23:39:36.0453 0x0edc [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
23:39:36.0453 0x0edc SENS - ok
23:39:36.0515 0x0edc [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
23:39:36.0515 0x0edc serenum - ok
23:39:36.0562 0x0edc [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
23:39:36.0562 0x0edc Serial - ok
23:39:36.0703 0x0edc [ 4C0D673281178CB496011A2E28571FC8, 14CFB50F3EA987C4485475B2E5EC85C137949911495245F29FE64723C909C9E8 ] sfdrv01         C:\WINDOWS\system32\drivers\sfdrv01.sys
23:39:36.0703 0x0edc sfdrv01 - ok
23:39:36.0718 0x0edc [ 15BE2B5E4DC5B8623CF167720682ABC9, FAECDC0DCB6EACE8130B278E2FB84B9523AB10329A00B24043B9C76867B917F0 ] sfhlp02         C:\WINDOWS\system32\drivers\sfhlp02.sys
23:39:36.0718 0x0edc sfhlp02 - ok
23:39:36.0750 0x0edc [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
23:39:36.0750 0x0edc Sfloppy - ok
23:39:36.0765 0x0edc [ EFEBBC1D13FDB77A6AF4EDDFC7232EDF, 32888536C6E632DF78EC09A4CFB990B08ED75DB049DDF2612F548CC8FEB8D503 ] sfsync02        C:\WINDOWS\system32\drivers\sfsync02.sys
23:39:36.0765 0x0edc sfsync02 - ok
23:39:36.0812 0x0edc [ 9EF50060CC7E6953BAB83F2A42CCC421, DBE1FE12A50E08399275595196D96BAD21E0202BB4C6B276A38A8DA49F2D21A8 ] sfvfs02         C:\WINDOWS\system32\drivers\sfvfs02.sys
23:39:36.0812 0x0edc sfvfs02 - ok
23:39:37.0031 0x0edc [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
23:39:37.0046 0x0edc SharedAccess - ok
23:39:37.0125 0x0edc [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:39:37.0125 0x0edc ShellHWDetection - ok
23:39:37.0140 0x0edc Simbad - ok
23:39:37.0171 0x0edc [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:39:37.0171 0x0edc SLIP - ok
23:39:44.0218 0x0edc [ 11FEB56E945687BD356CADB4F62DA199, FC1CAB2925765C985FC9ADF9E4C26C12C27AB32CEA42DC2A7FA200437BA1DF98 ] SNP2STD         C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
23:39:44.0515 0x0edc SNP2STD - ok
23:39:44.0578 0x0edc [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
23:39:44.0578 0x0edc SONYPVU1 - ok
23:39:44.0578 0x0edc Sparrow - ok
23:39:44.0609 0x0edc [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
23:39:44.0609 0x0edc splitter - ok
23:39:44.0687 0x0edc [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
23:39:44.0687 0x0edc Spooler - ok
23:39:44.0734 0x0edc [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
23:39:44.0734 0x0edc sr - ok
23:39:44.0875 0x0edc [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
23:39:44.0890 0x0edc srservice - ok
23:39:45.0109 0x0edc [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
23:39:45.0140 0x0edc Srv - ok
23:39:45.0218 0x0edc [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
23:39:45.0218 0x0edc SSDPSRV - ok
23:39:45.0437 0x0edc [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
23:39:45.0468 0x0edc stisvc - ok
23:39:45.0500 0x0edc [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:39:45.0500 0x0edc streamip - ok
23:39:45.0531 0x0edc [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
23:39:45.0531 0x0edc swenum - ok
23:39:45.0562 0x0edc [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
23:39:45.0578 0x0edc swmidi - ok
23:39:45.0578 0x0edc SwPrv - ok
23:39:45.0578 0x0edc symc810 - ok
23:39:45.0593 0x0edc symc8xx - ok
23:39:45.0593 0x0edc sym_hi - ok
23:39:45.0593 0x0edc sym_u3 - ok
23:39:45.0656 0x0edc [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
23:39:45.0656 0x0edc sysaudio - ok
23:39:45.0718 0x0edc [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
23:39:45.0734 0x0edc SysmonLog - ok
23:39:45.0906 0x0edc [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
23:39:45.0906 0x0edc TapiSrv - ok
23:39:46.0156 0x0edc [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:39:46.0171 0x0edc Tcpip - ok
23:39:46.0218 0x0edc [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
23:39:46.0218 0x0edc TDPIPE - ok
23:39:46.0250 0x0edc [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
23:39:46.0250 0x0edc TDTCP - ok
23:39:46.0281 0x0edc [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
23:39:46.0281 0x0edc TermDD - ok
23:39:46.0484 0x0edc [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
23:39:46.0500 0x0edc TermService - ok
23:39:46.0609 0x0edc [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
23:39:46.0609 0x0edc Themes - ok
23:39:46.0687 0x0edc [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
23:39:46.0703 0x0edc TlntSvr - ok
23:39:46.0750 0x0edc TosIde - ok
23:39:46.0843 0x0edc [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
23:39:46.0843 0x0edc TrkWks - ok
23:39:46.0906 0x0edc [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
23:39:46.0906 0x0edc Udfs - ok
23:39:46.0937 0x0edc ultra - ok
23:39:47.0156 0x0edc [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
23:39:47.0171 0x0edc Update - ok
23:39:47.0296 0x0edc [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
23:39:47.0296 0x0edc upnphost - ok
23:39:47.0328 0x0edc [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
23:39:47.0328 0x0edc UPS - ok
23:39:47.0390 0x0edc [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:39:47.0390 0x0edc usbccgp - ok
23:39:47.0421 0x0edc [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:39:47.0421 0x0edc usbehci - ok
23:39:47.0468 0x0edc [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:39:47.0468 0x0edc usbhub - ok
23:39:47.0484 0x0edc [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:39:47.0484 0x0edc usbohci - ok
23:39:47.0515 0x0edc [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:39:47.0515 0x0edc usbprint - ok
23:39:47.0546 0x0edc [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:39:47.0546 0x0edc usbscan - ok
23:39:47.0562 0x0edc [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:39:47.0578 0x0edc USBSTOR - ok
23:39:47.0609 0x0edc [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
23:39:47.0609 0x0edc VgaSave - ok
23:39:47.0609 0x0edc ViaIde - ok
23:39:47.0656 0x0edc [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
23:39:47.0656 0x0edc VolSnap - ok
23:39:47.0828 0x0edc [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
23:39:47.0828 0x0edc VSS - ok
23:39:47.0953 0x0edc [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
23:39:47.0968 0x0edc W32Time - ok
23:39:48.0000 0x0edc [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:39:48.0000 0x0edc Wanarp - ok
23:39:48.0062 0x0edc [ 4C0B8EF721783F52F8E531FBDC4B1F74, FA603ADA2FCA64E03D3642B335AD4454CEE3AE9FDEA21FCF9BA2D16DACBB1BDD ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
23:39:48.0062 0x0edc wceusbsh - ok
23:39:48.0078 0x0edc WDICA - ok
23:39:48.0156 0x0edc [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
23:39:48.0156 0x0edc wdmaud - ok
23:39:48.0203 0x0edc [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
23:39:48.0203 0x0edc WebClient - ok
23:39:48.0390 0x0edc [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
23:39:48.0390 0x0edc winmgmt - ok
23:39:49.0296 0x0edc [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:39:49.0328 0x0edc wlidsvc - ok
23:39:49.0359 0x0edc [ 5D410936831F7FB58EFF941EAC3F6D3D, 5A1E769F75562802CC0EAA44215501925EA4C260AD7A975CEE4AB8DCA2BB82C9 ] WmBEnum         C:\WINDOWS\system32\drivers\WmBEnum.sys
23:39:49.0359 0x0edc WmBEnum - ok
23:39:49.0421 0x0edc [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
23:39:49.0421 0x0edc WmdmPmSN - ok
23:39:49.0484 0x0edc [ 7A13CFDE92956CA61A0927D766C5AD4F, 96B337903B7E59A7D60FE4A27064A993EF244D3D736016FFC13465C8F44068F8 ] WmFilter        C:\WINDOWS\system32\drivers\WmFilter.sys
23:39:49.0484 0x0edc WmFilter - ok
23:39:49.0515 0x0edc [ 1F596392149CAC51F7C095AF7D533934, 7D8649D951E7719DE49B5E7BA4296A0736753A73FE30A45F96F370ADD81E6B2B ] WmHidLo         C:\WINDOWS\system32\drivers\WmHidLo.sys
23:39:49.0515 0x0edc WmHidLo - ok
23:39:49.0906 0x0edc [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
23:39:49.0921 0x0edc Wmi - ok
23:39:49.0953 0x0edc [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:39:49.0953 0x0edc WmiAcpi - ok
23:39:50.0031 0x0edc [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:39:50.0046 0x0edc WmiApSrv - ok
23:39:50.0609 0x0edc [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
23:39:50.0640 0x0edc WMPNetworkSvc - ok
23:39:50.0671 0x0edc [ 6F04646BC690F8BBFC344BE32A60796D, DE2B4BE88CE38D6297F58BE2C643A3838C0470E2E3AB6289755E39B5E59061D7 ] WmVirHid        C:\WINDOWS\system32\drivers\WmVirHid.sys
23:39:50.0671 0x0edc WmVirHid - ok
23:39:50.0718 0x0edc [ 1D6CA43D562333F4DFB40BCEF2453F3A, BEEC5587ACE8ABF1DB0B9B68E43B29082AA2F4A6415CEC8536086944D506A704 ] WmXlCore        C:\WINDOWS\system32\drivers\WmXlCore.sys
23:39:50.0718 0x0edc WmXlCore - ok
23:39:50.0750 0x0edc [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
23:39:50.0750 0x0edc WpdUsb - ok
23:39:51.0296 0x0edc [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:39:51.0343 0x0edc WPFFontCache_v0400 - ok
23:39:51.0375 0x0edc [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:39:51.0375 0x0edc WS2IFSL - ok
23:39:51.0468 0x0edc [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
23:39:51.0468 0x0edc wscsvc - ok
23:39:51.0500 0x0edc [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:39:51.0500 0x0edc WSTCODEC - ok
23:39:51.0531 0x0edc [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
23:39:51.0531 0x0edc wuauserv - ok
23:39:51.0609 0x0edc [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:39:51.0609 0x0edc WudfPf - ok
23:39:51.0687 0x0edc [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:39:51.0687 0x0edc WudfRd - ok
23:39:51.0750 0x0edc [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
23:39:51.0765 0x0edc WudfSvc - ok
23:39:52.0093 0x0edc [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
23:39:52.0109 0x0edc WZCSVC - ok
23:39:52.0187 0x0edc [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
23:39:52.0203 0x0edc xmlprov - ok
23:39:52.0218 0x0edc ================ Scan global ===============================
23:39:52.0296 0x0edc [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
23:39:52.0500 0x0edc [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
23:39:52.0828 0x0edc [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
23:39:52.0937 0x0edc [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
23:39:52.0953 0x0edc [ Global ] - ok
23:39:52.0953 0x0edc ================ Scan MBR ==================================
23:39:52.0984 0x0edc [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:39:53.0375 0x0edc \Device\Harddisk0\DR0 - ok
23:39:53.0375 0x0edc [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk1\DR1
23:39:53.0546 0x0edc \Device\Harddisk1\DR1 - ok
23:39:53.0546 0x0edc [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
23:39:53.0625 0x0edc \Device\Harddisk2\DR2 - ok
23:39:53.0625 0x0edc ================ Scan VBR ==================================
23:39:53.0625 0x0edc [ 50A6E9C0155B0BC028401A3F54BD6C26 ] \Device\Harddisk0\DR0\Partition1
23:39:53.0671 0x0edc \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
23:39:53.0671 0x0edc \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
23:39:53.0671 0x0edc [ 08F97BE32741514B11313743CD951276 ] \Device\Harddisk1\DR1\Partition1
23:39:53.0687 0x0edc \Device\Harddisk1\DR1\Partition1 - ok
23:39:53.0703 0x0edc [ 9D34C75B2A072A97F9F7C7AC029FEC29 ] \Device\Harddisk2\DR2\Partition1
23:39:53.0703 0x0edc \Device\Harddisk2\DR2\Partition1 - ok
23:39:53.0703 0x0edc ================ Scan generic autorun ======================
23:40:04.0375 0x0edc [ 80233DB66B8B836365B9D0039EC4398F, 1DF2EBAB5770A20123576D37E5381A5BE99EE62496369501EC0EB1DC35F4B5B9 ] C:\WINDOWS\RTHDCPL.EXE
23:40:04.0796 0x0edc RTHDCPL - ok
23:40:04.0906 0x0edc [ 1A5024838562999647A7E1B6B62F91F4, 7E9FD5D6C3D807280339A4D7F53B69D9208DAFFA102467350E2BB95D288C5E3B ] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
23:40:04.0906 0x0edc NUSB3MON - ok
23:40:04.0937 0x0edc [ 06D5A9AD6EE1A674939D3DA635B1DCAF, DC9E2D714046EF2B1440E8AE14A90AEA237C0CD9C2B5C229880EB7691FCFB739 ] C:\WINDOWS\KHALMNPR.EXE
23:40:04.0937 0x0edc Logitech Hardware Abstraction Layer - ok
23:40:04.0968 0x0edc [ DB4E2D9C09A5762CB2551222B5E443B2, 318AD09D1821E38B7D7ACC0A06965057B494A752C9E34FD1CA41247DC703F985 ] C:\WINDOWS\RaidTool\xInsIDE.exe
23:40:04.0984 0x0edc JMB36X IDE Setup - ok
23:40:05.0140 0x0edc [ 2AD3D568D73CA713DB156AD0ED87FB0E, AA1F1150EB9F7182F86879D812AD8FCB8422C4DB40F8E11B7139DA1E04CC37F7 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
23:40:05.0140 0x0edc HPDJ Taskbar Utility - ok
23:40:05.0171 0x0edc [ D15D7DCB64E24F4D96CF7DD7C9DCDC14, 3CC2391B437CE5D5D03D769E1AADB97CBABF829BDD132CB7C4B3B8B14B17299D ] C:\WINDOWS\system32\CTXFIHLP.EXE
23:40:05.0171 0x0edc CTxfiHlp - ok
23:40:05.0546 0x0edc [ 12FD7C1EADDDA10A67B1D6F905B3CC1E, 54FA875C5C3D7AD2D5AE966C72C63558D152455AB78816F31345443F0B13D89F ] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
23:40:05.0562 0x0edc ContentTransferWMDetector.exe - ok
23:40:06.0203 0x0edc [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:40:06.0218 0x0edc Adobe ARM - ok
23:40:07.0343 0x0edc [ 00949C5379AA037C86CB8B583EE98835, F69119B5C0064162DF39D11E47DB598D29C39F400B5D3E1E5570EBE2ECFE0848 ] C:\WINDOWS\system32\xRaidSetup.exe
23:40:07.0390 0x0edc 36X Raid Configurer - ok
23:40:07.0468 0x0edc [ C50D35A53B4AAF0B6D2170078CEF0003, 669A8CEAB65B419BF374C99C7585D87C263404100B348684C7CF8A8F208C0C6C ] C:\Program Files\Gigabyte\ET5\ETcall.exe
23:40:07.0468 0x0edc EasyTuneV - ok
23:40:07.0640 0x0edc [ 2CA13F4DA2ACC186BBD4C9E987797BC5, FD1615EB3F037E1FAF9D46FCDCE11A8140FDC4D4D7766728DC2BA8976641E41F ] C:\WINDOWS\tsnp2std.exe
23:40:07.0640 0x0edc tsnp2std - ok
23:40:08.0625 0x0edc [ ED617CEBED57C320945E727501078F9E, 8E641EAE2A05FE0423B45D751CE97051D6CEF8B390678280036E7B026AFC3E8B ] C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
23:40:08.0671 0x0edc ADSK DLMSession - ok
23:40:08.0671 0x0edc NvMediaCenter - ok
23:40:09.0265 0x0edc [ 6B08632F7634F344372B25A507DA7C47, C955BFB0F4601A4D1077119B204785FE4CB975E961D2AEE9C2BFA6EDC27E3CE2 ] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
23:40:09.0281 0x0edc Nvtmru - ok
23:40:09.0859 0x0edc [ 9C402036893E6573C6D593F33E115B95, FEF45B18A00AAEE3E4AAABB62BF1B773B074C614FE5FA02B4B511A1C392A5F7B ] c:\Program Files\Microsoft Security Client\msseces.exe
23:40:09.0890 0x0edc MSC - ok
23:40:09.0968 0x0edc [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
23:40:09.0968 0x0edc APSDaemon - ok
23:40:13.0140 0x0edc [ AF49D1C79EA49A7833017F290EE63B82, FFE98E8F6AE3BFAB324B3A7C6C6C00545C597A6861CBDD82ACE97591C6A1D287 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
23:40:13.0296 0x0edc SDTray - ok
23:40:13.0312 0x0edc NvCplDaemon - ok
23:40:13.0562 0x0edc [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files\QuickTime\qttask.exe
23:40:13.0593 0x0edc QuickTime Task - ok
23:40:13.0859 0x0edc [ 95A7E88A5F4EF79C605413F00A945CD3, 28B704FF81506F512240E589D4C860B0A6168911A6893E3754056C2F03106118 ] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
23:40:13.0859 0x0edc BCU - ok
23:40:14.0093 0x0edc [ 32A49C8F69802B36CAE00AB23748B9D4, 5B43D6A3162624E067E0676EBCE4AB4B8833ADFB60D3BFBD4D3EE0BE4406F0A9 ] C:\WINDOWS\vsnp2std.exe
23:40:14.0093 0x0edc snp2std - ok
23:40:14.0109 0x0edc [ 1C1DB86A882AB2532EEC09507190E019, 16204FF683C992BEE4776C2716476BA61C432D674966BED3B350B099AF8A2975 ] C:\WINDOWS\FixCamera.exe
23:40:14.0125 0x0edc FixCamera - ok
23:40:14.0156 0x0edc [ 6F283AC7232A327B3508D4E11E0D76D4, 56A4DF2F02C5F56D3260CA5E5726C484D0A5FFFCE21F1D7CB76A4C2AA25D0D15 ] C:\WINDOWS\system32\CTHELPER.EXE
23:40:14.0156 0x0edc CTHelper - ok
23:40:14.0921 0x0edc [ 5515EB5E3A8B073F66CFC697EB0D4B55, 308B2996AC15268D4D2B5AECD91E6B5BBEBB9A659AC0188C781B8E3E414923CD ] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
23:40:14.0953 0x0edc H/PC Connection Agent - ok
23:40:14.0984 0x0edc [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
23:40:14.0984 0x0edc ctfmon.exe - ok
23:40:15.0015 0x0edc AV detected via SS1: Microsoft Security Essentials, 4.3.0215.0, disabled, updated
23:40:15.0015 0x0edc AV detected via SS1: Microsoft Security Essentials, 2.1.6805.0, disabled, updated
23:40:15.0015 0x0edc Win FW state via NFM: enabled
23:40:15.0015 0x0edc ============================================================
23:40:15.0015 0x0edc Scan finished
23:40:15.0015 0x0edc ============================================================
23:40:15.0015 0x0d20 Detected object count: 3
23:40:15.0015 0x0d20 Actual detected object count: 3
23:41:08.0656 0x0d20 C:\WINDOWS\system32\rpcss.dll - copied to quarantine
23:41:09.0687 0x0d20 Backup copy found through SCO, using it..
23:41:09.0968 0x0d20 C:\WINDOWS\system32\rpcss.dll - will be cured on reboot
23:41:09.0968 0x0d20 DcomLaunch ( Trojan.Win32.Patched.pj ) - User select action: Cure
23:41:10.0343 0x0d20 C:\WINDOWS\System32\rpcss.dll - copied to quarantine
23:41:10.0750 0x0d20 Backup copy found through SCO, using it..
23:41:11.0078 0x0d20 C:\WINDOWS\System32\rpcss.dll - will be cured on reboot
23:41:11.0078 0x0d20 RpcSs ( Trojan.Win32.Patched.pj ) - User select action: Cure
23:41:11.0109 0x0d20 \Device\Harddisk0\DR0\Partition1 - copied to quarantine
23:41:11.0156 0x0d20 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
23:41:11.0156 0x0d20 \Device\Harddisk0\DR0\Partition1 - ok
23:41:11.0156 0x0d20 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
23:41:12.0546 0x0d20 KLMD registered as C:\WINDOWS\system32\drivers\79719845.sys
23:41:20.0609 0x0a60 Deinitialize success
23:51:36.0437 0x08a4 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
23:51:36.0453 0x08a4 ============================================================
23:51:36.0453 0x08a4 Current date / time: 2014/08/17 23:51:36.0453
23:51:36.0453 0x08a4 SystemInfo:
23:51:36.0453 0x08a4
23:51:36.0453 0x08a4 OS Version: 5.1.2600 ServicePack: 3.0
23:51:36.0453 0x08a4 Product type: Workstation
23:51:36.0453 0x08a4 ComputerName: GCDI
23:51:36.0453 0x08a4 UserName: MIKE
23:51:36.0453 0x08a4 Windows directory: C:\WINDOWS
23:51:36.0453 0x08a4 System windows directory: C:\WINDOWS
23:51:36.0453 0x08a4 Processor architecture: Intel x86
23:51:36.0453 0x08a4 Number of processors: 4
23:51:36.0453 0x08a4 Page size: 0x1000
23:51:36.0453 0x08a4 Boot type: Normal boot
23:51:36.0453 0x08a4 ============================================================
23:51:36.0453 0x08a4 BG loaded
23:51:44.0281 0x08a4 System UUID: {10910ED2-1C4C-2CE7-C3B8-0B2CB9F114C3}
23:51:56.0812 0x08a4 Drive \Device\Harddisk0\DR0 - Size: 0xE8E09ADE00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
23:51:57.0125 0x08a4 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
23:51:57.0156 0x08a4 Drive \Device\Harddisk2\DR2 - Size: 0x114FB27E00 ( 69.25 Gb ), SectorSize: 0x200, Cylinders: 0x234F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
23:51:57.0375 0x08a4 ============================================================
23:51:57.0375 0x08a4 \Device\Harddisk0\DR0:
23:52:26.0265 0x08a4 MBR partitions:
23:52:26.0265 0x08a4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x746FDC00
23:52:26.0265 0x08a4 \Device\Harddisk1\DR1:
23:52:26.0296 0x08a4 MBR partitions:
23:52:26.0296 0x08a4 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
23:52:26.0296 0x08a4 \Device\Harddisk2\DR2:
23:52:26.0296 0x08a4 MBR partitions:
23:52:26.0296 0x08a4 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8A7818F
23:52:26.0296 0x08a4 ============================================================
23:52:54.0093 0x08a4 C: <-> \Device\Harddisk0\DR0\Partition1
23:53:01.0234 0x08a4 E: <-> \Device\Harddisk2\DR2\Partition1
23:53:01.0343 0x08a4 F: <-> \Device\Harddisk1\DR1\Partition1
23:53:02.0265 0x08a4 ============================================================
23:53:02.0265 0x08a4 Initialize success
23:53:02.0265 0x08a4 ============================================================

#40 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 19 August 2014 - 05:15 AM

Hi gcdi,

How is the computer now?

You had some very serious infections on this machine including 2 patched system files/processes and a bootkit. This was besides the CryptoWall infection.

I strongly suggest you do the following immediately:

From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

I don't think you need to worry about the Windows reactivation message. I'm pretty sure it was some scareware from the friendly folks that infected you.

Let's make sure this service is disabled as it should be.

Click start
click run
into the run box copy and paste services.msc and click ok
in the right panel please locate Messenger
right click on it and click properties
beside startup type use the dropdown menu to set it to disabled
in the service status section click stop
click ok
close the services window by clicking the x

Please follow all previous instructions regarding security programs.

Open a new Notepad session

Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.
Copy and paste all the text in the code box below into the Notepad.

File::
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\foorv.exe
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ezoxid.exe
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ifvai.exe
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\taid.exe
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\wolea.exe
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\gyim.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\duusak.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\egciot.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ezru.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\itizew.exe
C:\Documents and Settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\ahekyl.exe
C:\Documents and Settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\avqo.exe
C:\Documents and Settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\evuwyq.exe
C:\Documents and Settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\olke.exe
C:\Documents and Settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\doosdu.exe
c:\windows\system32\kagaulqa.exe
c:\windows\system32\hnvichoj.exe

Folder::
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive

In the notepad

Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Please post back with

combofix log

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

Advertisements

Register to Remove

#41 gcdi

Authentic Member

Authentic Member
119 posts

Posted 19 August 2014 - 11:07 PM

the messanger service was already disabled.

the computer is starting to act a little more normal.

it is still very slow to start up and still stalls or freezes ( whatever you prefer to call it)

I also get the same three errors on start up except the windows activation is now down to one day.

It says something like since windows was activated the hardware has changed so windows needs to be reactivated.

here's the log

ComboFix 14-08-19.01 - MIKE 08/19/2014 23:17:17.6.4 - x86
Running from: c:\documents and settings\MIKE\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\MIKE\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
FILE ::
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\duusak.exe"
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\egciot.exe"
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\ezru.exe"
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\itizew.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\ezoxid.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\foorv.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\gyim.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\ifvai.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\taid.exe"
"c:\documents and settings\Default User\Start Menu\Programs\Startup\wolea.exe"
"c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\ahekyl.exe"
"c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\avqo.exe"
"c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\doosdu.exe"
"c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\evuwyq.exe"
"c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\olke.exe"
"c:\windows\system32\hnvichoj.exe"
"c:\windows\system32\kagaulqa.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\ClientMemory\DisplayXpCom.js
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\ClientMemory\manifest.json
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\EthernetMigration.opt
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\NetworkBackup.jrn
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\NotifyMouse.inf
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\36.0.1985.125.manifest
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\chrome.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\chrome_100_percent.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\chrome_200_percent.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\chrome_child.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\chrome_elf.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\d3dcompiler_43.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\d3dcompiler_46.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\default_apps\docs.crx
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\default_apps\drive.crx
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\default_apps\external_extensions.json
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\default_apps\gmail.crx
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\default_apps\search.crx
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\default_apps\youtube.crx
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\delegate_execute.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Extensions\external_extensions.json
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\ffmpegsumo.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\icudtl.dat
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\libegl.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\libexif.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\libglesv2.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\libpeerconnection.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\am.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ar.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\bg.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\bn.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ca.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\cs.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\da.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\de.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\el.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\en-GB.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\en-US.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\es-419.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\es.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\et.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\fa.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\fi.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\fil.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\fr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\gu.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\he.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\hi.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\hr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\hu.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\id.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\it.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ja.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\kn.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ko.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\lt.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\lv.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ml.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\mr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ms.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\nb.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\nl.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\pl.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\pt-BR.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\pt-PT.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ro.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ru.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\sk.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\sl.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\sr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\sv.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\sw.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\ta.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\te.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\th.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\tr.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\uk.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\vi.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\zh-CN.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\Locales\zh-TW.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\metro_driver.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\mksnapshot.ia32.exe.assert.manifest
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\nacl_irt_x86_32.nexe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\nacl_irt_x86_64.nexe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\nacl64.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\pdf.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\PepperFlash\manifest.json
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\PepperFlash\pepflashplayer.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\ppgooglenaclpluginchrome.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\resources.pak
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\secondarytile.png
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\VisualElements\logo.png
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\VisualElements\smalllogo.png
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\VisualElements\splash-620x300.png
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\widevinecdmadapter.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\36.0.1985.125\xinput1_3.dll
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\browser.exe
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\debug.log
c:\documents and settings\MIKE\Local Settings\Application Data\BackupDrive\PerfomanceKernel\wow_helper.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-20 to 2014-08-20 )))))))))))))))))))))))))))))))
.
.
2014-08-18 04:41 . 2014-08-18 04:41   --------   d-----w-   C:\TDSSKiller_Quarantine
2014-08-18 02:25 . 2014-08-18 02:25   664   ----a-w-   c:\windows\system32\config\systemprofile\Local Settings\Application Data\d3d9caps.tmp
2014-08-18 02:22 . 2014-08-18 02:22   --------   d-----w-   C:\370eed2c1fb4b17355722023dc43020b
2014-08-16 07:42 . 2014-08-18 03:45   --------   d-----w-   c:\documents and settings\MIKE\Local Settings\Application Data\InitVideo
2014-08-16 07:29 . 2011-09-07 02:37   454144   ----a-w-   c:\windows\system32\kagaulqa.exe
2014-08-16 07:29 . 2014-08-16 07:29   58632   ----a-w-   c:\windows\system32\hnvichoj.exe
2014-08-09 17:26 . 2014-07-02 03:11   8217224   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{432C8C14-1084-497B-BE3D-077D2879B792}\mpengine.dll
2014-08-03 09:53 . 2014-08-03 09:53   188304   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2014-08-03 04:43 . 2014-08-03 04:43   --------   d-----w-   C:\_OTL
2014-08-02 20:09 . 2014-08-02 20:09   49088   ----a-w-   c:\windows\system32\drivers\mrckvjsi.sys
2014-08-01 05:06 . 2014-07-02 03:11   8217224   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-31 14:48 . 2008-04-14 00:12   221184   ----a-w-   c:\windows\system32\wmpns.dll
2014-07-31 09:25 . 2014-07-31 09:25   --------   d-----w-   c:\program files\NetSurveillance
2014-07-27 19:01 . 2014-07-27 19:03   --------   d-----w-   c:\program files\CMS
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-20 03:53 . 2012-09-16 21:01   17488   ----a-w-   c:\windows\gdrv.sys
2014-08-18 04:43 . 2004-08-04 12:00   402944   ----a-w-   c:\windows\system32\rpcss.dll
2014-08-16 04:53 . 2014-07-14 08:14   110296   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-08-18 . A2D92AFDEAB247E6A76C6900DCBF157D . 402944 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . A2D92AFDEAB247E6A76C6900DCBF157D . 402944 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[7] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[7] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-23 28160]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 176128]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2009-08-26 1970176]
"EasyTuneV"="c:\program files\Gigabyte\ET5\ETcall.exe" [2007-08-14 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-08-31 262144]
"ADSK DLMSession"="c:\program files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2012-05-16 1632216]
"NvMediaCenter"="NvMCTray.dll" [2013-06-21 223008]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-06-21 15677728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"snp2std"="c:\windows\vsnp2std.exe" [2007-08-07 348160]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
ezoxid.exe [2014-8-4 303266]
foorv.exe [2014-8-16 454144]
ifvai.exe [2014-7-31 307232]
taid.exe [2014-8-2 305269]
wolea.exe [2014-8-5 302329]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
duusak.exe [2014-8-5 302329]
egciot.exe [2014-8-2 305269]
ezru.exe [2014-7-31 307232]
gyim.exe [2014-8-16 454144]
itizew.exe [2014-8-4 303266]
.
c:\documents and settings\UpdatusUser.GCDI-F7150E40D8.001\Start Menu\Programs\Startup\
ahekyl.exe [2014-8-5 302329]
avqo.exe [2014-8-4 303266]
doosdu.exe [2014-8-16 454144]
evuwyq.exe [2014-7-31 307232]
olke.exe [2014-8-2 305269]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"e:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"e:\\Program Files\\Activision Value\\Baja 1000\\Baja.exe"=
"c:\\Program Files\\real\\realplayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed ProStreet\\nfs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Atari\\TDU2\\UpLauncher.exe"=
"c:\\Program Files\\Atari\\TDU2\\TestDrive2.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011b\\RpcAgentSrv.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\Gigabyte\\ET5\\update.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"e:\\Program Files\\steam\\Steam.exe"=
"e:\\Program Files\\steam\\SteamApps\\common\\RIDGE RACER Driftopia\\RIDGE RACER Driftopia_46358301.exe"=
"e:\\Program Files\\steam\\SteamApps\\common\\GTI Racing\\GTIRacing.exe"=
"c:\\Program Files\\Activision\\Blur™\\Blur.exe"=
"c:\\Program Files\\Electronic Arts\\SHIFT 2 UNLEASHED\\shift2u.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2011b\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\CMS\\CMS.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3074:TCP"= 3074:TCP:fuel
"3074:UDP"= 3074:UDP:fuel
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R1 kgcidxyp;kgcidxyp;c:\windows\system32\drivers\kgcidxyp.sys [x]
R2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
R3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-31 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 171096]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1324120]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 72792]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-03-09 17488]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2011-03-27 24944]
R3 mosuport;USB Serial/Parallel Ports;c:\windows\system32\DRIVERS\mosuport.sys [x]
R3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-04-16 39056]
R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [2007-01-24 39704]
R3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\DRIVERS\RTLTEAMING.SYS [2009-10-12 29440]
R3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\DRIVERS\RTLVLAN.SYS [2009-02-16 17536]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011b\RpcAgentSrv.exe [2009-08-10 93848]
S0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
S0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt5x.sys [2008-07-09 22016]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 171096]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1324120]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 72792]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-09-25 56576]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-09-25 138240]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MESSENGER
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 06:03   1104200   ----a-w-   c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-15 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-10-30 15:57]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 06:33]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 06:33]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003Core1cc6f98ed6cb1dc.job
- c:\documents and settings\MIKE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-27 22:31]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-2000478354-839522115-1003UA.job
- c:\documents and settings\MIKE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-27 22:31]
.
2014-07-15 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\Communicator.exe [2013-03-11 11:47]
.
2014-08-20 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 23:05]
.
2014-07-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2014-07-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-27 01:59]
.
2014-07-15 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16 08:09]
.
2014-07-15 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 08:07]
.
2014-07-15 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 08:07]
.
2014-07-15 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 17:45]
.
2014-07-15 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 17:45]
.
2014-07-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 17:45]
.
2014-07-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-2000478354-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 17:45]
.
2014-07-15 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-10-30 15:49]
.
2014-07-15 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-10-30 15:51]
.
2014-07-15 c:\windows\Tasks\User_Feed_Synchronization-{7256C714-F702-4676-8958-FD1AD3CD13D2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: $talisma_url$
Trusted Zone: gigabyte.us\www
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} - hxxp://service.samsungportal.com/EP/web/common/cabfiles/ACUBETrustChecker.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\MIKE\Application Data\Mozilla\Firefox\Profiles\rkflthgg.default-1407273293984\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-31777277.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-19 23:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-2000478354-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\*]
@Allowed: (Read) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-08-19 23:40:30
ComboFix-quarantined-files.txt 2014-08-20 04:40
ComboFix2.txt 2014-08-18 04:36
ComboFix3.txt 2014-08-16 11:42
ComboFix4.txt 2014-08-14 09:03
ComboFix5.txt 2014-08-20 04:13
.
Pre-Run: 865,705,013,248 bytes free
Post-Run: 865,597,927,424 bytes free
.
- - End Of File - - 0E933D70FAD0043CF2C271C6EBA9AF5B
8F558EB6672622401DA993E1E865C861

#42 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 19 August 2014 - 11:59 PM

Hi gdci,

Please rerun TDSSKiller the same way you did before. You can stay connected this time. Post the log when finished.

Are you given the option to reactivate?

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#43 gcdi

Authentic Member

Authentic Member
119 posts

Posted 20 August 2014 - 10:35 PM

Yes, still very slow to do most things and still get the same three errors on start up.

12:53:34.0625 0x049c TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
12:53:38.0140 0x049c ============================================================
12:53:38.0140 0x049c Current date / time: 2014/08/20 12:53:38.0140
12:53:38.0140 0x049c SystemInfo:
12:53:38.0140 0x049c
12:53:38.0140 0x049c OS Version: 5.1.2600 ServicePack: 3.0
12:53:38.0140 0x049c Product type: Workstation
12:53:38.0140 0x049c ComputerName: GCDI
12:53:38.0140 0x049c UserName: MIKE
12:53:38.0140 0x049c Windows directory: C:\WINDOWS
12:53:38.0140 0x049c System windows directory: C:\WINDOWS
12:53:38.0140 0x049c Processor architecture: Intel x86
12:53:38.0140 0x049c Number of processors: 4
12:53:38.0140 0x049c Page size: 0x1000
12:53:38.0140 0x049c Boot type: Normal boot
12:53:38.0140 0x049c ============================================================
12:53:52.0328 0x049c KLMD registered as C:\WINDOWS\system32\drivers\01445074.sys
12:53:55.0703 0x049c System UUID: {10910ED2-1C4C-2CE7-C3B8-0B2CB9F114C3}
12:54:04.0828 0x049c Drive \Device\Harddisk0\DR0 - Size: 0xE8E09ADE00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:54:04.0828 0x049c Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:54:04.0843 0x049c Drive \Device\Harddisk2\DR2 - Size: 0x114FB27E00 ( 69.25 Gb ), SectorSize: 0x200, Cylinders: 0x234F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:54:04.0875 0x049c ============================================================
12:54:04.0875 0x049c \Device\Harddisk0\DR0:
12:54:04.0890 0x049c MBR partitions:
12:54:04.0890 0x049c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x746FDC00
12:54:04.0890 0x049c \Device\Harddisk1\DR1:
12:54:04.0890 0x049c MBR partitions:
12:54:04.0890 0x049c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
12:54:04.0890 0x049c \Device\Harddisk2\DR2:
12:54:04.0890 0x049c MBR partitions:
12:54:04.0890 0x049c \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8A7818F
12:54:04.0890 0x049c ============================================================
12:54:05.0218 0x049c C: <-> \Device\Harddisk0\DR0\Partition1
12:54:05.0437 0x049c E: <-> \Device\Harddisk2\DR2\Partition1
12:54:05.0546 0x049c F: <-> \Device\Harddisk1\DR1\Partition1
12:54:05.0609 0x049c ============================================================
12:54:05.0609 0x049c Initialize success
12:54:05.0609 0x049c ============================================================
12:55:01.0750 0x0c58 ============================================================
12:55:01.0750 0x0c58 Scan started
12:55:01.0750 0x0c58 Mode: Manual; SigCheck; TDLFS;
12:55:01.0750 0x0c58 ============================================================
12:55:01.0750 0x0c58 KSN ping started
12:55:04.0468 0x0c58 KSN ping finished: true
12:55:13.0609 0x0c58 ================ Scan system memory ========================
12:55:13.0609 0x0c58 System memory - ok
12:55:13.0718 0x0c58 ================ Scan services =============================
12:55:15.0515 0x0c58 Abiosdsk - ok
12:55:15.0578 0x0c58 abp480n5 - ok
12:55:15.0921 0x0c58 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:55:27.0875 0x0c58 ACPI - ok
12:55:28.0000 0x0c58 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:55:28.0187 0x0c58 ACPIEC - ok
12:55:28.0203 0x0c58 adpu160m - ok
12:55:28.0406 0x0c58 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:55:28.0578 0x0c58 aec - ok
12:55:28.0703 0x0c58 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:55:28.0921 0x0c58 AFD - ok
12:55:28.0921 0x0c58 Aha154x - ok
12:55:28.0921 0x0c58 aic78u2 - ok
12:55:28.0921 0x0c58 aic78xx - ok
12:55:28.0953 0x0c58 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:55:29.0109 0x0c58 Alerter - ok
12:55:29.0171 0x0c58 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
12:55:29.0218 0x0c58 ALG - ok
12:55:29.0218 0x0c58 AliIde - ok
12:55:30.0546 0x0c58 [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
12:55:33.0640 0x0c58 Ambfilt - ok
12:55:33.0718 0x0c58 [ EFBB0956BAED786E137351B5CA272AEF, 613E34D31C21F5CA9AEDC4BF64B8EE365DA355F914738C4FD638DB3EBE75FBB5 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:55:33.0875 0x0c58 AmdK8 - ok
12:55:33.0953 0x0c58 [ 033448D435E65C4BD72E70521FD05C76, A5462C22D5461F1BA06E81CD7E1ECE5409092DE53A8E4D3E78D089B65CB474D4 ] AmdPPM          C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
12:55:34.0156 0x0c58 AmdPPM - ok
12:55:34.0171 0x0c58 amsint - ok
12:55:34.0562 0x0c58 AODDriver - ok
12:55:34.0765 0x0c58 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
12:55:35.0031 0x0c58 AppMgmt - ok
12:55:35.0140 0x0c58 [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:55:35.0640 0x0c58 Arp1394 - ok
12:55:35.0640 0x0c58 asc - ok
12:55:35.0640 0x0c58 asc3350p - ok
12:55:35.0640 0x0c58 asc3550 - ok
12:55:35.0906 0x0c58 [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:55:36.0015 0x0c58 aspnet_state - ok
12:55:36.0046 0x0c58 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:55:36.0171 0x0c58 AsyncMac - ok
12:55:36.0234 0x0c58 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:55:36.0500 0x0c58 atapi - ok
12:55:36.0515 0x0c58 Atdisk - ok
12:55:36.0609 0x0c58 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:55:36.0906 0x0c58 Atmarpc - ok
12:55:37.0015 0x0c58 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:55:37.0250 0x0c58 AudioSrv - ok
12:55:37.0281 0x0c58 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:55:37.0562 0x0c58 audstub - ok
12:55:37.0718 0x0c58 [ F29D375926E36E3A56AF4805C7749302, 3B28F1C0BA9E1F00EF2BA1B0C0D679EB1FCD0F52DBB308819F002E482FCB282F ] BCUService      C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
12:55:37.0953 0x0c58 BCUService - ok
12:55:38.0015 0x0c58 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:55:38.0406 0x0c58 Beep - ok
12:55:38.0765 0x0c58 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:55:40.0406 0x0c58 BITS - ok
12:55:40.0515 0x0c58 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
12:55:40.0781 0x0c58 Browser - ok
12:55:40.0953 0x0c58 catchme - ok
12:55:41.0000 0x0c58 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:55:41.0281 0x0c58 cbidf2k - ok
12:55:41.0437 0x0c58 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:55:41.0703 0x0c58 CCDECODE - ok
12:55:41.0703 0x0c58 cd20xrnt - ok
12:55:41.0718 0x0c58 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:55:41.0890 0x0c58 Cdaudio - ok
12:55:41.0953 0x0c58 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:55:42.0234 0x0c58 Cdfs - ok
12:55:42.0421 0x0c58 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:55:42.0843 0x0c58 Cdrom - ok
12:55:42.0843 0x0c58 Changer - ok
12:55:42.0890 0x0c58 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:55:43.0140 0x0c58 CiSvc - ok
12:55:43.0234 0x0c58 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:55:43.0484 0x0c58 ClipSrv - ok
12:55:43.0812 0x0c58 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:55:43.0968 0x0c58 clr_optimization_v2.0.50727_32 - ok
12:55:44.0171 0x0c58 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:55:44.0593 0x0c58 clr_optimization_v4.0.30319_32 - ok
12:55:44.0593 0x0c58 CmdIde - ok
12:55:44.0609 0x0c58 COMSysApp - ok
12:55:44.0609 0x0c58 Cpqarray - ok
12:55:44.0703 0x0c58 [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
12:55:44.0843 0x0c58 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
12:55:47.0453 0x0c58 Detect skipped due to KSN trusted
12:55:47.0453 0x0c58 Creative Audio Engine Licensing Service - ok
12:55:47.0546 0x0c58 [ 3C8B6609712F4FF78E521F6DCFC4032B, DFCFD5F2D35DDA25DD91B4D732BDF84D1526AB11084E22523D51ABB2A8608402 ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.EXE
12:55:47.0656 0x0c58 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic ( 1 )
12:55:50.0281 0x0c58 Detect skipped due to KSN trusted
12:55:50.0281 0x0c58 Creative Service for CDROM Access - ok
12:55:50.0500 0x0c58 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:55:50.0734 0x0c58 CryptSvc - ok
12:55:50.0890 0x0c58 [ B9106942EB5DD0E034AB40A9D48D056E, 0BC15F6991E5F5C46AA9715F28A6326F6DAE56C8669CF38179B6C02A43C1C7C1 ] CT20XUT         C:\WINDOWS\system32\drivers\CT20XUT.SYS
12:55:50.0953 0x0c58 CT20XUT - ok
12:55:51.0093 0x0c58 [ B9106942EB5DD0E034AB40A9D48D056E, 0BC15F6991E5F5C46AA9715F28A6326F6DAE56C8669CF38179B6C02A43C1C7C1 ] CT20XUT.SYS     C:\WINDOWS\System32\drivers\CT20XUT.SYS
12:55:51.0140 0x0c58 CT20XUT.SYS - ok
12:55:51.0656 0x0c58 [ F2B1D0A3D21BD0D9F46457CBCEC1A0E9, FECEF831661AA4745166B8076C767A448336C86A4C8F9768EDF12F715DF2A1BE ] ctac32k         C:\WINDOWS\system32\drivers\ctac32k.sys
12:55:51.0890 0x0c58 ctac32k - ok
12:55:52.0312 0x0c58 [ 44F60A5E3C3A8A6BBA4C280948EA6095, 2315BA4ACFBCEC9AC3139872018A3D7FE033A3E1B997C4E38F1AAF9A7F984F44 ] ctaud2k         C:\WINDOWS\system32\drivers\ctaud2k.sys
12:55:52.0687 0x0c58 ctaud2k - ok
12:55:53.0171 0x0c58 [ 07BA6D17E66879018B30B6C3F976EBED, 1759CE25519358A47E1B1FA02A415DB5D3F6B511AD3820D0AE8A1533B5DC83CD ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
12:55:53.0546 0x0c58 CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
12:55:55.0984 0x0c58 Detect skipped due to KSN trusted
12:55:55.0984 0x0c58 CTAudSvcService - ok
12:55:56.0281 0x0c58 [ 8CBE82D6BBF206E144F22CB33FAB1F2C, AE15BAD45E88A77C2A35ECD8D5D13A0C3994171FB39CAC18B4B65A618521E4AF ] ctdvda2k        C:\WINDOWS\system32\drivers\ctdvda2k.sys
12:55:56.0984 0x0c58 ctdvda2k - ok
12:55:58.0187 0x0c58 [ 4AE083D16AC9FC9BDF98498F93426226, F958A326B6FEAD5632F4D79492B079376989733DC8174B0779E1F9B7B24E661B ] CTEXFIFX        C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
12:55:59.0984 0x0c58 CTEXFIFX - ok
12:56:01.0218 0x0c58 [ 4AE083D16AC9FC9BDF98498F93426226, F958A326B6FEAD5632F4D79492B079376989733DC8174B0779E1F9B7B24E661B ] CTEXFIFX.SYS    C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
12:56:03.0531 0x0c58 CTEXFIFX.SYS - ok
12:56:03.0640 0x0c58 [ B610BFE02F9FC0CB0B1CDE3EC4C13FFA, 7CF7182781092495479305C17DE512C35F30E7F247DE9640F33C4DEC586B085A ] CTHWIUT         C:\WINDOWS\system32\drivers\CTHWIUT.SYS
12:56:03.0671 0x0c58 CTHWIUT - ok
12:56:03.0796 0x0c58 [ B610BFE02F9FC0CB0B1CDE3EC4C13FFA, 7CF7182781092495479305C17DE512C35F30E7F247DE9640F33C4DEC586B085A ] CTHWIUT.SYS     C:\WINDOWS\System32\drivers\CTHWIUT.SYS
12:56:03.0859 0x0c58 CTHWIUT.SYS - ok
12:56:03.0906 0x0c58 [ F0F19A13C948E5289601E354B08E0941, B2E00B03BA2B7373F2BFF7B833BFC0915A4E4A25F0918A973C6694A43ACD803F ] ctprxy2k        C:\WINDOWS\system32\drivers\ctprxy2k.sys
12:56:03.0953 0x0c58 ctprxy2k - ok
12:56:04.0640 0x0c58 [ C7B2C36A6203A5F3D0A378FD78C5DDD6, A8FCFF516A336E7E59DC817B3E495D055F80F6C51DA414E919223248CC16FB6D ] ctsfm2k         C:\WINDOWS\system32\drivers\ctsfm2k.sys
12:56:04.0781 0x0c58 ctsfm2k - ok
12:56:04.0781 0x0c58 dac2w2k - ok
12:56:04.0781 0x0c58 dac960nt - ok
12:56:05.0187 0x0c58 [ A2D92AFDEAB247E6A76C6900DCBF157D, A67A9BEE842FB4FD5351AC3866EC0F1E443D08BE47F7F4200F9E9E58B50D113F ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:56:05.0640 0x0c58 DcomLaunch - detected Trojan.Win32.Patched.pj ( 0 )
12:56:08.0343 0x0c58 DcomLaunch ( Trojan.Win32.Patched.pj ) - infected
12:56:08.0359 0x0c58 Force sending object to P2P due to detect: DcomLaunch
12:56:11.0968 0x0c58 Object send P2P result: true
12:56:14.0937 0x0c58 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:56:15.0468 0x0c58 Dhcp - ok
12:56:15.0625 0x0c58 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:56:16.0875 0x0c58 Disk - ok
12:56:16.0890 0x0c58 dmadmin - ok
12:56:17.0828 0x0c58 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:56:20.0468 0x0c58 dmboot - ok
12:56:20.0765 0x0c58 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:56:21.0437 0x0c58 dmio - ok
12:56:21.0500 0x0c58 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:56:21.0921 0x0c58 dmload - ok
12:56:22.0187 0x0c58 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:56:22.0468 0x0c58 dmserver - ok
12:56:22.0531 0x0c58 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:56:23.0234 0x0c58 DMusic - ok
12:56:23.0609 0x0c58 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:56:24.0593 0x0c58 Dnscache - ok
12:56:25.0265 0x0c58 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:56:26.0515 0x0c58 Dot3svc - ok
12:56:26.0531 0x0c58 dpti2o - ok
12:56:26.0562 0x0c58 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:56:26.0781 0x0c58 drmkaud - ok
12:56:26.0812 0x0c58 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:56:27.0750 0x0c58 EapHost - ok
12:56:28.0046 0x0c58 [ FB2D6D4D14AE801F5267B0368FC0CB0C, 579804BFF211E14CA5BFAD99675ADB53E8A6228363C3D3C60D356F426A666F7B ] emupia          C:\WINDOWS\system32\drivers\emupia2k.sys
12:56:28.0078 0x0c58 emupia - ok
12:56:28.0234 0x0c58 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:56:28.0562 0x0c58 ERSvc - ok
12:56:28.0781 0x0c58 [ B8FA96995726D1FA58476E352C02AD82, 6BBD49B16A19CC3C3337707EFBEB6BC355CB077CBBBC99D8985A3FBB6E871A89 ] ES lite Service C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
12:56:28.0875 0x0c58 ES lite Service - ok
12:56:28.0921 0x0c58 [ 57AF1036880449056DD8ADAC9F2D1FE1, 0D0257B58FD9F77CC83788FF303299503504ED6CE1AA70CCC41982FD87623176 ] ET5Drv          C:\WINDOWS\system32\Drivers\ET5Drv.sys
12:56:28.0953 0x0c58 ET5Drv - ok
12:56:29.0015 0x0c58 [ 3AF0AE042AFE486B22644CD3FBEBF2E2, 755A18C1507D0C3F3BF1B0CFAB96BB7D1C3D9D6F862F94B3069D00FC6B92A8AA ] etdrv           C:\WINDOWS\etdrv.sys
12:56:36.0718 0x0c58 etdrv - ok
12:56:37.0062 0x0c58 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
12:56:37.0234 0x0c58 Eventlog - ok
12:56:37.0546 0x0c58 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
12:56:38.0640 0x0c58 EventSystem - ok
12:56:38.0859 0x0c58 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:56:39.0812 0x0c58 Fastfat - ok
12:56:39.0937 0x0c58 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:56:40.0625 0x0c58 FastUserSwitchingCompatibility - ok
12:56:40.0750 0x0c58 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
12:56:41.0375 0x0c58 Fdc - ok
12:56:41.0640 0x0c58 [ 95BC4D8493FE30312F5E1AB57EF36083, 96664371FC18B71A37112DF510CB7E0CF31BBA2AE6CCF7AA893713F133DA6D79 ] FETNDISB        C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys
12:56:41.0781 0x0c58 FETNDISB - ok
12:56:41.0828 0x0c58 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:56:42.0187 0x0c58 Fips - ok
12:56:42.0468 0x0c58 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:56:43.0296 0x0c58 Flpydisk - ok
12:56:43.0671 0x0c58 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
12:56:44.0812 0x0c58 FltMgr - ok
12:56:45.0015 0x0c58 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:56:45.0062 0x0c58 FontCache3.0.0.0 - ok
12:56:45.0093 0x0c58 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:56:45.0796 0x0c58 Fs_Rec - ok
12:56:46.0718 0x0c58 [ B7AA8283EC551D3A3B924E520E0621A7, 648D93BCBEC0CE98D4F7E899F276A72F107A87C4215E07399961511DA3C39FDE ] FTDIBUS         C:\WINDOWS\system32\drivers\ftdibus.sys
12:56:46.0796 0x0c58 FTDIBUS - ok
12:56:46.0890 0x0c58 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:56:47.0437 0x0c58 Ftdisk - ok
12:56:47.0484 0x0c58 [ 065639773D8B03F33577F6CDAEA21063, F20D0F3256F5F894CCA48755B23679619B5D02A0F64A142FC6CB619FC0952067 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
12:56:48.0015 0x0c58 gameenum - ok
12:56:48.0046 0x0c58 [ D556CB79967E92B5CC69686D16C1D846, F4FF679066269392F6B7C3BA6257FC60DD609E4F9C491B00E1A16E4C405B0B9B ] gdrv            C:\WINDOWS\gdrv.sys
12:56:48.0187 0x0c58 gdrv - ok
12:56:48.0359 0x0c58 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:56:48.0703 0x0c58 Gpc - ok
12:56:48.0859 0x0c58 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:56:49.0156 0x0c58 gupdate - ok
12:56:49.0265 0x0c58 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:56:49.0281 0x0c58 gupdatem - ok
12:56:49.0406 0x0c58 [ 689A8EEF2A2D62B28A0A578A6196531C, 76732A6D009D498D3D8AE687D8E0FB472C9A660494C86AD6242CA606AE76671F ] GVTDrv          C:\WINDOWS\system32\Drivers\GVTDrv.sys
12:56:49.0500 0x0c58 GVTDrv - ok
12:56:50.0687 0x0c58 [ 7FF1CED1201C169A783B0E81CC561FBA, E0E501A1365E3F3669A3E5DD6A4963EF6D668B8A4E9F31758A597A2ACF136496 ] ha20x2k         C:\WINDOWS\system32\drivers\ha20x2k.sys
12:56:51.0781 0x0c58 ha20x2k - ok
12:56:52.0187 0x0c58 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:56:52.0703 0x0c58 HDAudBus - ok
12:56:52.0906 0x0c58 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:56:53.0671 0x0c58 helpsvc - ok
12:56:53.0750 0x0c58 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:56:54.0312 0x0c58 HidServ - ok
12:56:54.0515 0x0c58 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:56:55.0234 0x0c58 hidusb - ok
12:56:55.0296 0x0c58 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:56:56.0250 0x0c58 hkmsvc - ok
12:56:56.0250 0x0c58 hpn - ok
12:56:56.0453 0x0c58 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:56:57.0953 0x0c58 HPZid412 - ok
12:56:58.0000 0x0c58 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:56:58.0468 0x0c58 HPZipr12 - ok
12:56:58.0562 0x0c58 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:56:58.0687 0x0c58 HPZius12 - ok
12:56:59.0906 0x0c58 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:57:00.0140 0x0c58 HTTP - ok
12:57:00.0203 0x0c58 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:57:00.0671 0x0c58 HTTPFilter - ok
12:57:00.0671 0x0c58 i2omgmt - ok
12:57:00.0718 0x0c58 i2omp - ok
12:57:00.0937 0x0c58 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:57:01.0828 0x0c58 i8042prt - ok
12:57:01.0953 0x0c58 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:57:02.0062 0x0c58 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
12:57:04.0687 0x0c58 Detect skipped due to KSN trusted
12:57:04.0687 0x0c58 IDriverT - ok
12:57:05.0546 0x0c58 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:57:07.0265 0x0c58 idsvc - ok
12:57:07.0343 0x0c58 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:57:08.0250 0x0c58 Imapi - ok
12:57:08.0500 0x0c58 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:57:09.0062 0x0c58 ImapiService - ok
12:57:09.0187 0x0c58 ini910u - ok
12:57:17.0359 0x0c58 [ 3D3F703B44A26D9C676EC3E2A03BA811, 245611B24148DAA4C36045D80B6C2EF7618E0EC984CE6715AB70754355160040 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:57:25.0734 0x0c58 IntcAzAudAddService - ok
12:57:25.0765 0x0c58 IntelIde - ok
12:57:26.0156 0x0c58 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
12:57:26.0359 0x0c58 Ip6Fw - ok
12:57:26.0562 0x0c58 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:57:27.0171 0x0c58 IpFilterDriver - ok
12:57:27.0234 0x0c58 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:57:27.0890 0x0c58 IpInIp - ok
12:57:28.0265 0x0c58 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:57:29.0687 0x0c58 IpNat - ok
12:57:29.0796 0x0c58 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:57:30.0750 0x0c58 IPSec - ok
12:57:30.0843 0x0c58 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:57:30.0984 0x0c58 IRENUM - ok
12:57:31.0046 0x0c58 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:57:31.0421 0x0c58 isapnp - ok
12:57:32.0000 0x0c58 [ 77430E8234A0050ECCC5E2F5B30A7BEF, 3D05B97C01B1B7E0700369DEB15C8B5A083309518B6FDBADE6924637DEC4ABFF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:57:32.0640 0x0c58 JavaQuickStarterService - ok
12:57:32.0734 0x0c58 [ FE372FDE0AFC9F724ED9393A33AC9AA7, A4A27F0155FBD8FF2A7930BCA7990231EBC3DB324D2F319540FD4EE97BB5657D ] JRAID           C:\WINDOWS\system32\DRIVERS\jraid.sys
12:57:32.0875 0x0c58 JRAID - ok
12:57:33.0000 0x0c58 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:57:33.0218 0x0c58 Kbdclass - ok
12:57:33.0250 0x0c58 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:57:33.0375 0x0c58 kbdhid - ok
12:57:33.0390 0x0c58 kgcidxyp - ok
12:57:33.0609 0x0c58 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:57:33.0937 0x0c58 kmixer - ok
12:57:34.0062 0x0c58 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:57:34.0234 0x0c58 KSecDD - ok
12:57:34.0296 0x0c58 [ 702E5FFD2DD24B4B00F798953320FC20, 393CE489359526FE3F9583915F637CDE7AC920C9DC73C93E9B0AC8B87A764EE8 ] L8042Kbd        C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
12:57:34.0406 0x0c58 L8042Kbd - ok
12:57:34.0593 0x0c58 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
12:57:34.0718 0x0c58 LanmanServer - ok
12:57:34.0828 0x0c58 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:57:34.0984 0x0c58 lanmanworkstation - ok
12:57:34.0984 0x0c58 lbrtfdc - ok
12:57:35.0062 0x0c58 [ DAF45F0A91A508E24F0DF886618E2A80, EFDF4582CF64871D726BE82C83E2D2BDD335CE517BDE3142B33E6DD531F40490 ] LHidKE          C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
12:57:35.0265 0x0c58 LHidKE - ok
12:57:35.0359 0x0c58 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:57:35.0671 0x0c58 LmHosts - ok
12:57:35.0718 0x0c58 [ 695CAD01CCDAC6F8DDB80375EA80E4A6, A7C2A54D0A15D68D004439238D9DB023A52BEA8887543B9C87BDFDCBDA13CA6D ] LMouKE          C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
12:57:35.0781 0x0c58 LMouKE - ok
12:57:35.0843 0x0c58 [ 34CA6D7580AEF0FA2CB58ADBBE542F29, 0BFA9A3023ECEB2E368121FB1F61123503267C521DE8500AEDE6A26D8BFF1E92 ] MarkFun_NT      C:\Program Files\Gigabyte\ET5\markfun.w32
12:57:35.0843 0x0c58 MarkFun_NT - ok
12:57:35.0890 0x0c58 [ D7010580BF4E45D5E793A1FE75758C69, 318D54D8EEFF37B0E5F279EB9A82701B59EF2B845B6079C18C3D4ED586E96FB3 ] MDC8021X        C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
12:57:35.0906 0x0c58 MDC8021X - detected UnsignedFile.Multi.Generic ( 1 )
12:57:38.0515 0x0c58 Detect skipped due to KSN trusted
12:57:38.0515 0x0c58 MDC8021X - ok
12:57:38.0781 0x0c58 [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:57:39.0031 0x0c58 MDM - ok
12:57:39.0078 0x0c58 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:57:39.0296 0x0c58 Messenger - ok
12:57:39.0343 0x0c58 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:57:39.0562 0x0c58 mnmdd - ok
12:57:39.0625 0x0c58 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:57:39.0812 0x0c58 mnmsrvc - ok
12:57:39.0875 0x0c58 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:57:40.0078 0x0c58 Modem - ok
12:57:41.0078 0x0c58 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
12:57:43.0671 0x0c58 Monfilt - ok
12:57:43.0671 0x0c58 mosuport - ok
12:57:43.0687 0x0c58 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:57:43.0812 0x0c58 Mouclass - ok
12:57:43.0828 0x0c58 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:57:43.0953 0x0c58 mouhid - ok
12:57:43.0984 0x0c58 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:57:44.0140 0x0c58 MountMgr - ok
12:57:44.0250 0x0c58 [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:57:44.0328 0x0c58 MozillaMaintenance - ok
12:57:44.0546 0x0c58 [ 24406D75B40F0F6B3C1AC7031D734565, B58AA80E9C3738CFD826D7C8129D5467166A4397CCFEEEF7F14542DEBB659A51 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:57:44.0687 0x0c58 MpFilter - ok
12:57:44.0687 0x0c58 mraid35x - ok
12:57:44.0750 0x0c58 [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
12:57:44.0812 0x0c58 MREMP50 - detected UnsignedFile.Multi.Generic ( 1 )
12:57:47.0562 0x0c58 Detect skipped due to KSN trusted
12:57:47.0562 0x0c58 MREMP50 - ok
12:57:47.0578 0x0c58 MREMP50a64 - ok
12:57:47.0734 0x0c58 MREMPR5 - ok
12:57:47.0765 0x0c58 MRENDIS5 - ok
12:57:47.0812 0x0c58 [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
12:57:47.0843 0x0c58 MRESP50 - detected UnsignedFile.Multi.Generic ( 1 )
12:57:50.0593 0x0c58 Detect skipped due to KSN trusted
12:57:50.0593 0x0c58 MRESP50 - ok
12:57:50.0593 0x0c58 MRESP50a64 - ok
12:57:50.0718 0x0c58 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:57:50.0968 0x0c58 MRxDAV - ok
12:57:51.0375 0x0c58 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:57:52.0218 0x0c58 MRxSmb - ok
12:57:52.0265 0x0c58 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:57:52.0453 0x0c58 MSDTC - ok
12:57:52.0562 0x0c58 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:57:52.0750 0x0c58 Msfs - ok
12:57:52.0750 0x0c58 MSIServer - ok
12:57:52.0765 0x0c58 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:57:52.0859 0x0c58 MSKSSRV - ok
12:57:52.0953 0x0c58 [ 37F77AEBFF23A99D1BFB4F34CD2D07F2, 302B5791166A5051939E7CF747ED0AF299FF97D4493E4E7ADC4815C9408027D4 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:57:52.0984 0x0c58 MsMpSvc - ok
12:57:53.0015 0x0c58 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:57:53.0296 0x0c58 MSPCLOCK - ok
12:57:53.0312 0x0c58 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:57:53.0421 0x0c58 MSPQM - ok
12:57:53.0437 0x0c58 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:57:53.0625 0x0c58 mssmbios - ok
12:57:53.0656 0x0c58 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
12:57:53.0750 0x0c58 MSTEE - ok
12:57:53.0781 0x0c58 [ CA3E22598F411199ADC2DFEE76CD0AE0, 73ACE780A198467657CD2AF6019F0FC753B4FC6D26A9D6477C88C5396273F77C ] ms_mpu401       C:\WINDOWS\system32\drivers\msmpu401.sys
12:57:53.0875 0x0c58 ms_mpu401 - ok
12:57:53.0953 0x0c58 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:57:54.0015 0x0c58 Mup - ok
12:57:54.0109 0x0c58 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:57:54.0390 0x0c58 NABTSFEC - ok
12:57:54.0875 0x0c58 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:57:55.0171 0x0c58 napagent - ok
12:57:55.0296 0x0c58 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:57:55.0640 0x0c58 NDIS - ok
12:57:55.0687 0x0c58 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:57:55.0828 0x0c58 NdisIP - ok
12:57:55.0859 0x0c58 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:57:55.0906 0x0c58 NdisTapi - ok
12:57:55.0937 0x0c58 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:57:56.0031 0x0c58 Ndisuio - ok
12:57:56.0125 0x0c58 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:57:56.0406 0x0c58 NdisWan - ok
12:57:56.0453 0x0c58 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:57:56.0578 0x0c58 NDProxy - ok
12:57:56.0609 0x0c58 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:57:56.0718 0x0c58 NetBIOS - ok
12:57:56.0828 0x0c58 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:57:57.0031 0x0c58 NetBT - ok
12:57:57.0265 0x0c58 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:57:57.0609 0x0c58 NetDDE - ok
12:57:57.0671 0x0c58 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:57:57.0750 0x0c58 NetDDEdsdm - ok
12:57:57.0796 0x0c58 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:57:57.0875 0x0c58 Netlogon - ok
12:57:58.0031 0x0c58 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
12:57:58.0453 0x0c58 Netman - ok
12:57:58.0609 0x0c58 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:57:58.0734 0x0c58 NetTcpPortSharing - ok
12:57:58.0796 0x0c58 [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:57:58.0921 0x0c58 NIC1394 - ok
12:57:59.0140 0x0c58 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:57:59.0406 0x0c58 Nla - ok
12:57:59.0437 0x0c58 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:57:59.0640 0x0c58 Npfs - ok
12:57:59.0968 0x0c58 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:58:00.0859 0x0c58 Ntfs - ok
12:58:00.0875 0x0c58 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:58:01.0031 0x0c58 NtLmSsp - ok
12:58:01.0421 0x0c58 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:58:02.0015 0x0c58 NtmsSvc - ok
12:58:02.0031 0x0c58 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:58:02.0265 0x0c58 Null - ok
12:58:02.0375 0x0c58 [ CCE7C2B70D68A5314CBFDF91E84B248D, B9015C546D38100DA908ECCF0839C16B44D6EFE620A4E6CDB9B8E30091881754 ] nusb3hub        C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
12:58:02.0453 0x0c58 nusb3hub - ok
12:58:02.0625 0x0c58 [ 5A3EFB79D50726FF98D7B5D8CFF9634B, 385A568383322BE9AC64250E553837012640FE5AF7F6B2B32A7FA0B87BB27979 ] nusb3xhc        C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
12:58:02.0718 0x0c58 nusb3xhc - ok
12:58:11.0703 0x0c58 [ A613A14FB4D9117F42A3A280F64E9EC4, EF3EBFA4745DDB60B5A53777504E9BFF647A26665ECA94855A2E73C6B83A1933 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:58:21.0437 0x0c58 nv - ok
12:58:21.0765 0x0c58 [ EDDE04805AC865AC8465388DC4A4CCC7, 4E4CEC4E3DAA5122BEE6656748E4D30F37C03E8E909B42E65EDA6141F949A012 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda32.sys
12:58:21.0859 0x0c58 NVHDA - ok
12:58:22.0000 0x0c58 [ F1AE0BC50661BE09E7BC5919F4C05505, F93855320C937C983006FFC5E7D9F0091A64C8697750FEA34454F02E2C6868F1 ] nvsvc           C:\WINDOWS\system32\nvsvc32.exe
12:58:22.0296 0x0c58 nvsvc - ok
12:58:24.0140 0x0c58 [ A9AFE5B0648C8D7A411A72D8222F7F6E, A58AF8C615D97C769DA778D56F7E6999AAEB577C82C65455D3B2A8ED5B742777 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:58:27.0109 0x0c58 nvUpdatusService - ok
12:58:27.0250 0x0c58 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:58:28.0015 0x0c58 NwlnkFlt - ok
12:58:28.0203 0x0c58 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:58:28.0906 0x0c58 NwlnkFwd - ok
12:58:28.0968 0x0c58 [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:58:29.0625 0x0c58 ohci1394 - ok
12:58:29.0750 0x0c58 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:58:29.0937 0x0c58 ose - ok
12:58:30.0109 0x0c58 [ AC5BF1A610EFFAAE9CFC48CB53483F08, 85CB5D7E359F3E6F05C78D487CE6247FE45116BBFEAE19BCF83072C946BDB98D ] ossrv           C:\WINDOWS\system32\drivers\ctoss2k.sys
12:58:30.0156 0x0c58 ossrv - ok
12:58:30.0250 0x0c58 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
12:58:30.0656 0x0c58 Parport - ok
12:58:30.0765 0x0c58 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:58:31.0187 0x0c58 PartMgr - ok
12:58:31.0312 0x0c58 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:58:31.0984 0x0c58 ParVdm - ok
12:58:32.0062 0x0c58 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:58:32.0453 0x0c58 PCI - ok
12:58:32.0625 0x0c58 PCIDump - ok
12:58:32.0687 0x0c58 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:58:33.0140 0x0c58 PCIIde - ok
12:58:33.0328 0x0c58 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:58:33.0953 0x0c58 Pcmcia - ok
12:58:33.0953 0x0c58 PDCOMP - ok
12:58:33.0968 0x0c58 PDFRAME - ok
12:58:33.0968 0x0c58 PDRELI - ok
12:58:33.0984 0x0c58 PDRFRAME - ok
12:58:34.0156 0x0c58 [ F7BA50EE70940BB00D1F20C8EF2013D6, D72665CE5FE5D152627653236C976046B997121EDF13DC1AAF5C942F5F19821D ] pe3ah4nc        C:\WINDOWS\system32\drivers\pe3ah4nc.sys
12:58:34.0296 0x0c58 pe3ah4nc - ok
12:58:34.0312 0x0c58 perc2 - ok
12:58:34.0343 0x0c58 perc2hib - ok
12:58:34.0640 0x0c58 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:58:34.0781 0x0c58 PlugPlay - ok
12:58:34.0937 0x0c58 [ 2D091A99624FB9E7EEF0A86D872EC0C3, 465C0772E23F7959EC71DCCFA3304E2E46FD31548AE37D7BA3DAAA59E6B561FD ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
12:58:35.0078 0x0c58 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
12:58:37.0546 0x0c58 Detect skipped due to KSN trusted
12:58:37.0593 0x0c58 Pml Driver HPZ12 - ok
12:58:38.0343 0x0c58 [ 831883B107684301F48ACE752C963984, EAF383C4ACC17DBB060BB8398225222175E028E1E332E2CE0548C97DAED3620E ] PnkBstrA        C:\WINDOWS\system32\PnkBstrA.exe
12:58:38.0609 0x0c58 PnkBstrA - ok
12:58:39.0062 0x0c58 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:58:39.0187 0x0c58 PolicyAgent - ok
12:58:39.0234 0x0c58 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:58:39.0343 0x0c58 PptpMiniport - ok
12:58:39.0343 0x0c58 pr2ah4nc - ok
12:58:39.0390 0x0c58 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
12:58:39.0921 0x0c58 Processor - ok
12:58:43.0375 0x0c58 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:58:44.0062 0x0c58 ProtectedStorage - ok
12:58:48.0968 0x0c58 [ 0A84DC4A8A18F743FCEEF41DDF563C4A, 2AEE6C4AD0B488455E13E24E7CFC3F5CC4F825084BB59E6D478EB313ED01F40A ] ps6ah4nc        C:\WINDOWS\system32\drivers\ps6ah4nc.sys
12:58:49.0109 0x0c58 ps6ah4nc - ok
12:58:50.0109 0x0c58 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:58:50.0453 0x0c58 PSched - ok
12:58:50.0515 0x0c58 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:58:50.0921 0x0c58 Ptilink - ok
12:58:50.0921 0x0c58 ql1080 - ok
12:58:50.0921 0x0c58 Ql10wnt - ok
12:58:50.0921 0x0c58 ql12160 - ok
12:58:50.0921 0x0c58 ql1240 - ok
12:58:50.0921 0x0c58 ql1280 - ok
12:58:51.0031 0x0c58 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:58:51.0437 0x0c58 RasAcd - ok
12:58:51.0546 0x0c58 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:58:52.0187 0x0c58 RasAuto - ok
12:58:52.0250 0x0c58 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:58:52.0390 0x0c58 Rasl2tp - ok
12:58:52.0531 0x0c58 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:58:52.0875 0x0c58 RasMan - ok
12:58:52.0890 0x0c58 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:58:53.0000 0x0c58 RasPppoe - ok
12:58:53.0046 0x0c58 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:58:53.0156 0x0c58 Raspti - ok
12:58:53.0281 0x0c58 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:58:53.0609 0x0c58 Rdbss - ok
12:58:53.0640 0x0c58 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:58:53.0718 0x0c58 RDPCDD - ok
12:58:53.0828 0x0c58 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:58:54.0031 0x0c58 rdpdr - ok
12:58:54.0140 0x0c58 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:58:54.0265 0x0c58 RDPWD - ok
12:58:54.0375 0x0c58 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:58:54.0750 0x0c58 RDSessMgr - ok
12:58:54.0828 0x0c58 [ B2D01290C0E0465ACA54C2088E947823, 6FB6E6CFAF3F2F948B753A0CFF6F9058BF3ED0E421204EE58848F0DFD694A747 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
12:58:54.0875 0x0c58 RealNetworks Downloader Resolver Service - ok
12:58:54.0921 0x0c58 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:58:55.0031 0x0c58 redbook - ok
12:58:55.0093 0x0c58 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:58:55.0203 0x0c58 RemoteAccess - ok
12:58:55.0250 0x0c58 [ 7553D60B85AC53BD4486C418A0FBFCDF, DF5B602BF2B4E8BEA788478097F6F425778F391F9B9C1EF0B2F1C28A17D9C998 ] RemoteControl-USBLAN C:\WINDOWS\system32\DRIVERS\rcblan.sys
12:58:55.0281 0x0c58 RemoteControl-USBLAN - ok
12:58:55.0328 0x0c58 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:58:55.0515 0x0c58 RemoteRegistry - ok
12:58:55.0531 0x0c58 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
12:58:55.0781 0x0c58 ROOTMODEM - ok
12:58:55.0828 0x0c58 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:58:55.0953 0x0c58 RpcLocator - ok
12:58:56.0187 0x0c58 [ A2D92AFDEAB247E6A76C6900DCBF157D, A67A9BEE842FB4FD5351AC3866EC0F1E443D08BE47F7F4200F9E9E58B50D113F ] RpcSs           C:\WINDOWS\System32\rpcss.dll
12:58:56.0203 0x0c58 RpcSs - detected Trojan.Win32.Patched.pj ( 0 )
12:58:56.0203 0x0c58 RpcSs ( Trojan.Win32.Patched.pj ) - infected
12:58:56.0203 0x0c58 Force sending object to P2P due to detect: RpcSs
12:58:59.0109 0x0c58 Object send P2P result: true
12:59:02.0312 0x0c58 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:59:02.0640 0x0c58 RSVP - ok
12:59:02.0750 0x0c58 [ CB9310A5A910648D359C99A857E22A54, 7E24EF1577FC6AEE5B6102DB4126F8EC5B5A1F1D9C46E5B09203B30F3F979C9E ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:59:02.0953 0x0c58 RTLE8023xp - ok
12:59:03.0000 0x0c58 [ 376218D4209B1E749953F9EDEF0CEF2E, 68148C7539D7FC1642E1DBDF6E196B6E9BFD63E362F617218C6AE31EA3BE72BD ] RTLTEAMING      C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS
12:59:03.0046 0x0c58 RTLTEAMING - detected UnsignedFile.Multi.Generic ( 1 )
12:59:05.0484 0x0c58 Detect skipped due to KSN trusted
12:59:05.0484 0x0c58 RTLTEAMING - ok
12:59:05.0531 0x0c58 [ 6EC43DC18746BB9B6DDEC4C99B15B6FC, 92AC8D03345774D55743F443EFBA0479EBFB995BFDBBBD06B630DAB5EF065D05 ] RTLVLAN         C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
12:59:05.0546 0x0c58 RTLVLAN - detected UnsignedFile.Multi.Generic ( 1 )
12:59:08.0218 0x0c58 Detect skipped due to KSN trusted
12:59:08.0218 0x0c58 RTLVLAN - ok
12:59:08.0265 0x0c58 [ 5FFD2AAF467B80FAB34929AFB7702060, FCBC04F23D522E959DE388AF2261EEDF28870E7ECA391E4940F14BFBC78AC0EF ] RtNdPt5x        C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys
12:59:08.0343 0x0c58 RtNdPt5x - ok
12:59:08.0375 0x0c58 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:59:08.0656 0x0c58 SamSs - ok
12:59:08.0750 0x0c58 [ 230FD3749904CA045EA5EC0AA14006E9, D7C79238F862B471740AFF4CC3982658D1339795E9EC884A8921EFE2E547D7C3 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x86\Sandra.sys
12:59:08.0796 0x0c58 SANDRA - ok
12:59:08.0875 0x0c58 [ A740F0412A3C994FB3BC1871B79E46CF, E831017CCBF6FAC3120691F6B27C4FEB228CB6A0AA763B15BAD142CC8D462FF9 ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\RpcAgentSrv.exe
12:59:08.0968 0x0c58 SandraAgentSrv - detected UnsignedFile.Multi.Generic ( 1 )
12:59:11.0593 0x0c58 Detect skipped due to KSN trusted
12:59:11.0609 0x0c58 SandraAgentSrv - ok
12:59:11.0765 0x0c58 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:59:12.0890 0x0c58 SCardSvr - ok
12:59:13.0015 0x0c58 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:59:13.0296 0x0c58 Schedule - ok
12:59:15.0890 0x0c58 [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
12:59:18.0281 0x0c58 SDScannerService - ok
12:59:19.0000 0x0c58 [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
12:59:19.0484 0x0c58 SDUpdateService - ok
12:59:19.0703 0x0c58 [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
12:59:19.0828 0x0c58 SDWSCService - ok
12:59:19.0875 0x0c58 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:59:19.0968 0x0c58 Secdrv - ok
12:59:20.0000 0x0c58 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:59:20.0203 0x0c58 seclogon - ok
12:59:20.0234 0x0c58 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
12:59:20.0328 0x0c58 SENS - ok
12:59:20.0375 0x0c58 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
12:59:20.0500 0x0c58 serenum - ok
12:59:20.0656 0x0c58 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:59:20.0875 0x0c58 Serial - ok
12:59:20.0953 0x0c58 [ 4C0D673281178CB496011A2E28571FC8, 14CFB50F3EA987C4485475B2E5EC85C137949911495245F29FE64723C909C9E8 ] sfdrv01         C:\WINDOWS\system32\drivers\sfdrv01.sys
12:59:20.0984 0x0c58 sfdrv01 - detected UnsignedFile.Multi.Generic ( 1 )
12:59:23.0421 0x0c58 Detect skipped due to KSN trusted
12:59:23.0421 0x0c58 sfdrv01 - ok
12:59:23.0453 0x0c58 [ 15BE2B5E4DC5B8623CF167720682ABC9, FAECDC0DCB6EACE8130B278E2FB84B9523AB10329A00B24043B9C76867B917F0 ] sfhlp02         C:\WINDOWS\system32\drivers\sfhlp02.sys
12:59:23.0453 0x0c58 sfhlp02 - detected UnsignedFile.Multi.Generic ( 1 )
12:59:26.0046 0x0c58 Detect skipped due to KSN trusted
12:59:26.0046 0x0c58 sfhlp02 - ok
12:59:26.0078 0x0c58 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:59:26.0281 0x0c58 Sfloppy - ok
12:59:26.0312 0x0c58 [ EFEBBC1D13FDB77A6AF4EDDFC7232EDF, 32888536C6E632DF78EC09A4CFB990B08ED75DB049DDF2612F548CC8FEB8D503 ] sfsync02        C:\WINDOWS\system32\drivers\sfsync02.sys
12:59:26.0328 0x0c58 sfsync02 - detected UnsignedFile.Multi.Generic ( 1 )
12:59:28.0828 0x0c58 Detect skipped due to KSN trusted
12:59:28.0828 0x0c58 sfsync02 - ok
12:59:28.0875 0x0c58 [ 9EF50060CC7E6953BAB83F2A42CCC421, DBE1FE12A50E08399275595196D96BAD21E0202BB4C6B276A38A8DA49F2D21A8 ] sfvfs02         C:\WINDOWS\system32\drivers\sfvfs02.sys
12:59:28.0937 0x0c58 sfvfs02 - detected UnsignedFile.Multi.Generic ( 1 )
12:59:31.0375 0x0c58 Detect skipped due to KSN trusted
12:59:31.0375 0x0c58 sfvfs02 - ok
12:59:31.0687 0x0c58 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:59:32.0109 0x0c58 SharedAccess - ok
12:59:32.0203 0x0c58 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:59:32.0234 0x0c58 ShellHWDetection - ok
12:59:32.0250 0x0c58 Simbad - ok
12:59:32.0281 0x0c58 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:59:32.0484 0x0c58 SLIP - ok
12:59:40.0203 0x0c58 [ 11FEB56E945687BD356CADB4F62DA199, FC1CAB2925765C985FC9ADF9E4C26C12C27AB32CEA42DC2A7FA200437BA1DF98 ] SNP2STD         C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
12:59:54.0968 0x0c58 SNP2STD - ok
12:59:55.0031 0x0c58 [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:59:55.0234 0x0c58 SONYPVU1 - ok
12:59:55.0250 0x0c58 Sparrow - ok
12:59:55.0281 0x0c58 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:59:55.0359 0x0c58 splitter - ok
12:59:55.0421 0x0c58 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:59:55.0515 0x0c58 Spooler - ok
12:59:55.0656 0x0c58 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:59:55.0750 0x0c58 sr - ok
12:59:55.0859 0x0c58 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:59:55.0984 0x0c58 srservice - ok
12:59:56.0203 0x0c58 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:59:56.0546 0x0c58 Srv - ok
12:59:56.0687 0x0c58 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:59:56.0765 0x0c58 SSDPSRV - ok
12:59:56.0984 0x0c58 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:59:57.0515 0x0c58 stisvc - ok
12:59:57.0531 0x0c58 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:59:57.0734 0x0c58 streamip - ok
12:59:57.0765 0x0c58 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:59:57.0875 0x0c58 swenum - ok
12:59:57.0921 0x0c58 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:59:58.0046 0x0c58 swmidi - ok
12:59:58.0046 0x0c58 SwPrv - ok
12:59:58.0046 0x0c58 symc810 - ok
12:59:58.0062 0x0c58 symc8xx - ok
12:59:58.0062 0x0c58 sym_hi - ok
12:59:58.0062 0x0c58 sym_u3 - ok
12:59:58.0109 0x0c58 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:59:58.0250 0x0c58 sysaudio - ok
12:59:58.0312 0x0c58 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:59:58.0484 0x0c58 SysmonLog - ok
12:59:58.0718 0x0c58 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:59:58.0937 0x0c58 TapiSrv - ok
12:59:59.0171 0x0c58 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:59:59.0500 0x0c58 Tcpip - ok
12:59:59.0531 0x0c58 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:59:59.0781 0x0c58 TDPIPE - ok
12:59:59.0812 0x0c58 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:59:59.0890 0x0c58 TDTCP - ok
12:59:59.0921 0x0c58 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
13:00:00.0015 0x0c58 TermDD - ok
13:00:00.0218 0x0c58 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
13:00:00.0671 0x0c58 TermService - ok
13:00:00.0765 0x0c58 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
13:00:00.0781 0x0c58 Themes - ok
13:00:00.0859 0x0c58 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
13:00:00.0953 0x0c58 TlntSvr - ok
13:00:00.0953 0x0c58 TosIde - ok
13:00:01.0015 0x0c58 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
13:00:01.0156 0x0c58 TrkWks - ok
13:00:01.0218 0x0c58 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
13:00:01.0343 0x0c58 Udfs - ok
13:00:01.0343 0x0c58 ultra - ok
13:00:01.0671 0x0c58 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
13:00:02.0187 0x0c58 Update - ok
13:00:02.0296 0x0c58 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
13:00:02.0500 0x0c58 upnphost - ok
13:00:02.0531 0x0c58 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
13:00:02.0765 0x0c58 UPS - ok
13:00:02.0812 0x0c58 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:00:02.0890 0x0c58 usbccgp - ok
13:00:02.0937 0x0c58 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:00:02.0968 0x0c58 usbehci - ok
13:00:03.0031 0x0c58 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:00:03.0265 0x0c58 usbhub - ok
13:00:03.0328 0x0c58 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:00:03.0468 0x0c58 usbohci - ok
13:00:03.0484 0x0c58 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:00:03.0703 0x0c58 usbprint - ok
13:00:03.0718 0x0c58 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:00:03.0750 0x0c58 usbscan - ok
13:00:03.0781 0x0c58 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:00:03.0921 0x0c58 USBSTOR - ok
13:00:03.0968 0x0c58 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
13:00:04.0078 0x0c58 VgaSave - ok
13:00:04.0078 0x0c58 ViaIde - ok
13:00:04.0125 0x0c58 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
13:00:04.0359 0x0c58 VolSnap - ok
13:00:04.0640 0x0c58 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
13:00:04.0875 0x0c58 VSS - ok
13:00:05.0000 0x0c58 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
13:00:05.0234 0x0c58 W32Time - ok
13:00:05.0265 0x0c58 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:00:05.0468 0x0c58 Wanarp - ok
13:00:05.0500 0x0c58 [ 4C0B8EF721783F52F8E531FBDC4B1F74, FA603ADA2FCA64E03D3642B335AD4454CEE3AE9FDEA21FCF9BA2D16DACBB1BDD ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
13:00:05.0671 0x0c58 wceusbsh - ok
13:00:05.0671 0x0c58 WDICA - ok
13:00:05.0750 0x0c58 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
13:00:05.0937 0x0c58 wdmaud - ok
13:00:06.0015 0x0c58 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
13:00:06.0125 0x0c58 WebClient - ok
13:00:06.0312 0x0c58 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
13:00:06.0484 0x0c58 winmgmt - ok
13:00:07.0515 0x0c58 [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:00:09.0375 0x0c58 wlidsvc - ok
13:00:09.0421 0x0c58 [ 5D410936831F7FB58EFF941EAC3F6D3D, 5A1E769F75562802CC0EAA44215501925EA4C260AD7A975CEE4AB8DCA2BB82C9 ] WmBEnum         C:\WINDOWS\system32\drivers\WmBEnum.sys
13:00:09.0453 0x0c58 WmBEnum - ok
13:00:09.0484 0x0c58 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
13:00:09.0671 0x0c58 WmdmPmSN - ok
13:00:09.0734 0x0c58 [ 7A13CFDE92956CA61A0927D766C5AD4F, 96B337903B7E59A7D60FE4A27064A993EF244D3D736016FFC13465C8F44068F8 ] WmFilter        C:\WINDOWS\system32\drivers\WmFilter.sys
13:00:09.0750 0x0c58 WmFilter - ok
13:00:09.0812 0x0c58 [ 1F596392149CAC51F7C095AF7D533934, 7D8649D951E7719DE49B5E7BA4296A0736753A73FE30A45F96F370ADD81E6B2B ] WmHidLo         C:\WINDOWS\system32\drivers\WmHidLo.sys
13:00:09.0812 0x0c58 WmHidLo - ok
13:00:10.0203 0x0c58 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
13:00:10.0937 0x0c58 Wmi - ok
13:00:10.0968 0x0c58 [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:00:11.0078 0x0c58 WmiAcpi - ok
13:00:11.0171 0x0c58 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:00:11.0312 0x0c58 WmiApSrv - ok
13:00:11.0953 0x0c58 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
13:00:13.0015 0x0c58 WMPNetworkSvc - ok
13:00:13.0031 0x0c58 [ 6F04646BC690F8BBFC344BE32A60796D, DE2B4BE88CE38D6297F58BE2C643A3838C0470E2E3AB6289755E39B5E59061D7 ] WmVirHid        C:\WINDOWS\system32\drivers\WmVirHid.sys
13:00:13.0078 0x0c58 WmVirHid - ok
13:00:13.0140 0x0c58 [ 1D6CA43D562333F4DFB40BCEF2453F3A, BEEC5587ACE8ABF1DB0B9B68E43B29082AA2F4A6415CEC8536086944D506A704 ] WmXlCore        C:\WINDOWS\system32\drivers\WmXlCore.sys
13:00:13.0171 0x0c58 WmXlCore - ok
13:00:13.0218 0x0c58 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
13:00:13.0265 0x0c58 WpdUsb - ok
13:00:13.0906 0x0c58 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:00:14.0750 0x0c58 WPFFontCache_v0400 - ok
13:00:14.0796 0x0c58 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:00:14.0984 0x0c58 WS2IFSL - ok
13:00:15.0062 0x0c58 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
13:00:15.0234 0x0c58 wscsvc - ok
13:00:15.0265 0x0c58 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:00:15.0375 0x0c58 WSTCODEC - ok
13:00:15.0390 0x0c58 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
13:00:15.0656 0x0c58 wuauserv - ok
13:00:15.0734 0x0c58 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:00:15.0812 0x0c58 WudfPf - ok
13:00:15.0890 0x0c58 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:00:15.0953 0x0c58 WudfRd - ok
13:00:16.0000 0x0c58 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
13:00:16.0031 0x0c58 WudfSvc - ok
13:00:16.0343 0x0c58 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
13:00:17.0015 0x0c58 WZCSVC - ok
13:00:17.0109 0x0c58 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
13:00:17.0359 0x0c58 xmlprov - ok
13:00:17.0390 0x0c58 ================ Scan global ===============================
13:00:17.0468 0x0c58 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
13:00:17.0796 0x0c58 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
13:00:18.0125 0x0c58 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
13:00:18.0218 0x0c58 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
13:00:18.0218 0x0c58 [ Global ] - ok
13:00:18.0218 0x0c58 ================ Scan MBR ==================================
13:00:18.0265 0x0c58 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:00:18.0859 0x0c58 \Device\Harddisk0\DR0 - ok
13:00:18.0890 0x0c58 [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk1\DR1
13:00:19.0125 0x0c58 \Device\Harddisk1\DR1 - ok
13:00:19.0125 0x0c58 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
13:00:19.0265 0x0c58 \Device\Harddisk2\DR2 - ok
13:00:19.0265 0x0c58 ================ Scan VBR ==================================
13:00:19.0281 0x0c58 [ 415D7CF8260F415155BEA8B3D6ACCECF ] \Device\Harddisk0\DR0\Partition1
13:00:19.0312 0x0c58 \Device\Harddisk0\DR0\Partition1 - ok
13:00:19.0328 0x0c58 [ 08F97BE32741514B11313743CD951276 ] \Device\Harddisk1\DR1\Partition1
13:00:19.0343 0x0c58 \Device\Harddisk1\DR1\Partition1 - ok
13:00:19.0359 0x0c58 [ 9D34C75B2A072A97F9F7C7AC029FEC29 ] \Device\Harddisk2\DR2\Partition1
13:00:19.0359 0x0c58 \Device\Harddisk2\DR2\Partition1 - ok
13:00:19.0359 0x0c58 ================ Scan generic autorun ======================
13:00:31.0031 0x0c58 [ 80233DB66B8B836365B9D0039EC4398F, 1DF2EBAB5770A20123576D37E5381A5BE99EE62496369501EC0EB1DC35F4B5B9 ] C:\WINDOWS\RTHDCPL.EXE
13:00:53.0531 0x0c58 RTHDCPL - ok
13:00:53.0640 0x0c58 [ 1A5024838562999647A7E1B6B62F91F4, 7E9FD5D6C3D807280339A4D7F53B69D9208DAFFA102467350E2BB95D288C5E3B ] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
13:00:53.0671 0x0c58 NUSB3MON - detected UnsignedFile.Multi.Generic ( 1 )
13:00:56.0281 0x0c58 Detect skipped due to KSN trusted
13:00:56.0281 0x0c58 NUSB3MON - ok
13:00:56.0312 0x0c58 [ 06D5A9AD6EE1A674939D3DA635B1DCAF, DC9E2D714046EF2B1440E8AE14A90AEA237C0CD9C2B5C229880EB7691FCFB739 ] C:\WINDOWS\KHALMNPR.EXE
13:00:56.0328 0x0c58 Logitech Hardware Abstraction Layer - ok
13:00:56.0390 0x0c58 [ DB4E2D9C09A5762CB2551222B5E443B2, 318AD09D1821E38B7D7ACC0A06965057B494A752C9E34FD1CA41247DC703F985 ] C:\WINDOWS\RaidTool\xInsIDE.exe
13:00:56.0406 0x0c58 JMB36X IDE Setup - detected UnsignedFile.Multi.Generic ( 1 )
13:00:59.0015 0x0c58 Detect skipped due to KSN trusted
13:00:59.0015 0x0c58 JMB36X IDE Setup - ok
13:00:59.0187 0x0c58 [ 2AD3D568D73CA713DB156AD0ED87FB0E, AA1F1150EB9F7182F86879D812AD8FCB8422C4DB40F8E11B7139DA1E04CC37F7 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
13:00:59.0406 0x0c58 HPDJ Taskbar Utility - ok
13:00:59.0437 0x0c58 [ D15D7DCB64E24F4D96CF7DD7C9DCDC14, 3CC2391B437CE5D5D03D769E1AADB97CBABF829BDD132CB7C4B3B8B14B17299D ] C:\WINDOWS\system32\CTXFIHLP.EXE
13:00:59.0453 0x0c58 CTxfiHlp - detected UnsignedFile.Multi.Generic ( 1 )
13:01:02.0031 0x0c58 Detect skipped due to KSN trusted
13:01:02.0031 0x0c58 CTxfiHlp - ok
13:01:02.0390 0x0c58 [ 12FD7C1EADDDA10A67B1D6F905B3CC1E, 54FA875C5C3D7AD2D5AE966C72C63558D152455AB78816F31345443F0B13D89F ] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
13:01:02.0906 0x0c58 ContentTransferWMDetector.exe - ok
13:01:03.0546 0x0c58 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:01:04.0609 0x0c58 Adobe ARM - ok
13:01:05.0984 0x0c58 [ 00949C5379AA037C86CB8B583EE98835, F69119B5C0064162DF39D11E47DB598D29C39F400B5D3E1E5570EBE2ECFE0848 ] C:\WINDOWS\system32\xRaidSetup.exe
13:01:08.0203 0x0c58 36X Raid Configurer - detected UnsignedFile.Multi.Generic ( 1 )
13:01:10.0812 0x0c58 Detect skipped due to KSN trusted
13:01:10.0812 0x0c58 36X Raid Configurer - ok
13:01:10.0843 0x0c58 [ C50D35A53B4AAF0B6D2170078CEF0003, 669A8CEAB65B419BF374C99C7585D87C263404100B348684C7CF8A8F208C0C6C ] C:\Program Files\Gigabyte\ET5\ETcall.exe
13:01:10.0859 0x0c58 EasyTuneV - detected UnsignedFile.Multi.Generic ( 1 )
13:01:13.0453 0x0c58 Detect skipped due to KSN trusted
13:01:13.0453 0x0c58 EasyTuneV - ok
13:01:13.0640 0x0c58 [ 2CA13F4DA2ACC186BBD4C9E987797BC5, FD1615EB3F037E1FAF9D46FCDCE11A8140FDC4D4D7766728DC2BA8976641E41F ] C:\WINDOWS\tsnp2std.exe
13:01:13.0906 0x0c58 tsnp2std - detected UnsignedFile.Multi.Generic ( 1 )
13:01:16.0500 0x0c58 Detect skipped due to KSN trusted
13:01:16.0500 0x0c58 tsnp2std - ok
13:01:17.0531 0x0c58 [ ED617CEBED57C320945E727501078F9E, 8E641EAE2A05FE0423B45D751CE97051D6CEF8B390678280036E7B026AFC3E8B ] C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
13:01:19.0328 0x0c58 ADSK DLMSession - ok
13:01:19.0328 0x0c58 NvMediaCenter - ok
13:01:20.0015 0x0c58 [ 6B08632F7634F344372B25A507DA7C47, C955BFB0F4601A4D1077119B204785FE4CB975E961D2AEE9C2BFA6EDC27E3CE2 ] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
13:01:21.0140 0x0c58 Nvtmru - ok
13:01:21.0843 0x0c58 [ 9C402036893E6573C6D593F33E115B95, FEF45B18A00AAEE3E4AAABB62BF1B773B074C614FE5FA02B4B511A1C392A5F7B ] c:\Program Files\Microsoft Security Client\msseces.exe
13:01:22.0875 0x0c58 MSC - ok
13:01:22.0953 0x0c58 [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
13:01:22.0953 0x0c58 APSDaemon - ok
13:01:26.0500 0x0c58 [ AF49D1C79EA49A7833017F290EE63B82, FFE98E8F6AE3BFAB324B3A7C6C6C00545C597A6861CBDD82ACE97591C6A1D287 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
13:01:29.0906 0x0c58 SDTray - ok
13:01:29.0906 0x0c58 NvCplDaemon - ok
13:01:30.0171 0x0c58 [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files\QuickTime\qttask.exe
13:01:30.0578 0x0c58 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
13:01:33.0218 0x0c58 Detect skipped due to KSN trusted
13:01:33.0218 0x0c58 QuickTime Task - ok
13:01:33.0468 0x0c58 [ 95A7E88A5F4EF79C605413F00A945CD3, 28B704FF81506F512240E589D4C860B0A6168911A6893E3754056C2F03106118 ] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
13:01:33.0921 0x0c58 BCU - ok
13:01:34.0140 0x0c58 [ 32A49C8F69802B36CAE00AB23748B9D4, 5B43D6A3162624E067E0676EBCE4AB4B8833ADFB60D3BFBD4D3EE0BE4406F0A9 ] C:\WINDOWS\vsnp2std.exe
13:01:34.0484 0x0c58 snp2std - ok
13:01:34.0500 0x0c58 [ 1C1DB86A882AB2532EEC09507190E019, 16204FF683C992BEE4776C2716476BA61C432D674966BED3B350B099AF8A2975 ] C:\WINDOWS\FixCamera.exe
13:01:34.0531 0x0c58 FixCamera - detected UnsignedFile.Multi.Generic ( 1 )
13:01:37.0187 0x0c58 Detect skipped due to KSN trusted
13:01:37.0187 0x0c58 FixCamera - ok
13:01:37.0234 0x0c58 [ 6F283AC7232A327B3508D4E11E0D76D4, 56A4DF2F02C5F56D3260CA5E5726C484D0A5FFFCE21F1D7CB76A4C2AA25D0D15 ] C:\WINDOWS\system32\CTHELPER.EXE
13:01:37.0265 0x0c58 CTHelper - detected UnsignedFile.Multi.Generic ( 1 )
13:01:39.0875 0x0c58 Detect skipped due to KSN trusted
13:01:39.0875 0x0c58 CTHelper - ok
13:01:40.0750 0x0c58 [ 5515EB5E3A8B073F66CFC697EB0D4B55, 308B2996AC15268D4D2B5AECD91E6B5BBEBB9A659AC0188C781B8E3E414923CD ] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
13:01:42.0156 0x0c58 H/PC Connection Agent - ok
13:01:42.0187 0x0c58 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
13:01:42.0312 0x0c58 ctfmon.exe - ok
13:01:42.0312 0x0c58 Waiting for KSN requests completion. In queue: 2
13:01:43.0312 0x0c58 Waiting for KSN requests completion. In queue: 2
13:01:44.0312 0x0c58 Waiting for KSN requests completion. In queue: 2
13:01:45.0343 0x0c58 AV detected via SS1: Microsoft Security Essentials, 4.3.0215.0, disabled, updated
13:01:45.0343 0x0c58 AV detected via SS1: Microsoft Security Essentials, 2.1.6805.0, disabled, updated
13:01:45.0343 0x0c58 Win FW state via NFM: enabled
13:01:47.0843 0x0c58 ============================================================
13:01:47.0843 0x0c58 Scan finished
13:01:47.0843 0x0c58 ============================================================
13:01:47.0859 0x08a4 Detected object count: 2
13:01:47.0859 0x08a4 Actual detected object count: 2
13:02:06.0265 0x08a4 C:\WINDOWS\system32\rpcss.dll - copied to quarantine
13:02:09.0921 0x08a4 Backup copy not found, trying to cure infected file..
13:02:09.0921 0x08a4 Cure success, using it..
13:02:10.0171 0x08a4 C:\WINDOWS\system32\rpcss.dll - will be cured on reboot
13:02:10.0171 0x08a4 DcomLaunch ( Trojan.Win32.Patched.pj ) - User select action: Cure
13:02:10.0734 0x08a4 C:\WINDOWS\System32\rpcss.dll - copied to quarantine
13:02:11.0187 0x08a4 Backup copy not found, trying to cure infected file..
13:02:11.0187 0x08a4 Cure success, using it..
13:02:11.0453 0x08a4 C:\WINDOWS\System32\rpcss.dll - will be cured on reboot
13:02:11.0468 0x08a4 RpcSs ( Trojan.Win32.Patched.pj ) - User select action: Cure
13:02:12.0984 0x08a4 KLMD registered as C:\WINDOWS\system32\drivers\71939309.sys
13:02:28.0625 0x051c Deinitialize success

#44 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 20 August 2014 - 10:57 PM

Hi gcdi,

Did you try clicking on reactivate?

I think most of the problem is a change made by the infection. It looks like the bootkit was remved the first time we used TDSSK. The patched files still showed in the last run. Please rerun TDSSKiller so we can see if it was successful this time. Use the same instructions.

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#45 gcdi

Authentic Member

Authentic Member
119 posts

Posted 20 August 2014 - 11:15 PM

No, should I try telling it ok to activate?

Just ran TDSS again, this time cure was not an option on any of the five items it found and also did not require reboot when it was finished.

Here's the log.

00:03:34.0671 0x0828 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
00:03:39.0015 0x0828 ============================================================
00:03:39.0015 0x0828 Current date / time: 2014/08/21 00:03:39.0015
00:03:39.0015 0x0828 SystemInfo:
00:03:39.0015 0x0828
00:03:39.0015 0x0828 OS Version: 5.1.2600 ServicePack: 3.0
00:03:39.0015 0x0828 Product type: Workstation
00:03:39.0015 0x0828 ComputerName: GCDI
00:03:39.0015 0x0828 UserName: MIKE
00:03:39.0015 0x0828 Windows directory: C:\WINDOWS
00:03:39.0015 0x0828 System windows directory: C:\WINDOWS
00:03:39.0015 0x0828 Processor architecture: Intel x86
00:03:39.0015 0x0828 Number of processors: 4
00:03:39.0015 0x0828 Page size: 0x1000
00:03:39.0015 0x0828 Boot type: Normal boot
00:03:39.0015 0x0828 ============================================================
00:03:43.0593 0x0828 KLMD registered as C:\WINDOWS\system32\drivers\99013464.sys
00:03:45.0218 0x0828 System UUID: {10910ED2-1C4C-2CE7-C3B8-0B2CB9F114C3}
00:03:48.0484 0x0828 Drive \Device\Harddisk0\DR0 - Size: 0xE8E09ADE00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:03:48.0500 0x0828 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:03:48.0515 0x0828 Drive \Device\Harddisk2\DR2 - Size: 0x114FB27E00 ( 69.25 Gb ), SectorSize: 0x200, Cylinders: 0x234F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:03:48.0515 0x0828 ============================================================
00:03:48.0515 0x0828 \Device\Harddisk0\DR0:
00:03:48.0515 0x0828 MBR partitions:
00:03:48.0515 0x0828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x746FDC00
00:03:48.0515 0x0828 \Device\Harddisk1\DR1:
00:03:48.0515 0x0828 MBR partitions:
00:03:48.0515 0x0828 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
00:03:48.0515 0x0828 \Device\Harddisk2\DR2:
00:03:48.0515 0x0828 MBR partitions:
00:03:48.0515 0x0828 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8A7818F
00:03:48.0515 0x0828 ============================================================
00:03:48.0625 0x0828 C: <-> \Device\Harddisk0\DR0\Partition1
00:03:48.0671 0x0828 E: <-> \Device\Harddisk2\DR2\Partition1
00:03:48.0718 0x0828 F: <-> \Device\Harddisk1\DR1\Partition1
00:03:48.0765 0x0828 ============================================================
00:03:48.0765 0x0828 Initialize success
00:03:48.0765 0x0828 ============================================================
00:03:58.0390 0x079c ============================================================
00:03:58.0390 0x079c Scan started
00:03:58.0390 0x079c Mode: Manual; SigCheck; TDLFS;
00:03:58.0390 0x079c ============================================================
00:03:58.0390 0x079c KSN ping started
00:04:01.0343 0x079c KSN ping finished: true
00:04:02.0812 0x079c ================ Scan system memory ========================
00:04:02.0812 0x079c System memory - ok
00:04:02.0812 0x079c ================ Scan services =============================
00:04:03.0359 0x079c Abiosdsk - ok
00:04:03.0375 0x079c abp480n5 - ok
00:04:03.0531 0x079c [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:04:08.0062 0x079c ACPI - ok
00:04:08.0187 0x079c [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
00:04:08.0296 0x079c ACPIEC - ok
00:04:08.0296 0x079c adpu160m - ok
00:04:08.0390 0x079c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
00:04:08.0656 0x079c aec - ok
00:04:08.0796 0x079c [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
00:04:08.0906 0x079c AFD - ok
00:04:08.0906 0x079c Aha154x - ok
00:04:08.0906 0x079c aic78u2 - ok
00:04:08.0906 0x079c aic78xx - ok
00:04:08.0937 0x079c [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
00:04:09.0046 0x079c Alerter - ok
00:04:09.0093 0x079c [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
00:04:09.0140 0x079c ALG - ok
00:04:09.0140 0x079c AliIde - ok
00:04:10.0296 0x079c [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
00:04:12.0500 0x079c Ambfilt - ok
00:04:12.0625 0x079c [ EFBB0956BAED786E137351B5CA272AEF, 613E34D31C21F5CA9AEDC4BF64B8EE365DA355F914738C4FD638DB3EBE75FBB5 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
00:04:12.0656 0x079c AmdK8 - ok
00:04:12.0703 0x079c [ 033448D435E65C4BD72E70521FD05C76, A5462C22D5461F1BA06E81CD7E1ECE5409092DE53A8E4D3E78D089B65CB474D4 ] AmdPPM          C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
00:04:12.0765 0x079c AmdPPM - ok
00:04:12.0765 0x079c amsint - ok
00:04:12.0828 0x079c AODDriver - ok
00:04:12.0937 0x079c [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
00:04:13.0078 0x079c AppMgmt - ok
00:04:13.0125 0x079c [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:04:13.0250 0x079c Arp1394 - ok
00:04:13.0265 0x079c asc - ok
00:04:13.0265 0x079c asc3350p - ok
00:04:13.0265 0x079c asc3550 - ok
00:04:13.0437 0x079c [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:04:13.0531 0x079c aspnet_state - ok
00:04:13.0625 0x079c [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:04:13.0796 0x079c AsyncMac - ok
00:04:13.0875 0x079c [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
00:04:14.0015 0x079c atapi - ok
00:04:14.0015 0x079c Atdisk - ok
00:04:14.0078 0x079c [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:04:14.0218 0x079c Atmarpc - ok
00:04:14.0265 0x079c [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
00:04:14.0359 0x079c AudioSrv - ok
00:04:14.0390 0x079c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
00:04:14.0500 0x079c audstub - ok
00:04:14.0781 0x079c [ F29D375926E36E3A56AF4805C7749302, 3B28F1C0BA9E1F00EF2BA1B0C0D679EB1FCD0F52DBB308819F002E482FCB282F ] BCUService      C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
00:04:14.0921 0x079c BCUService - ok
00:04:14.0953 0x079c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
00:04:15.0046 0x079c Beep - ok
00:04:15.0265 0x079c [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
00:04:16.0062 0x079c BITS - ok
00:04:16.0125 0x079c [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
00:04:16.0234 0x079c Browser - ok
00:04:16.0312 0x079c catchme - ok
00:04:16.0359 0x079c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
00:04:16.0453 0x079c cbidf2k - ok
00:04:16.0500 0x079c [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:04:16.0812 0x079c CCDECODE - ok
00:04:16.0812 0x079c cd20xrnt - ok
00:04:16.0843 0x079c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
00:04:16.0953 0x079c Cdaudio - ok
00:04:17.0015 0x079c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
00:04:17.0125 0x079c Cdfs - ok
00:04:17.0218 0x079c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:04:17.0343 0x079c Cdrom - ok
00:04:17.0343 0x079c Changer - ok
00:04:17.0390 0x079c [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
00:04:17.0500 0x079c CiSvc - ok
00:04:17.0640 0x079c [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
00:04:17.0812 0x079c ClipSrv - ok
00:04:17.0953 0x079c [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:04:18.0078 0x079c clr_optimization_v2.0.50727_32 - ok
00:04:18.0171 0x079c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:04:18.0328 0x079c clr_optimization_v4.0.30319_32 - ok
00:04:18.0328 0x079c CmdIde - ok
00:04:18.0343 0x079c COMSysApp - ok
00:04:18.0343 0x079c Cpqarray - ok
00:04:18.0453 0x079c [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
00:04:18.0515 0x079c Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
00:04:21.0218 0x079c Detect skipped due to KSN trusted
00:04:21.0218 0x079c Creative Audio Engine Licensing Service - ok
00:04:21.0281 0x079c [ 3C8B6609712F4FF78E521F6DCFC4032B, DFCFD5F2D35DDA25DD91B4D732BDF84D1526AB11084E22523D51ABB2A8608402 ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.EXE
00:04:21.0328 0x079c Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic ( 1 )
00:04:23.0968 0x079c Detect skipped due to KSN trusted
00:04:23.0968 0x079c Creative Service for CDROM Access - ok
00:04:24.0046 0x079c [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
00:04:24.0656 0x079c CryptSvc - ok
00:04:24.0828 0x079c [ B9106942EB5DD0E034AB40A9D48D056E, 0BC15F6991E5F5C46AA9715F28A6326F6DAE56C8669CF38179B6C02A43C1C7C1 ] CT20XUT         C:\WINDOWS\system32\drivers\CT20XUT.SYS
00:04:24.0906 0x079c CT20XUT - ok
00:04:25.0015 0x079c [ B9106942EB5DD0E034AB40A9D48D056E, 0BC15F6991E5F5C46AA9715F28A6326F6DAE56C8669CF38179B6C02A43C1C7C1 ] CT20XUT.SYS     C:\WINDOWS\System32\drivers\CT20XUT.SYS
00:04:25.0046 0x079c CT20XUT.SYS - ok
00:04:25.0375 0x079c [ F2B1D0A3D21BD0D9F46457CBCEC1A0E9, FECEF831661AA4745166B8076C767A448336C86A4C8F9768EDF12F715DF2A1BE ] ctac32k         C:\WINDOWS\system32\drivers\ctac32k.sys
00:04:25.0625 0x079c ctac32k - ok
00:04:25.0953 0x079c [ 44F60A5E3C3A8A6BBA4C280948EA6095, 2315BA4ACFBCEC9AC3139872018A3D7FE033A3E1B997C4E38F1AAF9A7F984F44 ] ctaud2k         C:\WINDOWS\system32\drivers\ctaud2k.sys
00:04:26.0109 0x079c ctaud2k - ok
00:04:26.0390 0x079c [ 07BA6D17E66879018B30B6C3F976EBED, 1759CE25519358A47E1B1FA02A415DB5D3F6B511AD3820D0AE8A1533B5DC83CD ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
00:04:26.0656 0x079c CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
00:04:29.0406 0x079c Detect skipped due to KSN trusted
00:04:29.0406 0x079c CTAudSvcService - ok
00:04:29.0750 0x079c [ 8CBE82D6BBF206E144F22CB33FAB1F2C, AE15BAD45E88A77C2A35ECD8D5D13A0C3994171FB39CAC18B4B65A618521E4AF ] ctdvda2k        C:\WINDOWS\system32\drivers\ctdvda2k.sys
00:04:30.0140 0x079c ctdvda2k - ok
00:04:31.0031 0x079c [ 4AE083D16AC9FC9BDF98498F93426226, F958A326B6FEAD5632F4D79492B079376989733DC8174B0779E1F9B7B24E661B ] CTEXFIFX        C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
00:04:31.0796 0x079c CTEXFIFX - ok
00:04:32.0546 0x079c [ 4AE083D16AC9FC9BDF98498F93426226, F958A326B6FEAD5632F4D79492B079376989733DC8174B0779E1F9B7B24E661B ] CTEXFIFX.SYS    C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
00:04:33.0203 0x079c CTEXFIFX.SYS - ok
00:04:33.0265 0x079c [ B610BFE02F9FC0CB0B1CDE3EC4C13FFA, 7CF7182781092495479305C17DE512C35F30E7F247DE9640F33C4DEC586B085A ] CTHWIUT         C:\WINDOWS\system32\drivers\CTHWIUT.SYS
00:04:33.0265 0x079c CTHWIUT - ok
00:04:33.0312 0x079c [ B610BFE02F9FC0CB0B1CDE3EC4C13FFA, 7CF7182781092495479305C17DE512C35F30E7F247DE9640F33C4DEC586B085A ] CTHWIUT.SYS     C:\WINDOWS\System32\drivers\CTHWIUT.SYS
00:04:33.0328 0x079c CTHWIUT.SYS - ok
00:04:33.0343 0x079c [ F0F19A13C948E5289601E354B08E0941, B2E00B03BA2B7373F2BFF7B833BFC0915A4E4A25F0918A973C6694A43ACD803F ] ctprxy2k        C:\WINDOWS\system32\drivers\ctprxy2k.sys
00:04:33.0359 0x079c ctprxy2k - ok
00:04:33.0484 0x079c [ C7B2C36A6203A5F3D0A378FD78C5DDD6, A8FCFF516A336E7E59DC817B3E495D055F80F6C51DA414E919223248CC16FB6D ] ctsfm2k         C:\WINDOWS\system32\drivers\ctsfm2k.sys
00:04:33.0500 0x079c ctsfm2k - ok
00:04:33.0500 0x079c dac2w2k - ok
00:04:33.0500 0x079c dac960nt - ok
00:04:33.0843 0x079c [ A842D70409B3ABAC2641376043B12694, 8302B4BE57EA4AFFC42AD4FEF9E04119776428E90465D7CDB3550C5EF04746AD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
00:04:34.0187 0x079c DcomLaunch - detected UnsignedFile.Multi.Generic ( 1 )
00:04:37.0000 0x079c Object is SCO, delete is not allowed
00:04:37.0000 0x079c DcomLaunch ( UnsignedFile.Multi.Generic ) - warning
00:04:39.0781 0x079c [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
00:04:40.0000 0x079c Dhcp - ok
00:04:40.0046 0x079c [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
00:04:40.0265 0x079c Disk - ok
00:04:40.0265 0x079c dmadmin - ok
00:04:40.0875 0x079c [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
00:04:41.0859 0x079c dmboot - ok
00:04:41.0968 0x079c [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
00:04:42.0203 0x079c dmio - ok
00:04:42.0218 0x079c [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
00:04:42.0375 0x079c dmload - ok
00:04:42.0421 0x079c [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
00:04:42.0500 0x079c dmserver - ok
00:04:42.0546 0x079c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
00:04:42.0781 0x079c DMusic - ok
00:04:42.0859 0x079c [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
00:04:42.0953 0x079c Dnscache - ok
00:04:43.0062 0x079c [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
00:04:43.0218 0x079c Dot3svc - ok
00:04:43.0218 0x079c dpti2o - ok
00:04:43.0234 0x079c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
00:04:43.0328 0x079c drmkaud - ok
00:04:43.0359 0x079c [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
00:04:43.0468 0x079c EapHost - ok
00:04:43.0562 0x079c [ FB2D6D4D14AE801F5267B0368FC0CB0C, 579804BFF211E14CA5BFAD99675ADB53E8A6228363C3D3C60D356F426A666F7B ] emupia          C:\WINDOWS\system32\drivers\emupia2k.sys
00:04:43.0656 0x079c emupia - ok
00:04:43.0671 0x079c [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
00:04:43.0796 0x079c ERSvc - ok
00:04:43.0875 0x079c [ B8FA96995726D1FA58476E352C02AD82, 6BBD49B16A19CC3C3337707EFBEB6BC355CB077CBBBC99D8985A3FBB6E871A89 ] ES lite Service C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
00:04:43.0921 0x079c ES lite Service - ok
00:04:43.0968 0x079c [ 57AF1036880449056DD8ADAC9F2D1FE1, 0D0257B58FD9F77CC83788FF303299503504ED6CE1AA70CCC41982FD87623176 ] ET5Drv          C:\WINDOWS\system32\Drivers\ET5Drv.sys
00:04:43.0968 0x079c ET5Drv - ok
00:04:44.0015 0x079c [ 3AF0AE042AFE486B22644CD3FBEBF2E2, 755A18C1507D0C3F3BF1B0CFAB96BB7D1C3D9D6F862F94B3069D00FC6B92A8AA ] etdrv           C:\WINDOWS\etdrv.sys
00:04:45.0671 0x079c etdrv - ok
00:04:45.0765 0x079c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
00:04:45.0890 0x079c Eventlog - ok
00:04:46.0062 0x079c [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
00:04:46.0234 0x079c EventSystem - ok
00:04:46.0328 0x079c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
00:04:46.0671 0x079c Fastfat - ok
00:04:46.0796 0x079c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:04:46.0937 0x079c FastUserSwitchingCompatibility - ok
00:04:46.0984 0x079c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
00:04:47.0109 0x079c Fdc - ok
00:04:47.0156 0x079c [ 95BC4D8493FE30312F5E1AB57EF36083, 96664371FC18B71A37112DF510CB7E0CF31BBA2AE6CCF7AA893713F133DA6D79 ] FETNDISB        C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys
00:04:47.0265 0x079c FETNDISB - ok
00:04:47.0312 0x079c [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
00:04:47.0531 0x079c Fips - ok
00:04:47.0546 0x079c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:04:47.0781 0x079c Flpydisk - ok
00:04:47.0890 0x079c [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
00:04:48.0203 0x079c FltMgr - ok
00:04:48.0281 0x079c [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:04:48.0328 0x079c FontCache3.0.0.0 - ok
00:04:48.0328 0x079c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:04:48.0453 0x079c Fs_Rec - ok
00:04:48.0515 0x079c [ B7AA8283EC551D3A3B924E520E0621A7, 648D93BCBEC0CE98D4F7E899F276A72F107A87C4215E07399961511DA3C39FDE ] FTDIBUS         C:\WINDOWS\system32\drivers\ftdibus.sys
00:04:48.0609 0x079c FTDIBUS - ok
00:04:48.0703 0x079c [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:04:48.0937 0x079c Ftdisk - ok
00:04:48.0953 0x079c [ 065639773D8B03F33577F6CDAEA21063, F20D0F3256F5F894CCA48755B23679619B5D02A0F64A142FC6CB619FC0952067 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
00:04:49.0046 0x079c gameenum - ok
00:04:49.0093 0x079c [ D556CB79967E92B5CC69686D16C1D846, F4FF679066269392F6B7C3BA6257FC60DD609E4F9C491B00E1A16E4C405B0B9B ] gdrv            C:\WINDOWS\gdrv.sys
00:04:49.0109 0x079c gdrv - ok
00:04:49.0140 0x079c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:04:49.0265 0x079c Gpc - ok
00:04:49.0406 0x079c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
00:04:49.0500 0x079c gupdate - ok
00:04:49.0671 0x079c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
00:04:49.0687 0x079c gupdatem - ok
00:04:49.0750 0x079c [ 689A8EEF2A2D62B28A0A578A6196531C, 76732A6D009D498D3D8AE687D8E0FB472C9A660494C86AD6242CA606AE76671F ] GVTDrv          C:\WINDOWS\system32\Drivers\GVTDrv.sys
00:04:49.0812 0x079c GVTDrv - ok
00:04:50.0609 0x079c [ 7FF1CED1201C169A783B0E81CC561FBA, E0E501A1365E3F3669A3E5DD6A4963EF6D668B8A4E9F31758A597A2ACF136496 ] ha20x2k         C:\WINDOWS\system32\drivers\ha20x2k.sys
00:04:51.0250 0x079c ha20x2k - ok
00:04:51.0359 0x079c [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:04:51.0484 0x079c HDAudBus - ok
00:04:51.0640 0x079c [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:04:51.0812 0x079c helpsvc - ok
00:04:51.0859 0x079c [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
00:04:51.0984 0x079c HidServ - ok
00:04:52.0015 0x079c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:04:52.0218 0x079c hidusb - ok
00:04:52.0265 0x079c [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
00:04:52.0390 0x079c hkmsvc - ok
00:04:52.0390 0x079c hpn - ok
00:04:52.0421 0x079c [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:04:52.0703 0x079c HPZid412 - ok
00:04:52.0718 0x079c [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:04:52.0765 0x079c HPZipr12 - ok
00:04:52.0796 0x079c [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:04:52.0828 0x079c HPZius12 - ok
00:04:52.0984 0x079c [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
00:04:53.0140 0x079c HTTP - ok
00:04:53.0171 0x079c [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
00:04:53.0265 0x079c HTTPFilter - ok
00:04:53.0281 0x079c i2omgmt - ok
00:04:53.0281 0x079c i2omp - ok
00:04:53.0343 0x079c [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:04:53.0468 0x079c i8042prt - ok
00:04:53.0671 0x079c [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:04:53.0718 0x079c IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
00:04:59.0671 0x079c Detect skipped due to KSN trusted
00:04:59.0671 0x079c IDriverT - ok
00:05:00.0281 0x079c [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:05:01.0296 0x079c idsvc - ok
00:05:01.0359 0x079c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
00:05:01.0656 0x079c Imapi - ok
00:05:01.0765 0x079c [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
00:05:01.0921 0x079c ImapiService - ok
00:05:01.0921 0x079c ini910u - ok
00:05:05.0687 0x079c [ 3D3F703B44A26D9C676EC3E2A03BA811, 245611B24148DAA4C36045D80B6C2EF7618E0EC984CE6715AB70754355160040 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:05:09.0187 0x079c IntcAzAudAddService - ok
00:05:09.0203 0x079c IntelIde - ok
00:05:09.0234 0x079c [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
00:05:09.0343 0x079c Ip6Fw - ok
00:05:09.0375 0x079c [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:05:09.0500 0x079c IpFilterDriver - ok
00:05:09.0515 0x079c [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:05:09.0703 0x079c IpInIp - ok
00:05:09.0812 0x079c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:05:09.0984 0x079c IpNat - ok
00:05:10.0046 0x079c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:05:10.0171 0x079c IPSec - ok
00:05:10.0203 0x079c [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
00:05:10.0250 0x079c IRENUM - ok
00:05:10.0296 0x079c [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:05:10.0390 0x079c isapnp - ok
00:05:10.0734 0x079c [ 77430E8234A0050ECCC5E2F5B30A7BEF, 3D05B97C01B1B7E0700369DEB15C8B5A083309518B6FDBADE6924637DEC4ABFF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
00:05:10.0843 0x079c JavaQuickStarterService - ok
00:05:10.0921 0x079c [ FE372FDE0AFC9F724ED9393A33AC9AA7, A4A27F0155FBD8FF2A7930BCA7990231EBC3DB324D2F319540FD4EE97BB5657D ] JRAID           C:\WINDOWS\system32\DRIVERS\jraid.sys
00:05:11.0000 0x079c JRAID - ok
00:05:11.0046 0x079c [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:05:11.0156 0x079c Kbdclass - ok
00:05:11.0171 0x079c [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:05:11.0296 0x079c kbdhid - ok
00:05:11.0296 0x079c kgcidxyp - ok
00:05:11.0437 0x079c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
00:05:11.0718 0x079c kmixer - ok
00:05:11.0812 0x079c [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
00:05:11.0906 0x079c KSecDD - ok
00:05:11.0937 0x079c [ 702E5FFD2DD24B4B00F798953320FC20, 393CE489359526FE3F9583915F637CDE7AC920C9DC73C93E9B0AC8B87A764EE8 ] L8042Kbd        C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
00:05:12.0000 0x079c L8042Kbd - ok
00:05:12.0093 0x079c [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
00:05:12.0187 0x079c LanmanServer - ok
00:05:12.0281 0x079c [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:05:12.0375 0x079c lanmanworkstation - ok
00:05:12.0375 0x079c lbrtfdc - ok
00:05:12.0437 0x079c [ DAF45F0A91A508E24F0DF886618E2A80, EFDF4582CF64871D726BE82C83E2D2BDD335CE517BDE3142B33E6DD531F40490 ] LHidKE          C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
00:05:12.0515 0x079c LHidKE - ok
00:05:12.0546 0x079c [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
00:05:12.0843 0x079c LmHosts - ok
00:05:12.0890 0x079c [ 695CAD01CCDAC6F8DDB80375EA80E4A6, A7C2A54D0A15D68D004439238D9DB023A52BEA8887543B9C87BDFDCBDA13CA6D ] LMouKE          C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
00:05:12.0937 0x079c LMouKE - ok
00:05:13.0000 0x079c [ 34CA6D7580AEF0FA2CB58ADBBE542F29, 0BFA9A3023ECEB2E368121FB1F61123503267C521DE8500AEDE6A26D8BFF1E92 ] MarkFun_NT      C:\Program Files\Gigabyte\ET5\markfun.w32
00:05:13.0015 0x079c MarkFun_NT - ok
00:05:13.0062 0x079c [ D7010580BF4E45D5E793A1FE75758C69, 318D54D8EEFF37B0E5F279EB9A82701B59EF2B845B6079C18C3D4ED586E96FB3 ] MDC8021X        C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
00:05:13.0078 0x079c MDC8021X - detected UnsignedFile.Multi.Generic ( 1 )
00:05:15.0828 0x079c Detect skipped due to KSN trusted
00:05:15.0828 0x079c MDC8021X - ok
00:05:16.0109 0x079c [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
00:05:16.0328 0x079c MDM - ok
00:05:16.0390 0x079c [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
00:05:16.0718 0x079c Messenger - ok
00:05:16.0750 0x079c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
00:05:16.0843 0x079c mnmdd - ok
00:05:16.0890 0x079c [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
00:05:17.0000 0x079c mnmsrvc - ok
00:05:17.0046 0x079c [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
00:05:17.0156 0x079c Modem - ok
00:05:18.0031 0x079c [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
00:05:19.0828 0x079c Monfilt - ok
00:05:19.0828 0x079c mosuport - ok
00:05:19.0843 0x079c [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:05:20.0015 0x079c Mouclass - ok
00:05:20.0046 0x079c [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:05:20.0156 0x079c mouhid - ok
00:05:20.0203 0x079c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
00:05:20.0359 0x079c MountMgr - ok
00:05:20.0468 0x079c [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:05:20.0593 0x079c MozillaMaintenance - ok
00:05:20.0812 0x079c [ 24406D75B40F0F6B3C1AC7031D734565, B58AA80E9C3738CFD826D7C8129D5467166A4397CCFEEEF7F14542DEBB659A51 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
00:05:20.0937 0x079c MpFilter - ok
00:05:20.0937 0x079c mraid35x - ok
00:05:21.0015 0x079c [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
00:05:21.0078 0x079c MREMP50 - detected UnsignedFile.Multi.Generic ( 1 )
00:05:23.0578 0x079c Detect skipped due to KSN trusted
00:05:23.0578 0x079c MREMP50 - ok
00:05:23.0593 0x079c MREMP50a64 - ok
00:05:23.0593 0x079c MREMPR5 - ok
00:05:23.0593 0x079c MRENDIS5 - ok
00:05:23.0625 0x079c [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
00:05:23.0656 0x079c MRESP50 - detected UnsignedFile.Multi.Generic ( 1 )
00:05:32.0937 0x079c Detect skipped due to KSN trusted
00:05:32.0937 0x079c MRESP50 - ok
00:05:32.0937 0x079c MRESP50a64 - ok
00:05:33.0078 0x079c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:05:33.0406 0x079c MRxDAV - ok
00:05:33.0781 0x079c [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:05:34.0234 0x079c MRxSmb - ok
00:05:34.0265 0x079c [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
00:05:34.0359 0x079c MSDTC - ok
00:05:34.0375 0x079c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
00:05:34.0578 0x079c Msfs - ok
00:05:34.0578 0x079c MSIServer - ok
00:05:34.0593 0x079c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:05:34.0718 0x079c MSKSSRV - ok
00:05:34.0828 0x079c [ 37F77AEBFF23A99D1BFB4F34CD2D07F2, 302B5791166A5051939E7CF747ED0AF299FF97D4493E4E7ADC4815C9408027D4 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:05:34.0843 0x079c MsMpSvc - ok
00:05:34.0875 0x079c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:05:34.0968 0x079c MSPCLOCK - ok
00:05:35.0000 0x079c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
00:05:35.0093 0x079c MSPQM - ok
00:05:35.0125 0x079c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:05:35.0218 0x079c mssmbios - ok
00:05:35.0250 0x079c [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
00:05:35.0328 0x079c MSTEE - ok
00:05:35.0343 0x079c [ CA3E22598F411199ADC2DFEE76CD0AE0, 73ACE780A198467657CD2AF6019F0FC753B4FC6D26A9D6477C88C5396273F77C ] ms_mpu401       C:\WINDOWS\system32\drivers\msmpu401.sys
00:05:35.0437 0x079c ms_mpu401 - ok
00:05:35.0500 0x079c [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
00:05:35.0625 0x079c Mup - ok
00:05:35.0781 0x079c [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:05:35.0921 0x079c NABTSFEC - ok
00:05:36.0125 0x079c [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
00:05:36.0421 0x079c napagent - ok
00:05:36.0546 0x079c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
00:05:36.0937 0x079c NDIS - ok
00:05:36.0984 0x079c [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:05:37.0093 0x079c NdisIP - ok
00:05:37.0140 0x079c [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:05:37.0203 0x079c NdisTapi - ok
00:05:37.0234 0x079c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:05:37.0375 0x079c Ndisuio - ok
00:05:37.0421 0x079c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:05:37.0640 0x079c NdisWan - ok
00:05:37.0796 0x079c [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
00:05:37.0890 0x079c NDProxy - ok
00:05:37.0921 0x079c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
00:05:38.0031 0x079c NetBIOS - ok
00:05:38.0140 0x079c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
00:05:38.0328 0x079c NetBT - ok
00:05:38.0406 0x079c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
00:05:38.0531 0x079c NetDDE - ok
00:05:38.0593 0x079c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
00:05:38.0796 0x079c NetDDEdsdm - ok
00:05:38.0828 0x079c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
00:05:38.0921 0x079c Netlogon - ok
00:05:39.0078 0x079c [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
00:05:39.0250 0x079c Netman - ok
00:05:39.0359 0x079c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:05:39.0484 0x079c NetTcpPortSharing - ok
00:05:39.0531 0x079c [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:05:39.0796 0x079c NIC1394 - ok
00:05:39.0968 0x079c [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
00:05:40.0125 0x079c Nla - ok
00:05:40.0140 0x079c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
00:05:40.0328 0x079c Npfs - ok
00:05:40.0687 0x079c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
00:05:41.0406 0x079c Ntfs - ok
00:05:41.0437 0x079c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
00:05:41.0515 0x079c NtLmSsp - ok
00:05:41.0859 0x079c [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
00:05:42.0468 0x079c NtmsSvc - ok
00:05:42.0484 0x079c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
00:05:42.0656 0x079c Null - ok
00:05:42.0796 0x079c [ CCE7C2B70D68A5314CBFDF91E84B248D, B9015C546D38100DA908ECCF0839C16B44D6EFE620A4E6CDB9B8E30091881754 ] nusb3hub        C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
00:05:42.0859 0x079c nusb3hub - ok
00:05:42.0953 0x079c [ 5A3EFB79D50726FF98D7B5D8CFF9634B, 385A568383322BE9AC64250E553837012640FE5AF7F6B2B32A7FA0B87BB27979 ] nusb3xhc        C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
00:05:43.0046 0x079c nusb3xhc - ok
00:05:49.0671 0x079c [ A613A14FB4D9117F42A3A280F64E9EC4, EF3EBFA4745DDB60B5A53777504E9BFF647A26665ECA94855A2E73C6B83A1933 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:05:56.0156 0x079c nv - ok
00:05:56.0265 0x079c [ EDDE04805AC865AC8465388DC4A4CCC7, 4E4CEC4E3DAA5122BEE6656748E4D30F37C03E8E909B42E65EDA6141F949A012 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda32.sys
00:05:56.0281 0x079c NVHDA - ok
00:05:56.0406 0x079c [ F1AE0BC50661BE09E7BC5919F4C05505, F93855320C937C983006FFC5E7D9F0091A64C8697750FEA34454F02E2C6868F1 ] nvsvc           C:\WINDOWS\system32\nvsvc32.exe
00:05:56.0515 0x079c nvsvc - ok
00:05:57.0843 0x079c [ A9AFE5B0648C8D7A411A72D8222F7F6E, A58AF8C615D97C769DA778D56F7E6999AAEB577C82C65455D3B2A8ED5B742777 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
00:05:59.0921 0x079c nvUpdatusService - ok
00:05:59.0984 0x079c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:06:00.0078 0x079c NwlnkFlt - ok
00:06:00.0125 0x079c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:06:00.0265 0x079c NwlnkFwd - ok
00:06:00.0328 0x079c [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:06:00.0468 0x079c ohci1394 - ok
00:06:00.0546 0x079c [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:06:00.0625 0x079c ose - ok
00:06:00.0828 0x079c [ AC5BF1A610EFFAAE9CFC48CB53483F08, 85CB5D7E359F3E6F05C78D487CE6247FE45116BBFEAE19BCF83072C946BDB98D ] ossrv           C:\WINDOWS\system32\drivers\ctoss2k.sys
00:06:00.0875 0x079c ossrv - ok
00:06:00.0937 0x079c [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
00:06:01.0078 0x079c Parport - ok
00:06:01.0140 0x079c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
00:06:01.0234 0x079c PartMgr - ok
00:06:01.0250 0x079c [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
00:06:01.0343 0x079c ParVdm - ok
00:06:01.0375 0x079c [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
00:06:01.0468 0x079c PCI - ok
00:06:01.0468 0x079c PCIDump - ok
00:06:01.0484 0x079c [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
00:06:01.0562 0x079c PCIIde - ok
00:06:01.0640 0x079c [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
00:06:01.0921 0x079c Pcmcia - ok
00:06:01.0921 0x079c PDCOMP - ok
00:06:01.0937 0x079c PDFRAME - ok
00:06:01.0937 0x079c PDRELI - ok
00:06:01.0937 0x079c PDRFRAME - ok
00:06:02.0000 0x079c [ F7BA50EE70940BB00D1F20C8EF2013D6, D72665CE5FE5D152627653236C976046B997121EDF13DC1AAF5C942F5F19821D ] pe3ah4nc        C:\WINDOWS\system32\drivers\pe3ah4nc.sys
00:06:02.0046 0x079c pe3ah4nc - ok
00:06:02.0046 0x079c perc2 - ok
00:06:02.0062 0x079c perc2hib - ok
00:06:02.0156 0x079c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
00:06:02.0187 0x079c PlugPlay - ok
00:06:02.0265 0x079c [ 2D091A99624FB9E7EEF0A86D872EC0C3, 465C0772E23F7959EC71DCCFA3304E2E46FD31548AE37D7BA3DAAA59E6B561FD ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
00:06:02.0312 0x079c Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
00:06:05.0562 0x079c Detect skipped due to KSN trusted
00:06:05.0562 0x079c Pml Driver HPZ12 - ok
00:06:05.0656 0x079c [ 831883B107684301F48ACE752C963984, EAF383C4ACC17DBB060BB8398225222175E028E1E332E2CE0548C97DAED3620E ] PnkBstrA        C:\WINDOWS\system32\PnkBstrA.exe
00:06:05.0718 0x079c PnkBstrA - ok
00:06:05.0734 0x079c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
00:06:06.0031 0x079c PolicyAgent - ok
00:06:06.0093 0x079c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:06:06.0343 0x079c PptpMiniport - ok
00:06:06.0359 0x079c pr2ah4nc - ok
00:06:06.0406 0x079c [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
00:06:06.0609 0x079c Processor - ok
00:06:06.0625 0x079c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:06:06.0687 0x079c ProtectedStorage - ok
00:06:06.0828 0x079c [ 0A84DC4A8A18F743FCEEF41DDF563C4A, 2AEE6C4AD0B488455E13E24E7CFC3F5CC4F825084BB59E6D478EB313ED01F40A ] ps6ah4nc        C:\WINDOWS\system32\drivers\ps6ah4nc.sys
00:06:06.0875 0x079c ps6ah4nc - ok
00:06:06.0906 0x079c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
00:06:07.0015 0x079c PSched - ok
00:06:07.0031 0x079c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:06:07.0125 0x079c Ptilink - ok
00:06:07.0125 0x079c ql1080 - ok
00:06:07.0125 0x079c Ql10wnt - ok
00:06:07.0125 0x079c ql12160 - ok
00:06:07.0125 0x079c ql1240 - ok
00:06:07.0140 0x079c ql1280 - ok
00:06:07.0171 0x079c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:06:07.0328 0x079c RasAcd - ok
00:06:07.0390 0x079c [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
00:06:07.0531 0x079c RasAuto - ok
00:06:07.0593 0x079c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:06:07.0703 0x079c Rasl2tp - ok
00:06:07.0921 0x079c [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
00:06:08.0078 0x079c RasMan - ok
00:06:08.0109 0x079c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:06:08.0218 0x079c RasPppoe - ok
00:06:08.0234 0x079c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
00:06:08.0328 0x079c Raspti - ok
00:06:08.0453 0x079c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:06:08.0625 0x079c Rdbss - ok
00:06:08.0640 0x079c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:06:08.0734 0x079c RDPCDD - ok
00:06:08.0921 0x079c [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:06:09.0093 0x079c rdpdr - ok
00:06:09.0187 0x079c [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
00:06:09.0312 0x079c RDPWD - ok
00:06:09.0421 0x079c [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
00:06:09.0578 0x079c RDSessMgr - ok
00:06:09.0671 0x079c [ B2D01290C0E0465ACA54C2088E947823, 6FB6E6CFAF3F2F948B753A0CFF6F9058BF3ED0E421204EE58848F0DFD694A747 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
00:06:09.0703 0x079c RealNetworks Downloader Resolver Service - ok
00:06:09.0828 0x079c [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
00:06:09.0937 0x079c redbook - ok
00:06:10.0000 0x079c [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
00:06:10.0109 0x079c RemoteAccess - ok
00:06:10.0156 0x079c [ 7553D60B85AC53BD4486C418A0FBFCDF, DF5B602BF2B4E8BEA788478097F6F425778F391F9B9C1EF0B2F1C28A17D9C998 ] RemoteControl-USBLAN C:\WINDOWS\system32\DRIVERS\rcblan.sys
00:06:10.0187 0x079c RemoteControl-USBLAN - ok
00:06:10.0250 0x079c [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:06:10.0359 0x079c RemoteRegistry - ok
00:06:10.0375 0x079c [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
00:06:10.0468 0x079c ROOTMODEM - ok
00:06:10.0515 0x079c [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
00:06:10.0625 0x079c RpcLocator - ok
00:06:10.0953 0x079c [ A842D70409B3ABAC2641376043B12694, 8302B4BE57EA4AFFC42AD4FEF9E04119776428E90465D7CDB3550C5EF04746AD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
00:06:11.0109 0x079c RpcSs - detected UnsignedFile.Multi.Generic ( 1 )
00:06:11.0109 0x079c Object is SCO, delete is not allowed
00:06:11.0109 0x079c RpcSs ( UnsignedFile.Multi.Generic ) - warning
00:06:11.0109 0x079c Force sending object to P2P due to detect: RpcSs
00:06:14.0140 0x079c Object send P2P result: true
00:06:17.0359 0x079c [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
00:06:17.0640 0x079c RSVP - ok
00:06:17.0734 0x079c [ CB9310A5A910648D359C99A857E22A54, 7E24EF1577FC6AEE5B6102DB4126F8EC5B5A1F1D9C46E5B09203B30F3F979C9E ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
00:06:17.0968 0x079c RTLE8023xp - ok
00:06:18.0015 0x079c [ 376218D4209B1E749953F9EDEF0CEF2E, 68148C7539D7FC1642E1DBDF6E196B6E9BFD63E362F617218C6AE31EA3BE72BD ] RTLTEAMING      C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS
00:06:18.0046 0x079c RTLTEAMING - detected UnsignedFile.Multi.Generic ( 1 )
00:06:20.0562 0x079c Detect skipped due to KSN trusted
00:06:20.0578 0x079c RTLTEAMING - ok
00:06:20.0609 0x079c [ 6EC43DC18746BB9B6DDEC4C99B15B6FC, 92AC8D03345774D55743F443EFBA0479EBFB995BFDBBBD06B630DAB5EF065D05 ] RTLVLAN         C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
00:06:20.0625 0x079c RTLVLAN - detected UnsignedFile.Multi.Generic ( 1 )
00:06:30.0625 0x079c RTLVLAN ( UnsignedFile.Multi.Generic ) - warning
00:06:33.0140 0x079c [ 5FFD2AAF467B80FAB34929AFB7702060, FCBC04F23D522E959DE388AF2261EEDF28870E7ECA391E4940F14BFBC78AC0EF ] RtNdPt5x        C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys
00:06:33.0234 0x079c RtNdPt5x - ok
00:06:33.0265 0x079c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
00:06:33.0453 0x079c SamSs - ok
00:06:33.0531 0x079c [ 230FD3749904CA045EA5EC0AA14006E9, D7C79238F862B471740AFF4CC3982658D1339795E9EC884A8921EFE2E547D7C3 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x86\Sandra.sys
00:06:33.0578 0x079c SANDRA - ok
00:06:33.0640 0x079c [ A740F0412A3C994FB3BC1871B79E46CF, E831017CCBF6FAC3120691F6B27C4FEB228CB6A0AA763B15BAD142CC8D462FF9 ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\RpcAgentSrv.exe
00:06:33.0718 0x079c SandraAgentSrv - detected UnsignedFile.Multi.Generic ( 1 )
00:06:36.0312 0x079c Detect skipped due to KSN trusted
00:06:36.0328 0x079c SandraAgentSrv - ok
00:06:36.0437 0x079c [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
00:06:36.0671 0x079c SCardSvr - ok
00:06:36.0906 0x079c [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
00:06:37.0125 0x079c Schedule - ok
00:06:39.0578 0x079c [ 98EF79CC2B07398AC525F9EA1AE0366F, D0D5D69696ED339F363024AF3271867F4C55572C67FD0F2AA27D24B37982E39A ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
00:06:41.0906 0x079c SDScannerService - ok
00:06:42.0562 0x079c [ 14BF6B3AB327D519ED007CDDC56F6900, 4E5DC4AF45347C885E0E87F205EE1F95BB4713A0B581CD7317FBEEE2A9628982 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
00:06:43.0140 0x079c SDUpdateService - ok
00:06:43.0250 0x079c [ 820EBE67AB99F033FDE25B2692157991, A9E86FE6EFD3CFD4EA1A26121C706335A6791CC6F81EE98AE2BE7EA566ECFEBB ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
00:06:43.0359 0x079c SDWSCService - ok
00:06:43.0406 0x079c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:06:43.0453 0x079c Secdrv - ok
00:06:43.0484 0x079c [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
00:06:43.0562 0x079c seclogon - ok
00:06:43.0609 0x079c [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
00:06:43.0718 0x079c SENS - ok
00:06:43.0765 0x079c [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
00:06:43.0968 0x079c serenum - ok
00:06:44.0015 0x079c [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
00:06:44.0156 0x079c Serial - ok
00:06:44.0234 0x079c [ 4C0D673281178CB496011A2E28571FC8, 14CFB50F3EA987C4485475B2E5EC85C137949911495245F29FE64723C909C9E8 ] sfdrv01         C:\WINDOWS\system32\drivers\sfdrv01.sys
00:06:44.0265 0x079c sfdrv01 - detected UnsignedFile.Multi.Generic ( 1 )
00:06:46.0875 0x079c Detect skipped due to KSN trusted
00:06:46.0875 0x079c sfdrv01 - ok
00:06:46.0875 0x079c [ 15BE2B5E4DC5B8623CF167720682ABC9, FAECDC0DCB6EACE8130B278E2FB84B9523AB10329A00B24043B9C76867B917F0 ] sfhlp02         C:\WINDOWS\system32\drivers\sfhlp02.sys
00:06:46.0890 0x079c sfhlp02 - detected UnsignedFile.Multi.Generic ( 1 )
00:06:49.0390 0x079c Detect skipped due to KSN trusted
00:06:49.0390 0x079c sfhlp02 - ok
00:06:49.0421 0x079c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
00:06:49.0625 0x079c Sfloppy - ok
00:06:49.0656 0x079c [ EFEBBC1D13FDB77A6AF4EDDFC7232EDF, 32888536C6E632DF78EC09A4CFB990B08ED75DB049DDF2612F548CC8FEB8D503 ] sfsync02        C:\WINDOWS\system32\drivers\sfsync02.sys
00:06:49.0671 0x079c sfsync02 - detected UnsignedFile.Multi.Generic ( 1 )
00:06:59.0671 0x079c sfsync02 ( UnsignedFile.Multi.Generic ) - warning
00:07:02.0203 0x079c [ 9EF50060CC7E6953BAB83F2A42CCC421, DBE1FE12A50E08399275595196D96BAD21E0202BB4C6B276A38A8DA49F2D21A8 ] sfvfs02         C:\WINDOWS\system32\drivers\sfvfs02.sys
00:07:02.0250 0x079c sfvfs02 - detected UnsignedFile.Multi.Generic ( 1 )
00:07:08.0656 0x079c Detect skipped due to KSN trusted
00:07:08.0656 0x079c sfvfs02 - ok
00:07:08.0968 0x079c [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
00:07:09.0375 0x079c SharedAccess - ok
00:07:09.0468 0x079c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:07:09.0500 0x079c ShellHWDetection - ok
00:07:09.0500 0x079c Simbad - ok
00:07:09.0531 0x079c [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:07:09.0625 0x079c SLIP - ok
00:07:17.0187 0x079c [ 11FEB56E945687BD356CADB4F62DA199, FC1CAB2925765C985FC9ADF9E4C26C12C27AB32CEA42DC2A7FA200437BA1DF98 ] SNP2STD         C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
00:07:31.0765 0x079c SNP2STD - ok
00:07:31.0890 0x079c [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
00:07:32.0031 0x079c SONYPVU1 - ok
00:07:32.0031 0x079c Sparrow - ok
00:07:32.0062 0x079c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
00:07:32.0171 0x079c splitter - ok
00:07:32.0234 0x079c [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
00:07:32.0296 0x079c Spooler - ok
00:07:32.0343 0x079c [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
00:07:32.0453 0x079c sr - ok
00:07:32.0578 0x079c [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
00:07:32.0765 0x079c srservice - ok
00:07:33.0078 0x079c [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
00:07:33.0437 0x079c Srv - ok
00:07:33.0515 0x079c [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
00:07:33.0578 0x079c SSDPSRV - ok
00:07:33.0875 0x079c [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
00:07:34.0296 0x079c stisvc - ok
00:07:34.0328 0x079c [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:07:34.0453 0x079c streamip - ok
00:07:34.0484 0x079c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
00:07:34.0640 0x079c swenum - ok
00:07:34.0671 0x079c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
00:07:34.0796 0x079c swmidi - ok
00:07:34.0796 0x079c SwPrv - ok
00:07:34.0796 0x079c symc810 - ok
00:07:34.0796 0x079c symc8xx - ok
00:07:34.0890 0x079c sym_hi - ok
00:07:34.0906 0x079c sym_u3 - ok
00:07:34.0953 0x079c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
00:07:35.0078 0x079c sysaudio - ok
00:07:35.0125 0x079c [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
00:07:35.0234 0x079c SysmonLog - ok
00:07:35.0390 0x079c [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
00:07:35.0578 0x079c TapiSrv - ok
00:07:35.0906 0x079c [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:07:36.0250 0x079c Tcpip - ok
00:07:36.0281 0x079c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
00:07:36.0484 0x079c TDPIPE - ok
00:07:36.0500 0x079c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
00:07:36.0593 0x079c TDTCP - ok
00:07:36.0640 0x079c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
00:07:36.0968 0x079c TermDD - ok
00:07:37.0140 0x079c [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
00:07:37.0437 0x079c TermService - ok
00:07:37.0531 0x079c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
00:07:37.0546 0x079c Themes - ok
00:07:37.0625 0x079c [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
00:07:37.0718 0x079c TlntSvr - ok
00:07:37.0718 0x079c TosIde - ok
00:07:37.0796 0x079c [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
00:07:38.0015 0x079c TrkWks - ok
00:07:38.0078 0x079c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
00:07:38.0187 0x079c Udfs - ok
00:07:38.0187 0x079c ultra - ok
00:07:38.0421 0x079c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
00:07:38.0953 0x079c Update - ok
00:07:39.0078 0x079c [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
00:07:39.0218 0x079c upnphost - ok
00:07:39.0250 0x079c [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
00:07:39.0343 0x079c UPS - ok
00:07:39.0406 0x079c [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:07:39.0453 0x079c usbccgp - ok
00:07:39.0500 0x079c [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:07:39.0515 0x079c usbehci - ok
00:07:39.0578 0x079c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:07:39.0687 0x079c usbhub - ok
00:07:39.0718 0x079c [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:07:39.0796 0x079c usbohci - ok
00:07:39.0906 0x079c [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:07:40.0046 0x079c usbprint - ok
00:07:40.0062 0x079c [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:07:40.0093 0x079c usbscan - ok
00:07:40.0125 0x079c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:07:40.0218 0x079c USBSTOR - ok
00:07:40.0250 0x079c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
00:07:40.0343 0x079c VgaSave - ok
00:07:40.0343 0x079c ViaIde - ok
00:07:40.0390 0x079c [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
00:07:40.0500 0x079c VolSnap - ok
00:07:40.0671 0x079c [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
00:07:40.0968 0x079c VSS - ok
00:07:41.0078 0x079c [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
00:07:41.0328 0x079c W32Time - ok
00:07:41.0359 0x079c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:07:41.0437 0x079c Wanarp - ok
00:07:41.0484 0x079c [ 4C0B8EF721783F52F8E531FBDC4B1F74, FA603ADA2FCA64E03D3642B335AD4454CEE3AE9FDEA21FCF9BA2D16DACBB1BDD ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
00:07:41.0562 0x079c wceusbsh - ok
00:07:41.0562 0x079c WDICA - ok
00:07:41.0640 0x079c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
00:07:41.0750 0x079c wdmaud - ok
00:07:41.0796 0x079c [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
00:07:42.0046 0x079c WebClient - ok
00:07:42.0250 0x079c [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
00:07:42.0406 0x079c winmgmt - ok
00:07:43.0468 0x079c [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:07:45.0218 0x079c wlidsvc - ok
00:07:45.0281 0x079c [ 5D410936831F7FB58EFF941EAC3F6D3D, 5A1E769F75562802CC0EAA44215501925EA4C260AD7A975CEE4AB8DCA2BB82C9 ] WmBEnum         C:\WINDOWS\system32\drivers\WmBEnum.sys
00:07:45.0296 0x079c WmBEnum - ok
00:07:45.0359 0x079c [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
00:07:45.0468 0x079c WmdmPmSN - ok
00:07:45.0515 0x079c [ 7A13CFDE92956CA61A0927D766C5AD4F, 96B337903B7E59A7D60FE4A27064A993EF244D3D736016FFC13465C8F44068F8 ] WmFilter        C:\WINDOWS\system32\drivers\WmFilter.sys
00:07:45.0546 0x079c WmFilter - ok
00:07:45.0609 0x079c [ 1F596392149CAC51F7C095AF7D533934, 7D8649D951E7719DE49B5E7BA4296A0736753A73FE30A45F96F370ADD81E6B2B ] WmHidLo         C:\WINDOWS\system32\drivers\WmHidLo.sys
00:07:45.0640 0x079c WmHidLo - ok
00:07:46.0109 0x079c [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
00:07:46.0734 0x079c Wmi - ok
00:07:46.0765 0x079c [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
00:07:47.0031 0x079c WmiAcpi - ok
00:07:47.0125 0x079c [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:07:47.0250 0x079c WmiApSrv - ok
00:07:47.0937 0x079c [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
00:07:49.0015 0x079c WMPNetworkSvc - ok
00:07:49.0046 0x079c [ 6F04646BC690F8BBFC344BE32A60796D, DE2B4BE88CE38D6297F58BE2C643A3838C0470E2E3AB6289755E39B5E59061D7 ] WmVirHid        C:\WINDOWS\system32\drivers\WmVirHid.sys
00:07:49.0093 0x079c WmVirHid - ok
00:07:49.0156 0x079c [ 1D6CA43D562333F4DFB40BCEF2453F3A, BEEC5587ACE8ABF1DB0B9B68E43B29082AA2F4A6415CEC8536086944D506A704 ] WmXlCore        C:\WINDOWS\system32\drivers\WmXlCore.sys
00:07:49.0187 0x079c WmXlCore - ok
00:07:49.0234 0x079c [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
00:07:49.0281 0x079c WpdUsb - ok
00:07:49.0796 0x079c [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:07:50.0562 0x079c WPFFontCache_v0400 - ok
00:07:50.0609 0x079c [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:07:50.0687 0x079c WS2IFSL - ok
00:07:50.0765 0x079c [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
00:07:51.0015 0x079c wscsvc - ok
00:07:51.0062 0x079c [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:07:51.0218 0x079c WSTCODEC - ok
00:07:51.0234 0x079c [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
00:07:51.0343 0x079c wuauserv - ok
00:07:51.0421 0x079c [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:07:51.0515 0x079c WudfPf - ok
00:07:51.0578 0x079c [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:07:51.0640 0x079c WudfRd - ok
00:07:51.0687 0x079c [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
00:07:51.0718 0x079c WudfSvc - ok
00:07:52.0125 0x079c [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
00:07:52.0656 0x079c WZCSVC - ok
00:07:52.0781 0x079c [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
00:07:53.0156 0x079c xmlprov - ok
00:07:53.0187 0x079c ================ Scan global ===============================
00:07:53.0250 0x079c [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
00:07:53.0468 0x079c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
00:07:53.0765 0x079c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
00:07:53.0953 0x079c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
00:07:53.0953 0x079c [ Global ] - ok
00:07:53.0953 0x079c ================ Scan MBR ==================================
00:07:53.0984 0x079c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
00:07:54.0500 0x079c \Device\Harddisk0\DR0 - ok
00:07:54.0531 0x079c [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk1\DR1
00:07:54.0734 0x079c \Device\Harddisk1\DR1 - ok
00:07:54.0750 0x079c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
00:07:54.0984 0x079c \Device\Harddisk2\DR2 - ok
00:07:54.0984 0x079c ================ Scan VBR ==================================
00:07:55.0000 0x079c [ 415D7CF8260F415155BEA8B3D6ACCECF ] \Device\Harddisk0\DR0\Partition1
00:07:55.0046 0x079c \Device\Harddisk0\DR0\Partition1 - ok
00:07:55.0046 0x079c [ 08F97BE32741514B11313743CD951276 ] \Device\Harddisk1\DR1\Partition1
00:07:55.0078 0x079c \Device\Harddisk1\DR1\Partition1 - ok
00:07:55.0078 0x079c [ 9D34C75B2A072A97F9F7C7AC029FEC29 ] \Device\Harddisk2\DR2\Partition1
00:07:55.0078 0x079c \Device\Harddisk2\DR2\Partition1 - ok
00:07:55.0078 0x079c ================ Scan generic autorun ======================
00:08:06.0671 0x079c [ 80233DB66B8B836365B9D0039EC4398F, 1DF2EBAB5770A20123576D37E5381A5BE99EE62496369501EC0EB1DC35F4B5B9 ] C:\WINDOWS\RTHDCPL.EXE
00:08:29.0062 0x079c RTHDCPL - ok
00:08:29.0171 0x079c [ 1A5024838562999647A7E1B6B62F91F4, 7E9FD5D6C3D807280339A4D7F53B69D9208DAFFA102467350E2BB95D288C5E3B ] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
00:08:29.0203 0x079c NUSB3MON - detected UnsignedFile.Multi.Generic ( 1 )
00:08:32.0093 0x079c Detect skipped due to KSN trusted
00:08:32.0093 0x079c NUSB3MON - ok
00:08:32.0140 0x079c [ 06D5A9AD6EE1A674939D3DA635B1DCAF, DC9E2D714046EF2B1440E8AE14A90AEA237C0CD9C2B5C229880EB7691FCFB739 ] C:\WINDOWS\KHALMNPR.EXE
00:08:32.0203 0x079c Logitech Hardware Abstraction Layer - ok
00:08:32.0265 0x079c [ DB4E2D9C09A5762CB2551222B5E443B2, 318AD09D1821E38B7D7ACC0A06965057B494A752C9E34FD1CA41247DC703F985 ] C:\WINDOWS\RaidTool\xInsIDE.exe
00:08:32.0281 0x079c JMB36X IDE Setup - detected UnsignedFile.Multi.Generic ( 1 )
00:08:37.0796 0x079c Detect skipped due to KSN trusted
00:08:37.0796 0x079c JMB36X IDE Setup - ok
00:08:38.0015 0x079c [ 2AD3D568D73CA713DB156AD0ED87FB0E, AA1F1150EB9F7182F86879D812AD8FCB8422C4DB40F8E11B7139DA1E04CC37F7 ] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
00:08:38.0234 0x079c HPDJ Taskbar Utility - ok
00:08:38.0265 0x079c [ D15D7DCB64E24F4D96CF7DD7C9DCDC14, 3CC2391B437CE5D5D03D769E1AADB97CBABF829BDD132CB7C4B3B8B14B17299D ] C:\WINDOWS\system32\CTXFIHLP.EXE
00:08:38.0281 0x079c CTxfiHlp - detected UnsignedFile.Multi.Generic ( 1 )
00:08:47.0140 0x079c Detect skipped due to KSN trusted
00:08:47.0140 0x079c CTxfiHlp - ok
00:08:47.0546 0x079c [ 12FD7C1EADDDA10A67B1D6F905B3CC1E, 54FA875C5C3D7AD2D5AE966C72C63558D152455AB78816F31345443F0B13D89F ] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
00:08:48.0078 0x079c ContentTransferWMDetector.exe - ok
00:08:48.0734 0x079c [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
00:08:49.0890 0x079c Adobe ARM - ok
00:08:51.0093 0x079c [ 00949C5379AA037C86CB8B583EE98835, F69119B5C0064162DF39D11E47DB598D29C39F400B5D3E1E5570EBE2ECFE0848 ] C:\WINDOWS\system32\xRaidSetup.exe
00:08:53.0343 0x079c 36X Raid Configurer - detected UnsignedFile.Multi.Generic ( 1 )
00:08:55.0953 0x079c Detect skipped due to KSN trusted
00:08:55.0953 0x079c 36X Raid Configurer - ok
00:08:55.0984 0x079c [ C50D35A53B4AAF0B6D2170078CEF0003, 669A8CEAB65B419BF374C99C7585D87C263404100B348684C7CF8A8F208C0C6C ] C:\Program Files\Gigabyte\ET5\ETcall.exe
00:08:56.0000 0x079c EasyTuneV - detected UnsignedFile.Multi.Generic ( 1 )
00:08:58.0750 0x079c Detect skipped due to KSN trusted
00:08:58.0750 0x079c EasyTuneV - ok
00:08:59.0031 0x079c [ 2CA13F4DA2ACC186BBD4C9E987797BC5, FD1615EB3F037E1FAF9D46FCDCE11A8140FDC4D4D7766728DC2BA8976641E41F ] C:\WINDOWS\tsnp2std.exe
00:08:59.0156 0x079c tsnp2std - detected UnsignedFile.Multi.Generic ( 1 )
00:09:01.0765 0x079c Detect skipped due to KSN trusted
00:09:01.0765 0x079c tsnp2std - ok
00:09:02.0921 0x079c [ ED617CEBED57C320945E727501078F9E, 8E641EAE2A05FE0423B45D751CE97051D6CEF8B390678280036E7B026AFC3E8B ] C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
00:09:04.0656 0x079c ADSK DLMSession - ok
00:09:04.0671 0x079c NvMediaCenter - ok
00:09:05.0390 0x079c [ 6B08632F7634F344372B25A507DA7C47, C955BFB0F4601A4D1077119B204785FE4CB975E961D2AEE9C2BFA6EDC27E3CE2 ] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
00:09:06.0484 0x079c Nvtmru - ok
00:09:07.0203 0x079c [ 9C402036893E6573C6D593F33E115B95, FEF45B18A00AAEE3E4AAABB62BF1B773B074C614FE5FA02B4B511A1C392A5F7B ] c:\Program Files\Microsoft Security Client\msseces.exe
00:09:08.0296 0x079c MSC - ok
00:09:08.0375 0x079c [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
00:09:08.0390 0x079c APSDaemon - ok
00:09:11.0968 0x079c [ AF49D1C79EA49A7833017F290EE63B82, FFE98E8F6AE3BFAB324B3A7C6C6C00545C597A6861CBDD82ACE97591C6A1D287 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
00:09:15.0281 0x079c SDTray - ok
00:09:15.0296 0x079c NvCplDaemon - ok
00:09:15.0562 0x079c [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files\QuickTime\qttask.exe
00:09:16.0015 0x079c QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
00:09:26.0015 0x079c QuickTime Task ( UnsignedFile.Multi.Generic ) - warning
00:09:28.0750 0x079c [ 95A7E88A5F4EF79C605413F00A945CD3, 28B704FF81506F512240E589D4C860B0A6168911A6893E3754056C2F03106118 ] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
00:09:29.0187 0x079c BCU - ok
00:09:29.0390 0x079c [ 32A49C8F69802B36CAE00AB23748B9D4, 5B43D6A3162624E067E0676EBCE4AB4B8833ADFB60D3BFBD4D3EE0BE4406F0A9 ] C:\WINDOWS\vsnp2std.exe
00:09:29.0718 0x079c snp2std - ok
00:09:29.0734 0x079c [ 1C1DB86A882AB2532EEC09507190E019, 16204FF683C992BEE4776C2716476BA61C432D674966BED3B350B099AF8A2975 ] C:\WINDOWS\FixCamera.exe
00:09:29.0734 0x079c FixCamera - detected UnsignedFile.Multi.Generic ( 1 )
00:09:32.0343 0x079c Detect skipped due to KSN trusted
00:09:32.0343 0x079c FixCamera - ok
00:09:32.0390 0x079c [ 6F283AC7232A327B3508D4E11E0D76D4, 56A4DF2F02C5F56D3260CA5E5726C484D0A5FFFCE21F1D7CB76A4C2AA25D0D15 ] C:\WINDOWS\system32\CTHELPER.EXE
00:09:32.0437 0x079c CTHelper - detected UnsignedFile.Multi.Generic ( 1 )
00:09:35.0078 0x079c Detect skipped due to KSN trusted
00:09:35.0078 0x079c CTHelper - ok
00:09:36.0000 0x079c [ 5515EB5E3A8B073F66CFC697EB0D4B55, 308B2996AC15268D4D2B5AECD91E6B5BBEBB9A659AC0188C781B8E3E414923CD ] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
00:09:37.0359 0x079c H/PC Connection Agent - ok
00:09:37.0406 0x079c [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
00:09:37.0578 0x079c ctfmon.exe - ok
00:09:37.0578 0x079c Waiting for KSN requests completion. In queue: 2
00:09:38.0578 0x079c Waiting for KSN requests completion. In queue: 2
00:09:39.0578 0x079c Waiting for KSN requests completion. In queue: 2
00:09:40.0609 0x079c AV detected via SS1: Microsoft Security Essentials, 4.3.0215.0, disabled, updated
00:09:40.0609 0x079c AV detected via SS1: Microsoft Security Essentials, 2.1.6805.0, disabled, updated
00:09:40.0609 0x079c Win FW state via NFM: enabled
00:09:43.0187 0x079c ============================================================
00:09:43.0187 0x079c Scan finished
00:09:43.0187 0x079c ============================================================
00:09:43.0187 0x091c Detected object count: 5
00:09:43.0187 0x091c Actual detected object count: 5
00:10:29.0687 0x091c DcomLaunch ( UnsignedFile.Multi.Generic ) - skipped by user
00:10:29.0687 0x091c DcomLaunch ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:10:29.0687 0x091c RpcSs ( UnsignedFile.Multi.Generic ) - skipped by user
00:10:29.0687 0x091c RpcSs ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:10:29.0687 0x091c RTLVLAN ( UnsignedFile.Multi.Generic ) - skipped by user
00:10:29.0687 0x091c RTLVLAN ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:10:29.0687 0x091c sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
00:10:29.0687 0x091c sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:10:29.0687 0x091c QuickTime Task ( UnsignedFile.Multi.Generic ) - skipped by user
00:10:29.0687 0x091c QuickTime Task ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:12:01.0640 0x0aa8 Deinitialize success

Body Background

skin color theme

XP, something is running slowing computer to a crawl

#31 oldman960

Advertisements

Register to Remove

#32 gcdi

#33 gcdi

#34 oldman960

#35 gcdi

#36 oldman960

#37 gcdi

#38 oldman960

#39 gcdi

#40 oldman960

Advertisements

Register to Remove

#41 gcdi

#42 oldman960

#43 gcdi

#44 oldman960

#45 gcdi

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

XP, something is running slowing computer to a crawl

#31 oldman960

Advertisements Register to Remove

#32 gcdi

#33 gcdi

#34 oldman960

#35 gcdi

#36 oldman960

#37 gcdi

#38 oldman960

#39 gcdi

#40 oldman960

Advertisements Register to Remove

#41 gcdi

#42 oldman960

#43 gcdi

#44 oldman960

#45 gcdi

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove