Jump to content

Still get random shutdown from SERVICES.EXE failure


Recommended Posts

Hi MWB gurus,

 

For weeks now I'll get random system shutdowns initiated by NT AUTHORITY\System saying:

 

"The system process 'C:\\WINDOWS\system32\services.exe' terminated unexpectedly with status code -1073740972. The system will now shut down and restart."

 

I will then get a 60 second countdown timer to allow me to save work (not sure status code is always that same number). System runs incredibly slow all the time too.

 

I ran the MalwareBytes scan and it found and removed hundreds of suspicious items.... a toolbar and associated spyware.  I rescanned and it said 0 suspicious items.  But then I soon got that same shutdown.

 

Anyone have a guess?

 

DDS.txt says:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.4.1
Run by user at 16:08:20 on 2014-03-20
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.194 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\hppapml0.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\loggingserver.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.0.5\ScriptHelper.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer provided by Yahoo!
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.0.0.248\AVG SafeGuard toolbar_toolbar.dll
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ROC_ROC_JAN2013_AV] c:\documents and settings\user\application data\avg january 2013 campaign\ROC_JAN2013_AV.exe /PROMPT --mid 86cb459297d247d18c40d15805e375ba-aa8008553c474ad6169e87e268c070c39fb5946a
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; yie8)" -"http://www.miniclip.com/games/golf-ace-hawaii/en/"
mRun: [HP SchedIndexer] c:\program files\hewlett-packard\laserjet 33xx\hppschedindexer.exe
mRun: [HP AutoIndexer] c:\program files\hewlett-packard\laserjet 33xx\hppautoindexer.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hplase~1.lnk - c:\program files\hewlett-packard\laserjet 33xx\hppdirector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2iexp.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{67E47798-F770-4084-92BC-646B753C3681} : DHCPNameServer = 192.168.1.78 192.168.1.254
TCP: Interfaces\{C56CEB1E-AB0C-4E23-BD2A-DB6726A8C3A7} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.0.5\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-25 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-3-31 42272]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-1-22 3788816]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2013-1-27 1053184]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2013-1-27 68464]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\17.3.0\ToolbarUpdater.exe [2014-2-8 1772056]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\common files\avg secure search\vtoolbarupdater\18.0.5\ToolbarUpdater.exe [2014-3-20 1771032]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-15 235696]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-03-20 20:07:26 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45:42 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54:21 385024 ----a-w- c:\windows\system32\html.iec
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-20 01:46:54 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 16:10:15.21 ===============
 
 
ATTACH.txt says:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/9/2008 7:45:21 PM
System Uptime: 3/20/2014 4:04:12 PM (0 hours ago)
.
Motherboard: Dell Inc.           |  | 0G7346
Processor:               Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2791/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 11.261 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1304: 12/27/2013 11:31:01 AM - Software Distribution Service 3.0
RP1305: 12/28/2013 12:14:47 PM - Software Distribution Service 3.0
RP1306: 12/29/2013 3:00:16 AM - Software Distribution Service 3.0
RP1307: 12/30/2013 3:00:17 AM - Software Distribution Service 3.0
RP1308: 2/8/2014 2:43:51 PM - Software Distribution Service 3.0
RP1309: 2/9/2014 3:01:06 AM - Software Distribution Service 3.0
RP1310: 2/15/2014 3:51:34 PM - Software Distribution Service 3.0
RP1311: 2/15/2014 11:24:07 PM - Software Distribution Service 3.0
RP1312: 2/16/2014 8:36:46 PM - Software Distribution Service 3.0
RP1313: 2/26/2014 2:41:05 PM - Restore Operation
RP1314: 2/26/2014 2:44:34 PM - Restore Operation
RP1315: 2/26/2014 2:47:46 PM - Restore Operation
RP1316: 2/26/2014 2:51:56 PM - Restore Operation
RP1317: 2/26/2014 2:54:59 PM - Restore Operation
RP1318: 2/26/2014 6:42:51 PM - Software Distribution Service 3.0
RP1319: 2/27/2014 2:20:55 PM - Software Distribution Service 3.0
RP1320: 2/27/2014 4:26:03 PM - Software Distribution Service 3.0
RP1321: 2/28/2014 3:00:16 AM - Software Distribution Service 3.0
RP1322: 2/28/2014 3:57:08 PM - Software Distribution Service 3.0
RP1323: 2/28/2014 4:38:49 PM - Software Distribution Service 3.0
RP1324: 3/7/2014 4:29:06 PM - Software Distribution Service 3.0
RP1325: 3/7/2014 4:45:04 PM - Software Distribution Service 3.0
RP1326: 3/7/2014 4:54:15 PM - Software Distribution Service 3.0
RP1327: 3/8/2014 3:00:20 AM - Software Distribution Service 3.0
RP1328: 3/9/2014 4:19:49 AM - System Checkpoint
RP1329: 3/10/2014 4:56:32 AM - System Checkpoint
RP1330: 3/11/2014 5:43:32 AM - System Checkpoint
RP1331: 3/12/2014 6:30:55 PM - System Checkpoint
RP1332: 3/12/2014 7:18:36 PM - Software Distribution Service 3.0
RP1333: 3/17/2014 8:21:33 PM - Software Distribution Service 3.0
RP1334: 3/17/2014 9:13:18 PM - Installed AVG 2014
RP1335: 3/17/2014 9:14:17 PM - Removed AVG 2013
RP1336: 3/17/2014 9:15:00 PM - Installed AVG 2014
RP1337: 3/17/2014 9:20:49 PM - Removed AVG 2013
RP1338: 3/18/2014 10:43:04 AM - Software Distribution Service 3.0
RP1339: 3/19/2014 2:40:51 PM - Software Distribution Service 3.0
RP1340: 3/20/2014 2:34:00 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
AVG 2012
AVG 2014
AVG PC Tuneup 2011
AVG SafeGuard toolbar
Bonjour
Broadcom Gigabit Integrated Controller
Dell Driver Download Manager
Easy CD Creator 5 Basic
GEAR ISO Burn
Glary Utilities 2.27.0.982
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
hp LaserJet 3300 Uninstaller
Infinite Crosswords Version 1.10a
Intel® Graphics Media Accelerator Driver
iolo technologies' System Mechanic
iTunes
Java Auto Updater
Java 6 Update 26
Java 7 Update 4
JavaFX 2.1.0
Logitech Harmony Remote Software 7
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders  (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OpenOffice.org 3.0
PowerDVD
QuickTime
Remote Control USB Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Skype Toolbars
Skype™ 6.11
Smilebox
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Stock Ticker Application Bar 2.17
Symantec Technical Support Web Controls
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmiiper
TurboTax 2008 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Visual Studio 2012 x86 Redistributables
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
3/20/2014 2:35:41 PM, error: NtServicePack [4373]  - Windows XP KB2859537 installation failed.
An internal error occurred.
3/20/2014 2:35:21 PM, error: NtServicePack [4373]  - Windows XP KB2676562 installation failed.
An internal error occurred.
3/19/2014 3:11:26 PM, error: NtServicePack [4373]  - Windows XP KB2859537 installation failed.
An internal error occurred.
3/19/2014 2:44:34 PM, error: NtServicePack [4373]  - Windows XP KB2676562 installation failed.
An internal error occurred.
3/18/2014 10:43:42 AM, error: NtServicePack [4373]  - Windows XP KB2859537 installation failed.
An internal error occurred.
3/18/2014 10:43:36 AM, error: NtServicePack [4373]  - Windows XP KB2676562 installation failed.
An internal error occurred.
3/17/2014 9:17:40 PM, error: Service Control Manager [7024]  - The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).
3/17/2014 8:46:10 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB2859537).
3/17/2014 8:46:10 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB2676562).
3/17/2014 8:30:26 PM, error: NtServicePack [4373]  - Windows XP KB2859537 installation failed.
An internal error occurred.
3/17/2014 8:24:25 PM, error: NtServicePack [4373]  - Windows XP KB2676562 installation failed.
An internal error occurred.
3/13/2014 1:23:22 PM, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
3/13/2014 1:22:14 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
3/13/2014 1:22:14 PM, error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/13/2014 1:22:13 PM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/13/2014 1:22:09 PM, error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
.
==== End Of File ===========================
 
 
 

 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

Link to post
Share on other sites

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

Yes, It found a suspicious file named 'volsnap.sys in my Drivers folder...

 

aswMBR.txt file says:

 

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-21 10:02:56
-----------------------------
10:02:56.812    OS Version: Windows 5.1.2600 Service Pack 3
10:02:56.812    Number of processors: 1 586 0x401
10:02:59.265    ComputerName: USER-CFQ09NBI8D  UserName: user
10:03:26.187    Initialize success
10:35:05.078    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:35:05.078    Disk 0 Vendor: ST340014AS 8.12 Size: 38146MB BusType: 3
10:35:05.281    Disk 0 MBR read successfully
10:35:05.281    Disk 0 MBR scan
10:35:05.281    Disk 0 Windows XP default MBR code
10:35:05.281    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        38138 MB offset 63
10:35:05.281    Disk 0 scanning sectors +78108030
10:35:05.421    Disk 0 scanning C:\WINDOWS\system32\drivers
10:35:20.953    File: C:\WINDOWS\system32\drivers\volsnap.sys  **SUSPICIOUS**
10:35:21.281    Scan finished successfully
10:35:52.375    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
10:35:52.375    The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"
Link to post
Share on other sites

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Thanks again Marius, ComboFix log:

 

 

ComboFix 14-03-19.01 - user 03/21/2014  13:30:34.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.539 [GMT -4:00]
Running from: c:\documents and settings\user\My Documents\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\17030948
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\1ea7a4d94bee8e71.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\25e610f9e8f224ea.fb
c:\windows\system32\Cache\2a5d82d022aa537a.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\4e680dfba06634f6.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\688b9e6d3dee4f8f.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\c4e10d1be905349b.fb
c:\windows\system32\Cache\c615a7ab099617e1.fb
c:\windows\system32\Cache\d3b503700b0cbd56.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\e0cd2a8771fa2fb1.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-21 to 2014-03-21  )))))))))))))))))))))))))))))))
.
.
2014-03-18 14:44 . 2014-02-26 01:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-18 14:44 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-03-18 14:41 . 2014-03-18 14:41 -------- d-----w- c:\documents and settings\user\Application Data\AVG2014
2014-03-18 01:14 . 2014-03-18 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2014
2014-03-18 00:58 . 2014-03-18 16:03 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Avg2014
2014-03-18 00:31 . 2014-03-18 00:31 -------- d-----w- c:\program files\McAfee Security Scan
2014-03-08 23:08 . 2014-03-08 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2014-03-07 21:48 . 2014-03-07 21:48 -------- d-----w- c:\program files\Common Files\Skype
2014-02-26 21:22 . 2014-02-26 21:22 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\WMTools Downloaded Files
2014-02-26 19:53 . 2014-02-26 19:53 -------- d-----w- c:\program files\GUM2.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-20 20:07 . 2013-04-01 01:28 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-24 11:46 . 2003-07-16 16:45 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2003-07-16 16:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2003-07-16 16:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2003-07-16 16:20 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2008-12-09 22:34 385024 ----a-w- c:\windows\system32\html.iec
2014-02-07 02:01 . 2003-07-16 16:45 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2003-07-16 16:36 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-20 01:46 . 2011-12-23 17:32 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-01-04 03:13 . 2003-07-16 16:43 420864 ----a-w- c:\windows\system32\vbscript.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-03-20 20:07 3486232 ----a-w- c:\program files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll" [2014-03-20 3486232]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ROC_ROC_JAN2013_AV"="c:\documents and settings\user\Application Data\AVG January 2013 Campaign\ROC_JAN2013_AV.exe" [2013-01-17 1234000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP SchedIndexer"="c:\program files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe" [2002-01-03 94208]
"HP AutoIndexer"="c:\program files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe" [2002-01-03 90112]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-01-22 4962320]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2014-03-20 2544664]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP LaserJet Director.lnk - c:\program files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe [2009-4-2 204800]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 277920]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [11/25/2013 9:49 PM 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [3/31/2013 9:28 PM 42272]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/24/2013 1:33 AM 348008]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/27/2013 12:38 PM 1053184]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [1/27/2013 12:38 PM 68464]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2/8/2014 5:25 PM 1772056]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [3/20/2014 4:08 PM 1771032]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [1/22/2014 12:19 PM 3788816]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 9:15 AM 172192]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [1/15/2014 8:39 PM 235696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 02:46]
.
2014-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2014-03-21 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-09-07 15:21]
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1801674531-839522115-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-02 23:24]
.
2014-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1801674531-839522115-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-02 23:24]
.
2014-03-21 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
2014-03-19 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
2014-03-21 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
2013-01-27 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\documents and settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe [2013-01-27 21:16]
.
2014-03-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-04-09 21:43]
.
2014-03-21 c:\windows\Tasks\User_Feed_Synchronization-{22C36C8E-C947-46D7-8BD5-E0AF3555115F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-21 13:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-03-21  13:46:30
ComboFix-quarantined-files.txt  2014-03-21 17:46
.
Pre-Run: 12,052,021,248 bytes free
Post-Run: 12,467,277,824 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 119B89365E851556800B87754E2CD25B
8F558EB6672622401DA993E1E865C861
Link to post
Share on other sites

Scan file(s) via VirusTotal

Please check the file in the code box via Virustotal

  • Click browse
  • copy the following into the search box
    C:\WINDOWS\system32\drivers\volsnap.sys
  • and click open.
  • click Send File.

please be patinet until the file is uploade completely. If you get the message

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
click on Reanalyse. Wait until Current status: Finished appears. Now, copy the link from within your browser´s adress bar and poste it here.
Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

I had trouble completing a full scan.  Two times I tried to run a full scan and both times the SERVICES.EXE forced reboot stopped my full scans after about 90 minutes of scanning.  I booted to SAFE MODE and was able to complete a full scan in about 30 minutes.  This full scan in SAFE MODE said there were 0 suspicious files though.  I saved the log file to my desktop but now I can't find it on either my desktop or the MalwareBytes log folder.  Does SAFE mode use a separate disk partition somewhere?  I booted back into full Windows mode but again was not able to complete a full scan before a forced reboot from the SERVICES.EXE failure.

 

 

 

I did successfully complete the ESET scan with the options you listed.  ESET log is as follows:

 

 

C:\Documents and Settings\user\Local Settings\Application Data\AskToolbar\setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Documents and Settings\user\My Documents\Downloads\cbsidlm-tr1_13-Logitech_Harmony_Remote_Software-SEO-10964391.exe Win32/DownloadAdmin.G potentially unwanted application
Operating memory a variant of Win32/Olmasco.O trojan
Link to post
Share on other sites

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

Link to post
Share on other sites

Done.  It found one 'high risk' item.  Log file:

 

 

 

11:22:12.0875 0x0a64  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
11:22:26.0281 0x0a64  ============================================================
11:22:26.0281 0x0a64  Current date / time: 2014/03/24 11:22:26.0281
11:22:26.0281 0x0a64  SystemInfo:
11:22:26.0281 0x0a64  
11:22:26.0281 0x0a64  OS Version: 5.1.2600 ServicePack: 3.0
11:22:26.0281 0x0a64  Product type: Workstation
11:22:26.0281 0x0a64  ComputerName: USER-CFQ09NBI8D
11:22:26.0281 0x0a64  UserName: user
11:22:26.0281 0x0a64  Windows directory: C:\WINDOWS
11:22:26.0281 0x0a64  System windows directory: C:\WINDOWS
11:22:26.0281 0x0a64  Processor architecture: Intel x86
11:22:26.0281 0x0a64  Number of processors: 1
11:22:26.0281 0x0a64  Page size: 0x1000
11:22:26.0281 0x0a64  Boot type: Normal boot
11:22:26.0281 0x0a64  ============================================================
11:22:35.0546 0x0a64  KLMD registered as C:\WINDOWS\system32\drivers\35230330.sys
11:22:41.0890 0x0a64  System UUID: {110807B1-1FA9-7C9F-3E30-3C7E43A15954}
11:22:57.0765 0x0a64  Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:22:57.0859 0x0a64  ============================================================
11:22:57.0859 0x0a64  \Device\Harddisk0\DR0:
11:22:57.0859 0x0a64  MBR partitions:
11:22:57.0859 0x0a64  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
11:22:57.0859 0x0a64  ============================================================
11:22:58.0093 0x0a64  C: <-> \Device\Harddisk0\DR0\Partition1
11:22:58.0093 0x0a64  ============================================================
11:22:58.0093 0x0a64  Initialize success
11:22:58.0093 0x0a64  ============================================================
11:23:05.0734 0x0ff4  ============================================================
11:23:05.0734 0x0ff4  Scan started
11:23:05.0734 0x0ff4  Mode: Manual; 
11:23:05.0734 0x0ff4  ============================================================
11:23:05.0734 0x0ff4  KSN ping started
11:23:09.0156 0x0ff4  KSN ping finished: true
11:23:11.0359 0x0ff4  ================ Scan system memory ========================
11:23:11.0359 0x0ff4  System memory - ok
11:23:11.0359 0x0ff4  ================ Scan services =============================
11:23:12.0625 0x0ff4  Abiosdsk - ok
11:23:12.0625 0x0ff4  abp480n5 - ok
11:23:12.0718 0x0ff4  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:23:12.0718 0x0ff4  ACPI - ok
11:23:13.0187 0x0ff4  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:23:13.0968 0x0ff4  ACPIEC - ok
11:23:14.0125 0x0ff4  [ 9915504F602D277EE47FD843A677FD15, 308B8FC957AB70FC982ED1B780A3D106B3E372397468795B2A7E7DF30FBB5760 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:23:14.0156 0x0ff4  AdobeFlashPlayerUpdateSvc - ok
11:23:14.0156 0x0ff4  adpu160m - ok
11:23:14.0203 0x0ff4  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:23:14.0203 0x0ff4  aec - ok
11:23:14.0265 0x0ff4  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:23:14.0375 0x0ff4  AFD - ok
11:23:14.0375 0x0ff4  Aha154x - ok
11:23:14.0390 0x0ff4  aic78u2 - ok
11:23:14.0406 0x0ff4  aic78xx - ok
11:23:14.0453 0x0ff4  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:23:14.0484 0x0ff4  Alerter - ok
11:23:14.0515 0x0ff4  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
11:23:14.0531 0x0ff4  ALG - ok
11:23:14.0531 0x0ff4  AliIde - ok
11:23:14.0531 0x0ff4  amsint - ok
11:23:14.0890 0x0ff4  [ 3DEBBECF665DCDDE3A95D9B902010817, F56F4A7A36FAF5FC2306E108A24E75E13EE1F2D1002D9CB71E3327A55F8694CE ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:23:14.0890 0x0ff4  Apple Mobile Device - ok
11:23:15.0000 0x0ff4  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:23:15.0125 0x0ff4  AppMgmt - ok
11:23:15.0140 0x0ff4  asc - ok
11:23:15.0140 0x0ff4  asc3350p - ok
11:23:15.0156 0x0ff4  asc3550 - ok
11:23:15.0281 0x0ff4  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:23:15.0296 0x0ff4  aspnet_state - ok
11:23:15.0343 0x0ff4  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:23:15.0359 0x0ff4  AsyncMac - ok
11:23:15.0390 0x0ff4  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:23:15.0390 0x0ff4  atapi - ok
11:23:15.0390 0x0ff4  Atdisk - ok
11:23:15.0437 0x0ff4  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:23:15.0437 0x0ff4  Atmarpc - ok
11:23:15.0500 0x0ff4  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:23:15.0500 0x0ff4  AudioSrv - ok
11:23:15.0562 0x0ff4  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:23:15.0578 0x0ff4  audstub - ok
11:23:15.0656 0x0ff4  [ B4A79941AB02993E43A6C2248CE932FD, 250A4F35CC366FA65A918C9EDDA1E278CA20AC77412EDAD716A2BB1BF07DB7B8 ] Avgdiskx        C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
11:23:15.0671 0x0ff4  Avgdiskx - ok
11:23:16.0250 0x0ff4  [ 45982902C522F1883A2B403844CA9B07, 32BE4F3BC1B6E23469EB8E39057747E16F73168AFA9775D8785F18110BDBC1C7 ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
11:23:17.0484 0x0ff4  AVGIDSAgent - ok
11:23:17.0609 0x0ff4  [ 92CA68E3361576420C43FC33C47DECF7, 33C566F5327737CA1EFBFC5369372AED088A103CE18CDD352D10DDF2841A40A2 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
11:23:17.0812 0x0ff4  AVGIDSDriver - ok
11:23:17.0921 0x0ff4  [ 4D792ED58F49235704E580C34391CFF5, 368B882052B75B6FE147A3EC0873A50FC6A9E96E8298EAA50186FD259FEE5E34 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
11:23:18.0062 0x0ff4  AVGIDSHX - ok
11:23:18.0140 0x0ff4  [ 18B3FFED808F032E037ED7F54A838053, 488FBA275B7B0B97E4372EA1BDFBB53238B0BF201DF004CC8FCDA82A0A0105DD ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
11:23:18.0265 0x0ff4  AVGIDSShim - ok
11:23:18.0343 0x0ff4  [ 578ECC3D911897B2C5B760EDAF8ED6CA, 99CAACB349C8629D4BE6070BDBFB0BDB4A13ABFFF738F04D723D2AFE7EA58894 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:23:18.0390 0x0ff4  Avgldx86 - ok
11:23:18.0453 0x0ff4  [ BD1A440B9F126AFE52978A44952B0018, 83577249AACC3F0C655C27A471739113B2086BFC1FF15D0ED7E64B0215B739DB ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
11:23:18.0671 0x0ff4  Avglogx - ok
11:23:19.0875 0x0ff4  [ 7DC192EC714342E7C020C7CF42E394D8, 09F4CFFD93067E62B09C550A7A0588E90CAD190E49E1B7082FC5A949AF389781 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:23:19.0984 0x0ff4  Avgmfx86 - ok
11:23:20.0000 0x0ff4  [ E6322DF686CE1C59D7797FAEF0732454, 03534F19568B421F9BE9C99A7A5302D38FCABA26E95C49A492DA49E58A918B55 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:23:20.0015 0x0ff4  Avgrkx86 - ok
11:23:20.0078 0x0ff4  [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:23:20.0093 0x0ff4  Avgtdix - ok
11:23:20.0140 0x0ff4  [ 06AEB065AC25A2CFF80E1DF0303EC55B, EE913D669741B3F844AFEEFCF232D2D2C94081BCB39F79D81D7A7133DBC57252 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
11:23:20.0156 0x0ff4  avgtp - ok
11:23:20.0250 0x0ff4  [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
11:23:20.0453 0x0ff4  avgwd - ok
11:23:20.0515 0x0ff4  [ 2ACF06176B9D011567D7F25B83DDD066, E34D8A2DF542ADC3FD4E5D582C3D1EFED868900CD31458012AD28AAD5BB86D40 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:23:20.0531 0x0ff4  b57w2k - ok
11:23:20.0578 0x0ff4  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:23:20.0984 0x0ff4  Beep - ok
11:23:21.0046 0x0ff4  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:23:21.0093 0x0ff4  BITS - ok
11:23:21.0234 0x0ff4  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:23:21.0328 0x0ff4  Bonjour Service - ok
11:23:21.0390 0x0ff4  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
11:23:21.0390 0x0ff4  Browser - ok
11:23:21.0625 0x0ff4  catchme - ok
11:23:21.0687 0x0ff4  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:23:22.0500 0x0ff4  cbidf2k - ok
11:23:22.0593 0x0ff4  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:23:22.0609 0x0ff4  CCDECODE - ok
11:23:22.0609 0x0ff4  cd20xrnt - ok
11:23:22.0687 0x0ff4  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:23:23.0421 0x0ff4  Cdaudio - ok
11:23:23.0500 0x0ff4  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:23:23.0515 0x0ff4  Cdfs - ok
11:23:23.0578 0x0ff4  [ 297ACC7D7C66EC86EE0B4EB5AF9A8FD3, 4752F8786494D45CADC5A2618FF50D4D7F87F2823F94C12ED6D34D4F56D47B88 ] Cdr4_xp         C:\WINDOWS\system32\drivers\Cdr4_xp.sys
11:23:24.0156 0x0ff4  Cdr4_xp - ok
11:23:24.0250 0x0ff4  [ 5E31ABF467A6FD857710C0927C88EE4C, 774B0AFD7584BC7FFC4BB6C15510CD968A60DB945468CE30A03F8643471977A0 ] Cdralw2k        C:\WINDOWS\system32\drivers\Cdralw2k.sys
11:23:24.0984 0x0ff4  Cdralw2k - ok
11:23:25.0031 0x0ff4  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:23:25.0031 0x0ff4  Cdrom - ok
11:23:25.0187 0x0ff4  [ CFD81F2140193FC7F1812E6D6EAF6795, 0A356DF83744D68F1DE981E6AC756246EE3FD44E18CF3D43C57CEE301B78047B ] cdudf_xp        C:\WINDOWS\system32\drivers\cdudf_xp.sys
11:23:25.0281 0x0ff4  cdudf_xp - ok
11:23:25.0296 0x0ff4  Changer - ok
11:23:25.0375 0x0ff4  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:23:25.0390 0x0ff4  CiSvc - ok
11:23:25.0421 0x0ff4  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:23:25.0437 0x0ff4  ClipSrv - ok
11:23:25.0484 0x0ff4  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:23:25.0578 0x0ff4  clr_optimization_v2.0.50727_32 - ok
11:23:25.0578 0x0ff4  CmdIde - ok
11:23:25.0593 0x0ff4  COMSysApp - ok
11:23:25.0609 0x0ff4  Cpqarray - ok
11:23:25.0734 0x0ff4  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:23:25.0750 0x0ff4  CryptSvc - ok
11:23:25.0765 0x0ff4  dac2w2k - ok
11:23:25.0765 0x0ff4  dac960nt - ok
11:23:25.0906 0x0ff4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:23:26.0093 0x0ff4  DcomLaunch - ok
11:23:26.0187 0x0ff4  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:23:26.0359 0x0ff4  Dhcp - ok
11:23:26.0531 0x0ff4  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:23:26.0546 0x0ff4  Disk - ok
11:23:26.0562 0x0ff4  dmadmin - ok
11:23:26.0703 0x0ff4  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:23:26.0906 0x0ff4  dmboot - ok
11:23:26.0953 0x0ff4  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:23:26.0968 0x0ff4  dmio - ok
11:23:27.0000 0x0ff4  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:23:27.0000 0x0ff4  dmload - ok
11:23:27.0046 0x0ff4  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:23:27.0062 0x0ff4  dmserver - ok
11:23:27.0109 0x0ff4  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:23:27.0125 0x0ff4  DMusic - ok
11:23:27.0218 0x0ff4  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:23:27.0218 0x0ff4  Dnscache - ok
11:23:27.0328 0x0ff4  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:23:27.0343 0x0ff4  Dot3svc - ok
11:23:27.0468 0x0ff4  [ 3E4B043F8BC6BE1D4820CC6C9C500306, 41F5AB9F3D65FEF3AB50562A3B91A3268B887CCF7FE5FC9D49478147700C72F4 ] Dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
11:23:27.0578 0x0ff4  Dot4 - ok
11:23:27.0656 0x0ff4  [ 77CE63A8A34AE23D9FE4C7896D1DEBE7, FC17B00AEDC57AC436EACD2D576642098479E5CE10A42775D339B66A53460DC7 ] Dot4Print       C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
11:23:27.0671 0x0ff4  Dot4Print - ok
11:23:27.0671 0x0ff4  dpti2o - ok
11:23:27.0859 0x0ff4  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:23:27.0875 0x0ff4  drmkaud - ok
11:23:27.0953 0x0ff4  [ 677829F7010768EEEED8D0083E510DAB, 03D45E16B0949E126D139A0414C9D659EFFCAF018C4319B7FA663DE73C972B8C ] dvd_2K          C:\WINDOWS\system32\drivers\dvd_2K.sys
11:23:28.0484 0x0ff4  dvd_2K - ok
11:23:28.0531 0x0ff4  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:23:28.0546 0x0ff4  EapHost - ok
11:23:28.0593 0x0ff4  [ 6E883BF518296A40959131C2304AF714, FCBDAB6C9220742821D1A1711D39688889B578E0992F8B41945027DB23E92777 ] EL90XBC         C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
11:23:28.0609 0x0ff4  EL90XBC - ok
11:23:28.0687 0x0ff4  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:23:28.0687 0x0ff4  ERSvc - ok
11:23:28.0781 0x0ff4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
11:23:28.0828 0x0ff4  Eventlog - ok
11:23:28.0906 0x0ff4  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\System32\es.dll
11:23:28.0937 0x0ff4  EventSystem - ok
11:23:28.0984 0x0ff4  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:23:29.0000 0x0ff4  Fastfat - ok
11:23:29.0093 0x0ff4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:23:29.0125 0x0ff4  FastUserSwitchingCompatibility - ok
11:23:29.0171 0x0ff4  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
11:23:29.0187 0x0ff4  Fdc - ok
11:23:29.0234 0x0ff4  [ B73EC688C29F81F9DA0FCF63682B3ECB, 07726D786C983D871711EC32D494D57C223472607A8301B4D62FCA9E9EA20677 ] FilterService   C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
11:23:29.0250 0x0ff4  FilterService - ok
11:23:29.0265 0x0ff4  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:23:30.0218 0x0ff4  Fips - ok
11:23:30.0250 0x0ff4  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:23:30.0265 0x0ff4  Flpydisk - ok
11:23:30.0359 0x0ff4  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:23:30.0359 0x0ff4  FltMgr - ok
11:23:30.0515 0x0ff4  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:23:30.0546 0x0ff4  FontCache3.0.0.0 - ok
11:23:30.0609 0x0ff4  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:23:31.0734 0x0ff4  Fs_Rec - ok
11:23:31.0843 0x0ff4  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:23:31.0906 0x0ff4  Ftdisk - ok
11:23:31.0984 0x0ff4  [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:23:32.0062 0x0ff4  GEARAspiWDM - ok
11:23:32.0171 0x0ff4  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:23:32.0203 0x0ff4  Gpc - ok
11:23:32.0687 0x0ff4  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:23:32.0718 0x0ff4  helpsvc - ok
11:23:32.0781 0x0ff4  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:23:32.0812 0x0ff4  HidServ - ok
11:23:32.0921 0x0ff4  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:23:32.0921 0x0ff4  hidusb - ok
11:23:33.0062 0x0ff4  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:23:33.0125 0x0ff4  hkmsvc - ok
11:23:33.0125 0x0ff4  hpn - ok
11:23:33.0343 0x0ff4  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:23:33.0484 0x0ff4  HTTP - ok
11:23:33.0578 0x0ff4  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:23:33.0593 0x0ff4  HTTPFilter - ok
11:23:33.0593 0x0ff4  i2omgmt - ok
11:23:33.0609 0x0ff4  i2omp - ok
11:23:33.0640 0x0ff4  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
11:23:34.0640 0x0ff4  i8042prt - ok
11:23:35.0250 0x0ff4  [ 5A8E05F1D5C36ABD58CFFA111EB325EA, F881543B911C94BA6E0E4FF754286F18DBB30DAEEA13982A7D5179E51AC2C30F ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:23:36.0000 0x0ff4  ialm - ok
11:23:36.0156 0x0ff4  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:23:36.0265 0x0ff4  IDriverT - ok
11:23:36.0671 0x0ff4  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:23:37.0390 0x0ff4  idsvc - ok
11:23:37.0656 0x0ff4  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:23:37.0687 0x0ff4  Imapi - ok
11:23:37.0828 0x0ff4  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:23:37.0968 0x0ff4  ImapiService - ok
11:23:37.0984 0x0ff4  ini910u - ok
11:23:37.0984 0x0ff4  IntelIde - ok
11:23:39.0609 0x0ff4  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:23:39.0640 0x0ff4  intelppm - ok
11:23:39.0875 0x0ff4  [ 1A263BD87C082FA7AB38093014C8FC79, AC056DBA008D4909AE7D219FB624B243FD15F6451B91387CE9B4D4B3E0364C85 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
11:23:40.0093 0x0ff4  IntuitUpdateService - ok
11:23:40.0906 0x0ff4  [ 4C279F23F88E0854CE94731E55BF6E77, FC8F935BC8F062BC6CD676922B24F7721F43EA25DA4638A3CD4CCB8018F527CE ] ioloSystemService C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
11:23:41.0750 0x0ff4  ioloSystemService - ok
11:23:42.0078 0x0ff4  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:23:42.0109 0x0ff4  ip6fw - ok
11:23:42.0671 0x0ff4  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:23:42.0671 0x0ff4  IpInIp - ok
11:23:42.0750 0x0ff4  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:23:42.0843 0x0ff4  IpNat - ok
11:23:43.0812 0x0ff4  [ CA1972397B845B2F53F5DC63C22FD98A, EA1B454B64085E42CA344872F194E7E3776DE49C281A2F3900AA921E396CBD2D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:23:44.0390 0x0ff4  iPod Service - ok
11:23:44.0640 0x0ff4  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:23:44.0656 0x0ff4  IPSec - ok
11:23:44.0703 0x0ff4  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:23:44.0703 0x0ff4  IRENUM - ok
11:23:44.0843 0x0ff4  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:23:44.0859 0x0ff4  isapnp - ok
11:23:45.0359 0x0ff4  [ 5472D771C0197355C1D347F20392B982, 02554ECD622199DCBAA2100AFFCB54B4B7D487B184F14D1C1EFD53F0D461FC9F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
11:23:45.0390 0x0ff4  JavaQuickStarterService - ok
11:23:45.0468 0x0ff4  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:23:45.0484 0x0ff4  Kbdclass - ok
11:23:45.0546 0x0ff4  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:23:45.0562 0x0ff4  kbdhid - ok
11:23:45.0656 0x0ff4  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:23:45.0781 0x0ff4  kmixer - ok
11:23:45.0921 0x0ff4  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:23:45.0937 0x0ff4  KSecDD - ok
11:23:46.0015 0x0ff4  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:23:46.0046 0x0ff4  lanmanserver - ok
11:23:46.0296 0x0ff4  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:23:46.0343 0x0ff4  lanmanworkstation - ok
11:23:46.0375 0x0ff4  lbrtfdc - ok
11:23:46.0453 0x0ff4  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:23:46.0468 0x0ff4  LmHosts - ok
11:23:46.0546 0x0ff4  [ 9FB982DE1C8DD769F8ED681DD878B12F, 52239A2E7E9F1FCBE0050D525B2FF3888A3DB81C780CB0DE684FBD0E1C9A941C ] lvpopflt        C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
11:23:46.0578 0x0ff4  lvpopflt - ok
11:23:46.0625 0x0ff4  [ 1A7DB7A00A4B0D8DA24CD691A4547291, 604E29E827841EA06313172D9063FD946CE592BF844CEA8D10173CAA397704F8 ] LVPr2Mon        C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
11:23:46.0640 0x0ff4  LVPr2Mon - ok
11:23:48.0156 0x0ff4  [ 0DDFDCAA92C7F553328DB06BA599BEA9, DB779E38B1CF1CAD69193857043F8ED8BBEB603E97363CD798F6699431D94A41 ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
11:23:48.0375 0x0ff4  LVPrcSrv - ok
11:23:48.0640 0x0ff4  [ 37072EC9299E825F4335CC554B6FAC6A, AF5809137454A1DFE029F96BF6C6198CB19D469A0FE3285D7CDE7B0D84D8A465 ] LVRS            C:\WINDOWS\system32\DRIVERS\lvrs.sys
11:23:48.0828 0x0ff4  LVRS - ok
11:23:52.0578 0x0ff4  [ A240E42A7402E927A71B6E8AA4629B13, 43E361B97FCC11F4F81C3211489AE5938D5422D3FCEC3C143CF5C4C4D4E553DB ] LVUVC           C:\WINDOWS\system32\DRIVERS\lvuvc.sys
11:23:57.0015 0x0ff4  LVUVC - ok
11:23:57.0156 0x0ff4  [ 0DB7527DB188C7D967A37BB51BBF3963, 3812E26626EC49BE61B0B8DA5FE6E838C0FEF8A08363C239F64E6CCA0BA949D5 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
11:23:57.0187 0x0ff4  MBAMSwissArmy - ok
11:23:57.0500 0x0ff4  [ 8566E3E7E14517C3142F9EBAF68C3CF4, 1E7A279B8EF1FA8C4D7DB0B72E031DDC39D82FC694A22808BD6C76EF98BB7BF1 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
11:23:57.0671 0x0ff4  McComponentHostService - ok
11:23:57.0781 0x0ff4  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:23:57.0796 0x0ff4  Messenger - ok
11:23:57.0828 0x0ff4  [ 9B90303A9C9405A6CE1466FF4AA20FDD, 86EEAC9FEBD5EBE0564D899FE74C1AABEDA45CD5EE0989AAC7CF8A1034B459E9 ] mmc_2K          C:\WINDOWS\system32\drivers\mmc_2K.sys
11:23:58.0968 0x0ff4  mmc_2K - ok
11:23:59.0703 0x0ff4  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:24:00.0859 0x0ff4  mnmdd - ok
11:24:01.0015 0x0ff4  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
11:24:01.0062 0x0ff4  mnmsrvc - ok
11:24:01.0234 0x0ff4  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:24:02.0359 0x0ff4  Modem - ok
11:24:02.0562 0x0ff4  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:24:02.0593 0x0ff4  Mouclass - ok
11:24:02.0609 0x0ff4  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:24:02.0625 0x0ff4  mouhid - ok
11:24:02.0703 0x0ff4  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:24:02.0703 0x0ff4  MountMgr - ok
11:24:02.0718 0x0ff4  mraid35x - ok
11:24:02.0859 0x0ff4  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:24:02.0968 0x0ff4  MRxDAV - ok
11:24:03.0359 0x0ff4  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:24:03.0609 0x0ff4  MRxSmb - ok
11:24:03.0750 0x0ff4  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
11:24:03.0750 0x0ff4  MSDTC - ok
11:24:03.0843 0x0ff4  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:24:03.0859 0x0ff4  Msfs - ok
11:24:03.0859 0x0ff4  MSIServer - ok
11:24:03.0906 0x0ff4  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:24:03.0921 0x0ff4  MSKSSRV - ok
11:24:03.0937 0x0ff4  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:24:03.0968 0x0ff4  MSPCLOCK - ok
11:24:04.0281 0x0ff4  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:24:04.0296 0x0ff4  MSPQM - ok
11:24:04.0328 0x0ff4  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:24:04.0359 0x0ff4  mssmbios - ok
11:24:04.0484 0x0ff4  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
11:24:04.0500 0x0ff4  MSTEE - ok
11:24:04.0671 0x0ff4  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:24:04.0718 0x0ff4  Mup - ok
11:24:04.0906 0x0ff4  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:24:05.0000 0x0ff4  NABTSFEC - ok
11:24:05.0343 0x0ff4  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:24:05.0500 0x0ff4  napagent - ok
11:24:05.0671 0x0ff4  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:24:05.0812 0x0ff4  NDIS - ok
11:24:05.0906 0x0ff4  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:24:05.0937 0x0ff4  NdisIP - ok
11:24:06.0031 0x0ff4  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:24:06.0062 0x0ff4  NdisTapi - ok
11:24:06.0296 0x0ff4  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:24:06.0343 0x0ff4  Ndisuio - ok
11:24:06.0421 0x0ff4  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:24:06.0468 0x0ff4  NdisWan - ok
11:24:06.0593 0x0ff4  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:24:06.0609 0x0ff4  NDProxy - ok
11:24:06.0671 0x0ff4  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:24:06.0703 0x0ff4  NetBIOS - ok
11:24:06.0859 0x0ff4  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:24:06.0968 0x0ff4  NetBT - ok
11:24:07.0187 0x0ff4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:24:07.0234 0x0ff4  NetDDE - ok
11:24:07.0265 0x0ff4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:24:07.0265 0x0ff4  NetDDEdsdm - ok
11:24:07.0328 0x0ff4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:24:07.0375 0x0ff4  Netlogon - ok
11:24:07.0609 0x0ff4  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
11:24:07.0640 0x0ff4  Netman - ok
11:24:07.0843 0x0ff4  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:24:07.0937 0x0ff4  NetTcpPortSharing - ok
11:24:08.0296 0x0ff4  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:24:08.0343 0x0ff4  Nla - ok
11:24:08.0359 0x0ff4  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:24:08.0375 0x0ff4  Npfs - ok
11:24:08.0796 0x0ff4  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:24:09.0109 0x0ff4  Ntfs - ok
11:24:09.0375 0x0ff4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
11:24:09.0375 0x0ff4  NtLmSsp - ok
11:24:09.0875 0x0ff4  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:24:10.0250 0x0ff4  NtmsSvc - ok
11:24:10.0437 0x0ff4  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:24:11.0250 0x0ff4  Null - ok
11:24:11.0437 0x0ff4  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:24:11.0437 0x0ff4  NwlnkFlt - ok
11:24:11.0500 0x0ff4  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:24:11.0515 0x0ff4  NwlnkFwd - ok
11:24:12.0625 0x0ff4  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:24:12.0875 0x0ff4  odserv - ok
11:24:13.0046 0x0ff4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:24:13.0078 0x0ff4  ose - ok
11:24:13.0265 0x0ff4  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:24:13.0312 0x0ff4  Parport - ok
11:24:13.0453 0x0ff4  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:24:13.0484 0x0ff4  PartMgr - ok
11:24:13.0593 0x0ff4  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:24:13.0609 0x0ff4  ParVdm - ok
11:24:13.0718 0x0ff4  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:24:13.0750 0x0ff4  PCI - ok
11:24:13.0765 0x0ff4  PCIDump - ok
11:24:13.0843 0x0ff4  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:24:13.0875 0x0ff4  PCIIde - ok
11:24:13.0937 0x0ff4  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:24:15.0140 0x0ff4  Pcmcia - ok
11:24:15.0140 0x0ff4  PDCOMP - ok
11:24:15.0156 0x0ff4  PDFRAME - ok
11:24:15.0328 0x0ff4  [ 40C611622882C3FCAFEB845C1E12A10F, A4F5790D9976D06822A656DCFDFEF76831A00089F6AC5519429142E6CBBC3EAC ] PDFsFilter      C:\WINDOWS\system32\DRIVERS\PDFsFilter.sys
11:24:15.0453 0x0ff4  PDFsFilter - ok
11:24:15.0453 0x0ff4  PDRELI - ok
11:24:15.0468 0x0ff4  PDRFRAME - ok
11:24:15.0484 0x0ff4  perc2 - ok
11:24:15.0484 0x0ff4  perc2hib - ok
11:24:15.0531 0x0ff4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
11:24:15.0546 0x0ff4  PlugPlay - ok
11:24:15.0609 0x0ff4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:24:15.0625 0x0ff4  PolicyAgent - ok
11:24:15.0984 0x0ff4  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:24:16.0000 0x0ff4  PptpMiniport - ok
11:24:16.0437 0x0ff4  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
11:24:16.0453 0x0ff4  Processor - ok
11:24:16.0515 0x0ff4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:24:16.0515 0x0ff4  ProtectedStorage - ok
11:24:16.0656 0x0ff4  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:24:16.0703 0x0ff4  PSched - ok
11:24:16.0843 0x0ff4  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:24:16.0859 0x0ff4  Ptilink - ok
11:24:17.0046 0x0ff4  [ D8B90616A8BD53DE281DBDB664C0984A, C7E6631716E6BF8CCCE1D49961DE6BE824F44C3E9C4906BA61839600B27C9CD9 ] pwd_2k          C:\WINDOWS\system32\drivers\pwd_2k.sys
11:24:19.0328 0x0ff4  pwd_2k - ok
11:24:19.0343 0x0ff4  ql1080 - ok
11:24:19.0343 0x0ff4  Ql10wnt - ok
11:24:19.0359 0x0ff4  ql12160 - ok
11:24:19.0359 0x0ff4  ql1240 - ok
11:24:19.0375 0x0ff4  ql1280 - ok
11:24:19.0437 0x0ff4  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:24:19.0484 0x0ff4  RasAcd - ok
11:24:19.0640 0x0ff4  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:24:19.0703 0x0ff4  RasAuto - ok
11:24:19.0781 0x0ff4  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:24:19.0796 0x0ff4  Rasl2tp - ok
11:24:19.0968 0x0ff4  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:24:20.0062 0x0ff4  RasMan - ok
11:24:20.0093 0x0ff4  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:24:20.0125 0x0ff4  RasPppoe - ok
11:24:20.0234 0x0ff4  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:24:20.0250 0x0ff4  Raspti - ok
11:24:20.0406 0x0ff4  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:24:20.0531 0x0ff4  Rdbss - ok
11:24:20.0625 0x0ff4  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:24:20.0625 0x0ff4  RDPCDD - ok
11:24:20.0859 0x0ff4  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:24:21.0046 0x0ff4  rdpdr - ok
11:24:21.0406 0x0ff4  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:24:21.0546 0x0ff4  RDPWD - ok
11:24:21.0656 0x0ff4  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:24:21.0812 0x0ff4  RDSessMgr - ok
11:24:21.0937 0x0ff4  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:24:21.0968 0x0ff4  redbook - ok
11:24:22.0250 0x0ff4  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:24:22.0265 0x0ff4  RemoteAccess - ok
11:24:22.0453 0x0ff4  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:24:22.0484 0x0ff4  RemoteRegistry - ok
11:24:22.0656 0x0ff4  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\System32\locator.exe
11:24:22.0687 0x0ff4  RpcLocator - ok
11:24:22.0921 0x0ff4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
11:24:23.0171 0x0ff4  RpcSs - ok
11:24:23.0468 0x0ff4  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\System32\rsvp.exe
11:24:23.0578 0x0ff4  RSVP - ok
11:24:23.0671 0x0ff4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:24:23.0671 0x0ff4  SamSs - ok
11:24:23.0843 0x0ff4  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:24:23.0890 0x0ff4  SCardSvr - ok
11:24:23.0953 0x0ff4  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:24:24.0109 0x0ff4  Schedule - ok
11:24:24.0312 0x0ff4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:24:24.0328 0x0ff4  Secdrv - ok
11:24:24.0468 0x0ff4  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:24:24.0500 0x0ff4  seclogon - ok
11:24:25.0656 0x0ff4  [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8, E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] senfilt         C:\WINDOWS\system32\drivers\senfilt.sys
11:24:26.0140 0x0ff4  senfilt - ok
11:24:26.0343 0x0ff4  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
11:24:26.0359 0x0ff4  SENS - ok
11:24:26.0437 0x0ff4  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:24:26.0468 0x0ff4  serenum - ok
11:24:26.0546 0x0ff4  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:24:26.0578 0x0ff4  Serial - ok
11:24:26.0687 0x0ff4  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:24:27.0640 0x0ff4  Sfloppy - ok
11:24:27.0968 0x0ff4  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:24:28.0265 0x0ff4  SharedAccess - ok
11:24:28.0468 0x0ff4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:24:28.0593 0x0ff4  ShellHWDetection - ok
11:24:28.0609 0x0ff4  Simbad - ok
11:24:28.0968 0x0ff4  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
11:24:29.0125 0x0ff4  SkypeUpdate - ok
11:24:29.0359 0x0ff4  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:24:29.0375 0x0ff4  SLIP - ok
11:24:29.0625 0x0ff4  [ 0066FF77AEB4AE70066F7E94D5A6D866, 5067FC7F71FD3D1AFF4173D6379EF85DCB2B6B5588897430F3B440F3BB85D967 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
11:24:29.0796 0x0ff4  smwdm - ok
11:24:29.0812 0x0ff4  Sparrow - ok
11:24:29.0843 0x0ff4  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:24:29.0859 0x0ff4  splitter - ok
11:24:29.0937 0x0ff4  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:24:29.0968 0x0ff4  Spooler - ok
11:24:30.0218 0x0ff4  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:24:30.0250 0x0ff4  sr - ok
11:24:30.0437 0x0ff4  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:24:30.0546 0x0ff4  srservice - ok
11:24:30.0890 0x0ff4  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:24:31.0171 0x0ff4  Srv - ok
11:24:31.0375 0x0ff4  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:24:31.0406 0x0ff4  SSDPSRV - ok
11:24:31.0593 0x0ff4  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:24:31.0718 0x0ff4  stisvc - ok
11:24:31.0796 0x0ff4  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:24:31.0828 0x0ff4  streamip - ok
11:24:31.0921 0x0ff4  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:24:31.0953 0x0ff4  swenum - ok
11:24:32.0000 0x0ff4  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:24:32.0031 0x0ff4  swmidi - ok
11:24:32.0031 0x0ff4  SwPrv - ok
11:24:32.0609 0x0ff4  [ 267C914667C94E5F47D342311C1C577F, E4FE7A8E41680E6845AD4D0FEEF4EDA6DACAE7728D2401520175AAD8ED16ABAD ] Symantec RemoteAssist C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
11:24:33.0234 0x0ff4  Symantec RemoteAssist - ok
11:24:33.0250 0x0ff4  symc810 - ok
11:24:33.0250 0x0ff4  symc8xx - ok
11:24:33.0265 0x0ff4  sym_hi - ok
11:24:33.0281 0x0ff4  sym_u3 - ok
11:24:33.0359 0x0ff4  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:24:33.0375 0x0ff4  sysaudio - ok
11:24:33.0515 0x0ff4  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:24:33.0562 0x0ff4  SysmonLog - ok
11:24:33.0687 0x0ff4  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:24:33.0906 0x0ff4  TapiSrv - ok
11:24:34.0093 0x0ff4  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:24:34.0312 0x0ff4  Tcpip - ok
11:24:34.0453 0x0ff4  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:24:35.0437 0x0ff4  TDPIPE - ok
11:24:35.0562 0x0ff4  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:24:36.0546 0x0ff4  TDTCP - ok
11:24:36.0640 0x0ff4  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:24:36.0640 0x0ff4  TermDD - ok
11:24:36.0968 0x0ff4  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
11:24:37.0281 0x0ff4  TermService - ok
11:24:37.0500 0x0ff4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:24:37.0640 0x0ff4  Themes - ok
11:24:37.0671 0x0ff4  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
11:24:37.0703 0x0ff4  TlntSvr - ok
11:24:37.0703 0x0ff4  TosIde - ok
11:24:38.0296 0x0ff4  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:24:38.0343 0x0ff4  TrkWks - ok
11:24:38.0562 0x0ff4  [ 4E75005B74BE901C30F2636DF40B0C15, 367C665D5ECC6A1DCAC7124DA202A2EB6ABCE287C6FB60599995130806946755 ] UdfReadr_xp     C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
11:24:38.0828 0x0ff4  UdfReadr_xp - ok
11:24:38.0890 0x0ff4  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:24:40.0000 0x0ff4  Udfs - ok
11:24:40.0015 0x0ff4  ultra - ok
11:24:40.0406 0x0ff4  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:24:40.0609 0x0ff4  Update - ok
11:24:40.0859 0x0ff4  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:24:41.0109 0x0ff4  upnphost - ok
11:24:41.0125 0x0ff4  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
11:24:41.0140 0x0ff4  UPS - ok
11:24:41.0281 0x0ff4  [ 83CAFCB53201BBAC04D822F32438E244, E3F6FDE4D429FB630B19417DD9752A2CE9F6C9FD58918D714B5438A3D4136853 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
11:24:41.0296 0x0ff4  USBAAPL - ok
11:24:41.0375 0x0ff4  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
11:24:41.0390 0x0ff4  usbaudio - ok
11:24:41.0468 0x0ff4  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:24:41.0468 0x0ff4  usbccgp - ok
11:24:41.0562 0x0ff4  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:24:41.0578 0x0ff4  usbehci - ok
11:24:41.0703 0x0ff4  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:24:41.0734 0x0ff4  usbhub - ok
11:24:41.0984 0x0ff4  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:24:42.0015 0x0ff4  usbscan - ok
11:24:42.0093 0x0ff4  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:24:42.0109 0x0ff4  USBSTOR - ok
11:24:42.0406 0x0ff4  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:24:42.0406 0x0ff4  usbuhci - ok
11:24:42.0609 0x0ff4  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
11:24:42.0625 0x0ff4  usbvideo - ok
11:24:42.0656 0x0ff4  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:24:42.0671 0x0ff4  VgaSave - ok
11:24:42.0671 0x0ff4  ViaIde - ok
11:24:42.0734 0x0ff4  [ 7C38F81F40D61D1607DDB62FE5817BB9, 3F93FC993956856B44375CA6E3A8268069783E0493BDC4A6277288C59BD0CDD8 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:24:42.0750 0x0ff4  Suspicious file ( Forged ): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7C38F81F40D61D1607DDB62FE5817BB9, sha256: 3F93FC993956856B44375CA6E3A8268069783E0493BDC4A6277288C59BD0CDD8, fake md5: 4C8FCB5CC53AAB716D810740FE59D025, fake sha256: 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4
11:24:42.0750 0x0ff4  VolSnap - detected Rootkit.Win32.TDSS.tdl3 ( 0 )
11:24:45.0421 0x0ff4  VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - infected
11:24:45.0421 0x0ff4  Force sending object to P2P due to detect: C:\WINDOWS\system32\drivers\VolSnap.sys
11:24:48.0062 0x0ff4  Object send P2P result: true
11:24:50.0640 0x0ff4  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
11:24:50.0828 0x0ff4  VSS - ok
11:24:52.0281 0x0ff4  [ EEEBD0C31A8607CC329AEE747AB61B22, AC562AA6A260E30A47490E46D5B0EA1704CD523DB84F37DE36FB69F1559E8140 ] vToolbarUpdater17.3.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
11:24:53.0625 0x0ff4  vToolbarUpdater17.3.0 - ok
11:24:55.0171 0x0ff4  [ A9129F1C74B137B4310F8377DBBB224C, B4CB740BD307A3F4B6A922E5F281E18E547DFBBECEA9881AA7A1AC6B19233687 ] vToolbarUpdater18.0.5 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
11:24:56.0578 0x0ff4  vToolbarUpdater18.0.5 - ok
11:24:56.0718 0x0ff4  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
11:24:56.0859 0x0ff4  W32Time - ok
11:24:56.0921 0x0ff4  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:24:56.0953 0x0ff4  Wanarp - ok
11:24:56.0968 0x0ff4  WDICA - ok
11:24:57.0015 0x0ff4  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:24:57.0062 0x0ff4  wdmaud - ok
11:24:57.0156 0x0ff4  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:24:57.0234 0x0ff4  WebClient - ok
11:24:58.0156 0x0ff4  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:24:58.0515 0x0ff4  winmgmt - ok
11:24:58.0734 0x0ff4  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
11:24:58.0765 0x0ff4  WmdmPmSN - ok
11:24:59.0265 0x0ff4  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
11:24:59.0703 0x0ff4  Wmi - ok
11:24:59.0984 0x0ff4  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
11:25:00.0000 0x0ff4  WmiApSrv - ok
11:25:00.0109 0x0ff4  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:25:00.0125 0x0ff4  WS2IFSL - ok
11:25:00.0234 0x0ff4  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:25:00.0406 0x0ff4  wscsvc - ok
11:25:00.0421 0x0ff4  WSearch - ok
11:25:00.0515 0x0ff4  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:25:00.0546 0x0ff4  WSTCODEC - ok
11:25:00.0578 0x0ff4  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:25:00.0609 0x0ff4  wuauserv - ok
11:25:00.0828 0x0ff4  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:25:01.0109 0x0ff4  WZCSVC - ok
11:25:01.0203 0x0ff4  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:25:01.0281 0x0ff4  xmlprov - ok
11:25:01.0750 0x0ff4  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:25:02.0140 0x0ff4  YahooAUService - ok
11:25:02.0156 0x0ff4  ================ Scan global ===============================
11:25:02.0343 0x0ff4  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
11:25:02.0531 0x0ff4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:25:02.0968 0x0ff4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:25:03.0125 0x0ff4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
11:25:03.0156 0x0ff4  [ Global ] - ok
11:25:03.0156 0x0ff4  ================ Scan MBR ==================================
11:25:03.0156 0x0ff4  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:25:18.0718 0x0ff4  \Device\Harddisk0\DR0 - ok
11:25:18.0718 0x0ff4  ================ Scan VBR ==================================
11:25:18.0781 0x0ff4  [ F7A3082A53478EB6856B916E26967D30 ] \Device\Harddisk0\DR0\Partition1
11:25:18.0828 0x0ff4  \Device\Harddisk0\DR0\Partition1 - ok
11:25:24.0281 0x0ff4  AV detected via SS1: AVG AntiVirus Free Edition 2014, 2014.0, enabled, updated
11:25:24.0937 0x0ff4  Win FW state via NFM: enabled
11:25:27.0781 0x0ff4  ============================================================
11:25:27.0781 0x0ff4  Scan finished
11:25:27.0781 0x0ff4  ============================================================
11:25:27.0953 0x0a4c  Detected object count: 1
11:25:27.0953 0x0a4c  Actual detected object count: 1
11:26:02.0921 0x0a4c  VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - skipped by user
11:26:02.0921 0x0a4c  VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Skip 
Link to post
Share on other sites

:angry::wacko:

 

Fix with TDSS-Killer

Please read and follow these instructions carefully.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • When the scan is finished, select copy to quarantine for the following entry.

    Rootkit.Win32.TDSS.tdl3
  • Hit continue.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

Ok, potential problem so I thought I better check with you.

 

1.  I ran TDSSKiller.exe and quarantined Rootkit.Win32.TDSS.tdl3 with no problem. Log is below.
 
2. When I ran ComboFix, it saw that I already had ComboFix on my desktop from when we ran it three days ago.  It executed ok, but then errored out saying "Cannot reename ComboFix to itself" or something like that.  It created no log.
 
 
Ok to just delete old ComboFix downloads and reload/rerun it?
 
 
 
TDSSKiller log says:
 
 
11:22:12.0875 0x0a64  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
11:22:26.0281 0x0a64  ============================================================
11:22:26.0281 0x0a64  Current date / time: 2014/03/24 11:22:26.0281
11:22:26.0281 0x0a64  SystemInfo:
11:22:26.0281 0x0a64  
11:22:26.0281 0x0a64  OS Version: 5.1.2600 ServicePack: 3.0
11:22:26.0281 0x0a64  Product type: Workstation
11:22:26.0281 0x0a64  ComputerName: USER-CFQ09NBI8D
11:22:26.0281 0x0a64  UserName: user
11:22:26.0281 0x0a64  Windows directory: C:\WINDOWS
11:22:26.0281 0x0a64  System windows directory: C:\WINDOWS
11:22:26.0281 0x0a64  Processor architecture: Intel x86
11:22:26.0281 0x0a64  Number of processors: 1
11:22:26.0281 0x0a64  Page size: 0x1000
11:22:26.0281 0x0a64  Boot type: Normal boot
11:22:26.0281 0x0a64  ============================================================
11:22:35.0546 0x0a64  KLMD registered as C:\WINDOWS\system32\drivers\35230330.sys
11:22:41.0890 0x0a64  System UUID: {110807B1-1FA9-7C9F-3E30-3C7E43A15954}
11:22:57.0765 0x0a64  Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:22:57.0859 0x0a64  ============================================================
11:22:57.0859 0x0a64  \Device\Harddisk0\DR0:
11:22:57.0859 0x0a64  MBR partitions:
11:22:57.0859 0x0a64  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
11:22:57.0859 0x0a64  ============================================================
11:22:58.0093 0x0a64  C: <-> \Device\Harddisk0\DR0\Partition1
11:22:58.0093 0x0a64  ============================================================
11:22:58.0093 0x0a64  Initialize success
11:22:58.0093 0x0a64  ============================================================
11:23:05.0734 0x0ff4  ============================================================
11:23:05.0734 0x0ff4  Scan started
11:23:05.0734 0x0ff4  Mode: Manual; 
11:23:05.0734 0x0ff4  ============================================================
11:23:05.0734 0x0ff4  KSN ping started
11:23:09.0156 0x0ff4  KSN ping finished: true
11:23:11.0359 0x0ff4  ================ Scan system memory ========================
11:23:11.0359 0x0ff4  System memory - ok
11:23:11.0359 0x0ff4  ================ Scan services =============================
11:23:12.0625 0x0ff4  Abiosdsk - ok
11:23:12.0625 0x0ff4  abp480n5 - ok
11:23:12.0718 0x0ff4  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:23:12.0718 0x0ff4  ACPI - ok
11:23:13.0187 0x0ff4  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:23:13.0968 0x0ff4  ACPIEC - ok
11:23:14.0125 0x0ff4  [ 9915504F602D277EE47FD843A677FD15, 308B8FC957AB70FC982ED1B780A3D106B3E372397468795B2A7E7DF30FBB5760 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:23:14.0156 0x0ff4  AdobeFlashPlayerUpdateSvc - ok
11:23:14.0156 0x0ff4  adpu160m - ok
11:23:14.0203 0x0ff4  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:23:14.0203 0x0ff4  aec - ok
11:23:14.0265 0x0ff4  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:23:14.0375 0x0ff4  AFD - ok
11:23:14.0375 0x0ff4  Aha154x - ok
11:23:14.0390 0x0ff4  aic78u2 - ok
11:23:14.0406 0x0ff4  aic78xx - ok
11:23:14.0453 0x0ff4  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:23:14.0484 0x0ff4  Alerter - ok
11:23:14.0515 0x0ff4  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
11:23:14.0531 0x0ff4  ALG - ok
11:23:14.0531 0x0ff4  AliIde - ok
11:23:14.0531 0x0ff4  amsint - ok
11:23:14.0890 0x0ff4  [ 3DEBBECF665DCDDE3A95D9B902010817, F56F4A7A36FAF5FC2306E108A24E75E13EE1F2D1002D9CB71E3327A55F8694CE ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:23:14.0890 0x0ff4  Apple Mobile Device - ok
11:23:15.0000 0x0ff4  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:23:15.0125 0x0ff4  AppMgmt - ok
11:23:15.0140 0x0ff4  asc - ok
11:23:15.0140 0x0ff4  asc3350p - ok
11:23:15.0156 0x0ff4  asc3550 - ok
11:23:15.0281 0x0ff4  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:23:15.0296 0x0ff4  aspnet_state - ok
11:23:15.0343 0x0ff4  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:23:15.0359 0x0ff4  AsyncMac - ok
11:23:15.0390 0x0ff4  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:23:15.0390 0x0ff4  atapi - ok
11:23:15.0390 0x0ff4  Atdisk - ok
11:23:15.0437 0x0ff4  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:23:15.0437 0x0ff4  Atmarpc - ok
11:23:15.0500 0x0ff4  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:23:15.0500 0x0ff4  AudioSrv - ok
11:23:15.0562 0x0ff4  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:23:15.0578 0x0ff4  audstub - ok
11:23:15.0656 0x0ff4  [ B4A79941AB02993E43A6C2248CE932FD, 250A4F35CC366FA65A918C9EDDA1E278CA20AC77412EDAD716A2BB1BF07DB7B8 ] Avgdiskx        C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
11:23:15.0671 0x0ff4  Avgdiskx - ok
11:23:16.0250 0x0ff4  [ 45982902C522F1883A2B403844CA9B07, 32BE4F3BC1B6E23469EB8E39057747E16F73168AFA9775D8785F18110BDBC1C7 ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
11:23:17.0484 0x0ff4  AVGIDSAgent - ok
11:23:17.0609 0x0ff4  [ 92CA68E3361576420C43FC33C47DECF7, 33C566F5327737CA1EFBFC5369372AED088A103CE18CDD352D10DDF2841A40A2 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
11:23:17.0812 0x0ff4  AVGIDSDriver - ok
11:23:17.0921 0x0ff4  [ 4D792ED58F49235704E580C34391CFF5, 368B882052B75B6FE147A3EC0873A50FC6A9E96E8298EAA50186FD259FEE5E34 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
11:23:18.0062 0x0ff4  AVGIDSHX - ok
11:23:18.0140 0x0ff4  [ 18B3FFED808F032E037ED7F54A838053, 488FBA275B7B0B97E4372EA1BDFBB53238B0BF201DF004CC8FCDA82A0A0105DD ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
11:23:18.0265 0x0ff4  AVGIDSShim - ok
11:23:18.0343 0x0ff4  [ 578ECC3D911897B2C5B760EDAF8ED6CA, 99CAACB349C8629D4BE6070BDBFB0BDB4A13ABFFF738F04D723D2AFE7EA58894 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:23:18.0390 0x0ff4  Avgldx86 - ok
11:23:18.0453 0x0ff4  [ BD1A440B9F126AFE52978A44952B0018, 83577249AACC3F0C655C27A471739113B2086BFC1FF15D0ED7E64B0215B739DB ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
11:23:18.0671 0x0ff4  Avglogx - ok
11:23:19.0875 0x0ff4  [ 7DC192EC714342E7C020C7CF42E394D8, 09F4CFFD93067E62B09C550A7A0588E90CAD190E49E1B7082FC5A949AF389781 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:23:19.0984 0x0ff4  Avgmfx86 - ok
11:23:20.0000 0x0ff4  [ E6322DF686CE1C59D7797FAEF0732454, 03534F19568B421F9BE9C99A7A5302D38FCABA26E95C49A492DA49E58A918B55 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:23:20.0015 0x0ff4  Avgrkx86 - ok
11:23:20.0078 0x0ff4  [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:23:20.0093 0x0ff4  Avgtdix - ok
11:23:20.0140 0x0ff4  [ 06AEB065AC25A2CFF80E1DF0303EC55B, EE913D669741B3F844AFEEFCF232D2D2C94081BCB39F79D81D7A7133DBC57252 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
11:23:20.0156 0x0ff4  avgtp - ok
11:23:20.0250 0x0ff4  [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
11:23:20.0453 0x0ff4  avgwd - ok
11:23:20.0515 0x0ff4  [ 2ACF06176B9D011567D7F25B83DDD066, E34D8A2DF542ADC3FD4E5D582C3D1EFED868900CD31458012AD28AAD5BB86D40 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:23:20.0531 0x0ff4  b57w2k - ok
11:23:20.0578 0x0ff4  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:23:20.0984 0x0ff4  Beep - ok
11:23:21.0046 0x0ff4  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:23:21.0093 0x0ff4  BITS - ok
11:23:21.0234 0x0ff4  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:23:21.0328 0x0ff4  Bonjour Service - ok
11:23:21.0390 0x0ff4  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
11:23:21.0390 0x0ff4  Browser - ok
11:23:21.0625 0x0ff4  catchme - ok
11:23:21.0687 0x0ff4  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:23:22.0500 0x0ff4  cbidf2k - ok
11:23:22.0593 0x0ff4  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:23:22.0609 0x0ff4  CCDECODE - ok
11:23:22.0609 0x0ff4  cd20xrnt - ok
11:23:22.0687 0x0ff4  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:23:23.0421 0x0ff4  Cdaudio - ok
11:23:23.0500 0x0ff4  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:23:23.0515 0x0ff4  Cdfs - ok
11:23:23.0578 0x0ff4  [ 297ACC7D7C66EC86EE0B4EB5AF9A8FD3, 4752F8786494D45CADC5A2618FF50D4D7F87F2823F94C12ED6D34D4F56D47B88 ] Cdr4_xp         C:\WINDOWS\system32\drivers\Cdr4_xp.sys
11:23:24.0156 0x0ff4  Cdr4_xp - ok
11:23:24.0250 0x0ff4  [ 5E31ABF467A6FD857710C0927C88EE4C, 774B0AFD7584BC7FFC4BB6C15510CD968A60DB945468CE30A03F8643471977A0 ] Cdralw2k        C:\WINDOWS\system32\drivers\Cdralw2k.sys
11:23:24.0984 0x0ff4  Cdralw2k - ok
11:23:25.0031 0x0ff4  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:23:25.0031 0x0ff4  Cdrom - ok
11:23:25.0187 0x0ff4  [ CFD81F2140193FC7F1812E6D6EAF6795, 0A356DF83744D68F1DE981E6AC756246EE3FD44E18CF3D43C57CEE301B78047B ] cdudf_xp        C:\WINDOWS\system32\drivers\cdudf_xp.sys
11:23:25.0281 0x0ff4  cdudf_xp - ok
11:23:25.0296 0x0ff4  Changer - ok
11:23:25.0375 0x0ff4  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:23:25.0390 0x0ff4  CiSvc - ok
11:23:25.0421 0x0ff4  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:23:25.0437 0x0ff4  ClipSrv - ok
11:23:25.0484 0x0ff4  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:23:25.0578 0x0ff4  clr_optimization_v2.0.50727_32 - ok
11:23:25.0578 0x0ff4  CmdIde - ok
11:23:25.0593 0x0ff4  COMSysApp - ok
11:23:25.0609 0x0ff4  Cpqarray - ok
11:23:25.0734 0x0ff4  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:23:25.0750 0x0ff4  CryptSvc - ok
11:23:25.0765 0x0ff4  dac2w2k - ok
11:23:25.0765 0x0ff4  dac960nt - ok
11:23:25.0906 0x0ff4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:23:26.0093 0x0ff4  DcomLaunch - ok
11:23:26.0187 0x0ff4  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:23:26.0359 0x0ff4  Dhcp - ok
11:23:26.0531 0x0ff4  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:23:26.0546 0x0ff4  Disk - ok
11:23:26.0562 0x0ff4  dmadmin - ok
11:23:26.0703 0x0ff4  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:23:26.0906 0x0ff4  dmboot - ok
11:23:26.0953 0x0ff4  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:23:26.0968 0x0ff4  dmio - ok
11:23:27.0000 0x0ff4  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:23:27.0000 0x0ff4  dmload - ok
11:23:27.0046 0x0ff4  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:23:27.0062 0x0ff4  dmserver - ok
11:23:27.0109 0x0ff4  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:23:27.0125 0x0ff4  DMusic - ok
11:23:27.0218 0x0ff4  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:23:27.0218 0x0ff4  Dnscache - ok
11:23:27.0328 0x0ff4  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:23:27.0343 0x0ff4  Dot3svc - ok
11:23:27.0468 0x0ff4  [ 3E4B043F8BC6BE1D4820CC6C9C500306, 41F5AB9F3D65FEF3AB50562A3B91A3268B887CCF7FE5FC9D49478147700C72F4 ] Dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
11:23:27.0578 0x0ff4  Dot4 - ok
11:23:27.0656 0x0ff4  [ 77CE63A8A34AE23D9FE4C7896D1DEBE7, FC17B00AEDC57AC436EACD2D576642098479E5CE10A42775D339B66A53460DC7 ] Dot4Print       C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
11:23:27.0671 0x0ff4  Dot4Print - ok
11:23:27.0671 0x0ff4  dpti2o - ok
11:23:27.0859 0x0ff4  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:23:27.0875 0x0ff4  drmkaud - ok
11:23:27.0953 0x0ff4  [ 677829F7010768EEEED8D0083E510DAB, 03D45E16B0949E126D139A0414C9D659EFFCAF018C4319B7FA663DE73C972B8C ] dvd_2K          C:\WINDOWS\system32\drivers\dvd_2K.sys
11:23:28.0484 0x0ff4  dvd_2K - ok
11:23:28.0531 0x0ff4  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:23:28.0546 0x0ff4  EapHost - ok
11:23:28.0593 0x0ff4  [ 6E883BF518296A40959131C2304AF714, FCBDAB6C9220742821D1A1711D39688889B578E0992F8B41945027DB23E92777 ] EL90XBC         C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
11:23:28.0609 0x0ff4  EL90XBC - ok
11:23:28.0687 0x0ff4  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:23:28.0687 0x0ff4  ERSvc - ok
11:23:28.0781 0x0ff4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
11:23:28.0828 0x0ff4  Eventlog - ok
11:23:28.0906 0x0ff4  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\System32\es.dll
11:23:28.0937 0x0ff4  EventSystem - ok
11:23:28.0984 0x0ff4  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:23:29.0000 0x0ff4  Fastfat - ok
11:23:29.0093 0x0ff4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:23:29.0125 0x0ff4  FastUserSwitchingCompatibility - ok
11:23:29.0171 0x0ff4  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
11:23:29.0187 0x0ff4  Fdc - ok
11:23:29.0234 0x0ff4  [ B73EC688C29F81F9DA0FCF63682B3ECB, 07726D786C983D871711EC32D494D57C223472607A8301B4D62FCA9E9EA20677 ] FilterService   C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
11:23:29.0250 0x0ff4  FilterService - ok
11:23:29.0265 0x0ff4  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:23:30.0218 0x0ff4  Fips - ok
11:23:30.0250 0x0ff4  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:23:30.0265 0x0ff4  Flpydisk - ok
11:23:30.0359 0x0ff4  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:23:30.0359 0x0ff4  FltMgr - ok
11:23:30.0515 0x0ff4  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:23:30.0546 0x0ff4  FontCache3.0.0.0 - ok
11:23:30.0609 0x0ff4  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:23:31.0734 0x0ff4  Fs_Rec - ok
11:23:31.0843 0x0ff4  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:23:31.0906 0x0ff4  Ftdisk - ok
11:23:31.0984 0x0ff4  [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:23:32.0062 0x0ff4  GEARAspiWDM - ok
11:23:32.0171 0x0ff4  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:23:32.0203 0x0ff4  Gpc - ok
11:23:32.0687 0x0ff4  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:23:32.0718 0x0ff4  helpsvc - ok
11:23:32.0781 0x0ff4  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:23:32.0812 0x0ff4  HidServ - ok
11:23:32.0921 0x0ff4  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:23:32.0921 0x0ff4  hidusb - ok
11:23:33.0062 0x0ff4  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:23:33.0125 0x0ff4  hkmsvc - ok
11:23:33.0125 0x0ff4  hpn - ok
11:23:33.0343 0x0ff4  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:23:33.0484 0x0ff4  HTTP - ok
11:23:33.0578 0x0ff4  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:23:33.0593 0x0ff4  HTTPFilter - ok
11:23:33.0593 0x0ff4  i2omgmt - ok
11:23:33.0609 0x0ff4  i2omp - ok
11:23:33.0640 0x0ff4  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
11:23:34.0640 0x0ff4  i8042prt - ok
11:23:35.0250 0x0ff4  [ 5A8E05F1D5C36ABD58CFFA111EB325EA, F881543B911C94BA6E0E4FF754286F18DBB30DAEEA13982A7D5179E51AC2C30F ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:23:36.0000 0x0ff4  ialm - ok
11:23:36.0156 0x0ff4  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:23:36.0265 0x0ff4  IDriverT - ok
11:23:36.0671 0x0ff4  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:23:37.0390 0x0ff4  idsvc - ok
11:23:37.0656 0x0ff4  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:23:37.0687 0x0ff4  Imapi - ok
11:23:37.0828 0x0ff4  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:23:37.0968 0x0ff4  ImapiService - ok
11:23:37.0984 0x0ff4  ini910u - ok
11:23:37.0984 0x0ff4  IntelIde - ok
11:23:39.0609 0x0ff4  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:23:39.0640 0x0ff4  intelppm - ok
11:23:39.0875 0x0ff4  [ 1A263BD87C082FA7AB38093014C8FC79, AC056DBA008D4909AE7D219FB624B243FD15F6451B91387CE9B4D4B3E0364C85 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
11:23:40.0093 0x0ff4  IntuitUpdateService - ok
11:23:40.0906 0x0ff4  [ 4C279F23F88E0854CE94731E55BF6E77, FC8F935BC8F062BC6CD676922B24F7721F43EA25DA4638A3CD4CCB8018F527CE ] ioloSystemService C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
11:23:41.0750 0x0ff4  ioloSystemService - ok
11:23:42.0078 0x0ff4  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
11:23:42.0109 0x0ff4  ip6fw - ok
11:23:42.0671 0x0ff4  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:23:42.0671 0x0ff4  IpInIp - ok
11:23:42.0750 0x0ff4  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:23:42.0843 0x0ff4  IpNat - ok
11:23:43.0812 0x0ff4  [ CA1972397B845B2F53F5DC63C22FD98A, EA1B454B64085E42CA344872F194E7E3776DE49C281A2F3900AA921E396CBD2D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:23:44.0390 0x0ff4  iPod Service - ok
11:23:44.0640 0x0ff4  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:23:44.0656 0x0ff4  IPSec - ok
11:23:44.0703 0x0ff4  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:23:44.0703 0x0ff4  IRENUM - ok
11:23:44.0843 0x0ff4  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:23:44.0859 0x0ff4  isapnp - ok
11:23:45.0359 0x0ff4  [ 5472D771C0197355C1D347F20392B982, 02554ECD622199DCBAA2100AFFCB54B4B7D487B184F14D1C1EFD53F0D461FC9F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
11:23:45.0390 0x0ff4  JavaQuickStarterService - ok
11:23:45.0468 0x0ff4  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:23:45.0484 0x0ff4  Kbdclass - ok
11:23:45.0546 0x0ff4  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:23:45.0562 0x0ff4  kbdhid - ok
11:23:45.0656 0x0ff4  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:23:45.0781 0x0ff4  kmixer - ok
11:23:45.0921 0x0ff4  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:23:45.0937 0x0ff4  KSecDD - ok
11:23:46.0015 0x0ff4  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
11:23:46.0046 0x0ff4  lanmanserver - ok
11:23:46.0296 0x0ff4  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:23:46.0343 0x0ff4  lanmanworkstation - ok
11:23:46.0375 0x0ff4  lbrtfdc - ok
11:23:46.0453 0x0ff4  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:23:46.0468 0x0ff4  LmHosts - ok
11:23:46.0546 0x0ff4  [ 9FB982DE1C8DD769F8ED681DD878B12F, 52239A2E7E9F1FCBE0050D525B2FF3888A3DB81C780CB0DE684FBD0E1C9A941C ] lvpopflt        C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
11:23:46.0578 0x0ff4  lvpopflt - ok
11:23:46.0625 0x0ff4  [ 1A7DB7A00A4B0D8DA24CD691A4547291, 604E29E827841EA06313172D9063FD946CE592BF844CEA8D10173CAA397704F8 ] LVPr2Mon        C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
11:23:46.0640 0x0ff4  LVPr2Mon - ok
11:23:48.0156 0x0ff4  [ 0DDFDCAA92C7F553328DB06BA599BEA9, DB779E38B1CF1CAD69193857043F8ED8BBEB603E97363CD798F6699431D94A41 ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
11:23:48.0375 0x0ff4  LVPrcSrv - ok
11:23:48.0640 0x0ff4  [ 37072EC9299E825F4335CC554B6FAC6A, AF5809137454A1DFE029F96BF6C6198CB19D469A0FE3285D7CDE7B0D84D8A465 ] LVRS            C:\WINDOWS\system32\DRIVERS\lvrs.sys
11:23:48.0828 0x0ff4  LVRS - ok
11:23:52.0578 0x0ff4  [ A240E42A7402E927A71B6E8AA4629B13, 43E361B97FCC11F4F81C3211489AE5938D5422D3FCEC3C143CF5C4C4D4E553DB ] LVUVC           C:\WINDOWS\system32\DRIVERS\lvuvc.sys
11:23:57.0015 0x0ff4  LVUVC - ok
11:23:57.0156 0x0ff4  [ 0DB7527DB188C7D967A37BB51BBF3963, 3812E26626EC49BE61B0B8DA5FE6E838C0FEF8A08363C239F64E6CCA0BA949D5 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
11:23:57.0187 0x0ff4  MBAMSwissArmy - ok
11:23:57.0500 0x0ff4  [ 8566E3E7E14517C3142F9EBAF68C3CF4, 1E7A279B8EF1FA8C4D7DB0B72E031DDC39D82FC694A22808BD6C76EF98BB7BF1 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
11:23:57.0671 0x0ff4  McComponentHostService - ok
11:23:57.0781 0x0ff4  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:23:57.0796 0x0ff4  Messenger - ok
11:23:57.0828 0x0ff4  [ 9B90303A9C9405A6CE1466FF4AA20FDD, 86EEAC9FEBD5EBE0564D899FE74C1AABEDA45CD5EE0989AAC7CF8A1034B459E9 ] mmc_2K          C:\WINDOWS\system32\drivers\mmc_2K.sys
11:23:58.0968 0x0ff4  mmc_2K - ok
11:23:59.0703 0x0ff4  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:24:00.0859 0x0ff4  mnmdd - ok
11:24:01.0015 0x0ff4  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
11:24:01.0062 0x0ff4  mnmsrvc - ok
11:24:01.0234 0x0ff4  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:24:02.0359 0x0ff4  Modem - ok
11:24:02.0562 0x0ff4  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:24:02.0593 0x0ff4  Mouclass - ok
11:24:02.0609 0x0ff4  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:24:02.0625 0x0ff4  mouhid - ok
11:24:02.0703 0x0ff4  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:24:02.0703 0x0ff4  MountMgr - ok
11:24:02.0718 0x0ff4  mraid35x - ok
11:24:02.0859 0x0ff4  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:24:02.0968 0x0ff4  MRxDAV - ok
11:24:03.0359 0x0ff4  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:24:03.0609 0x0ff4  MRxSmb - ok
11:24:03.0750 0x0ff4  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
11:24:03.0750 0x0ff4  MSDTC - ok
11:24:03.0843 0x0ff4  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:24:03.0859 0x0ff4  Msfs - ok
11:24:03.0859 0x0ff4  MSIServer - ok
11:24:03.0906 0x0ff4  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:24:03.0921 0x0ff4  MSKSSRV - ok
11:24:03.0937 0x0ff4  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:24:03.0968 0x0ff4  MSPCLOCK - ok
11:24:04.0281 0x0ff4  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:24:04.0296 0x0ff4  MSPQM - ok
11:24:04.0328 0x0ff4  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:24:04.0359 0x0ff4  mssmbios - ok
11:24:04.0484 0x0ff4  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
11:24:04.0500 0x0ff4  MSTEE - ok
11:24:04.0671 0x0ff4  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:24:04.0718 0x0ff4  Mup - ok
11:24:04.0906 0x0ff4  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:24:05.0000 0x0ff4  NABTSFEC - ok
11:24:05.0343 0x0ff4  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:24:05.0500 0x0ff4  napagent - ok
11:24:05.0671 0x0ff4  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:24:05.0812 0x0ff4  NDIS - ok
11:24:05.0906 0x0ff4  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:24:05.0937 0x0ff4  NdisIP - ok
11:24:06.0031 0x0ff4  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:24:06.0062 0x0ff4  NdisTapi - ok
11:24:06.0296 0x0ff4  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:24:06.0343 0x0ff4  Ndisuio - ok
11:24:06.0421 0x0ff4  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:24:06.0468 0x0ff4  NdisWan - ok
11:24:06.0593 0x0ff4  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:24:06.0609 0x0ff4  NDProxy - ok
11:24:06.0671 0x0ff4  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:24:06.0703 0x0ff4  NetBIOS - ok
11:24:06.0859 0x0ff4  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:24:06.0968 0x0ff4  NetBT - ok
11:24:07.0187 0x0ff4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:24:07.0234 0x0ff4  NetDDE - ok
11:24:07.0265 0x0ff4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:24:07.0265 0x0ff4  NetDDEdsdm - ok
11:24:07.0328 0x0ff4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:24:07.0375 0x0ff4  Netlogon - ok
11:24:07.0609 0x0ff4  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
11:24:07.0640 0x0ff4  Netman - ok
11:24:07.0843 0x0ff4  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:24:07.0937 0x0ff4  NetTcpPortSharing - ok
11:24:08.0296 0x0ff4  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:24:08.0343 0x0ff4  Nla - ok
11:24:08.0359 0x0ff4  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:24:08.0375 0x0ff4  Npfs - ok
11:24:08.0796 0x0ff4  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:24:09.0109 0x0ff4  Ntfs - ok
11:24:09.0375 0x0ff4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
11:24:09.0375 0x0ff4  NtLmSsp - ok
11:24:09.0875 0x0ff4  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:24:10.0250 0x0ff4  NtmsSvc - ok
11:24:10.0437 0x0ff4  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:24:11.0250 0x0ff4  Null - ok
11:24:11.0437 0x0ff4  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:24:11.0437 0x0ff4  NwlnkFlt - ok
11:24:11.0500 0x0ff4  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:24:11.0515 0x0ff4  NwlnkFwd - ok
11:24:12.0625 0x0ff4  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:24:12.0875 0x0ff4  odserv - ok
11:24:13.0046 0x0ff4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:24:13.0078 0x0ff4  ose - ok
11:24:13.0265 0x0ff4  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:24:13.0312 0x0ff4  Parport - ok
11:24:13.0453 0x0ff4  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:24:13.0484 0x0ff4  PartMgr - ok
11:24:13.0593 0x0ff4  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:24:13.0609 0x0ff4  ParVdm - ok
11:24:13.0718 0x0ff4  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:24:13.0750 0x0ff4  PCI - ok
11:24:13.0765 0x0ff4  PCIDump - ok
11:24:13.0843 0x0ff4  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:24:13.0875 0x0ff4  PCIIde - ok
11:24:13.0937 0x0ff4  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:24:15.0140 0x0ff4  Pcmcia - ok
11:24:15.0140 0x0ff4  PDCOMP - ok
11:24:15.0156 0x0ff4  PDFRAME - ok
11:24:15.0328 0x0ff4  [ 40C611622882C3FCAFEB845C1E12A10F, A4F5790D9976D06822A656DCFDFEF76831A00089F6AC5519429142E6CBBC3EAC ] PDFsFilter      C:\WINDOWS\system32\DRIVERS\PDFsFilter.sys
11:24:15.0453 0x0ff4  PDFsFilter - ok
11:24:15.0453 0x0ff4  PDRELI - ok
11:24:15.0468 0x0ff4  PDRFRAME - ok
11:24:15.0484 0x0ff4  perc2 - ok
11:24:15.0484 0x0ff4  perc2hib - ok
11:24:15.0531 0x0ff4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
11:24:15.0546 0x0ff4  PlugPlay - ok
11:24:15.0609 0x0ff4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:24:15.0625 0x0ff4  PolicyAgent - ok
11:24:15.0984 0x0ff4  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:24:16.0000 0x0ff4  PptpMiniport - ok
11:24:16.0437 0x0ff4  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
11:24:16.0453 0x0ff4  Processor - ok
11:24:16.0515 0x0ff4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:24:16.0515 0x0ff4  ProtectedStorage - ok
11:24:16.0656 0x0ff4  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:24:16.0703 0x0ff4  PSched - ok
11:24:16.0843 0x0ff4  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:24:16.0859 0x0ff4  Ptilink - ok
11:24:17.0046 0x0ff4  [ D8B90616A8BD53DE281DBDB664C0984A, C7E6631716E6BF8CCCE1D49961DE6BE824F44C3E9C4906BA61839600B27C9CD9 ] pwd_2k          C:\WINDOWS\system32\drivers\pwd_2k.sys
11:24:19.0328 0x0ff4  pwd_2k - ok
11:24:19.0343 0x0ff4  ql1080 - ok
11:24:19.0343 0x0ff4  Ql10wnt - ok
11:24:19.0359 0x0ff4  ql12160 - ok
11:24:19.0359 0x0ff4  ql1240 - ok
11:24:19.0375 0x0ff4  ql1280 - ok
11:24:19.0437 0x0ff4  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:24:19.0484 0x0ff4  RasAcd - ok
11:24:19.0640 0x0ff4  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:24:19.0703 0x0ff4  RasAuto - ok
11:24:19.0781 0x0ff4  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:24:19.0796 0x0ff4  Rasl2tp - ok
11:24:19.0968 0x0ff4  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:24:20.0062 0x0ff4  RasMan - ok
11:24:20.0093 0x0ff4  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:24:20.0125 0x0ff4  RasPppoe - ok
11:24:20.0234 0x0ff4  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:24:20.0250 0x0ff4  Raspti - ok
11:24:20.0406 0x0ff4  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:24:20.0531 0x0ff4  Rdbss - ok
11:24:20.0625 0x0ff4  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:24:20.0625 0x0ff4  RDPCDD - ok
11:24:20.0859 0x0ff4  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:24:21.0046 0x0ff4  rdpdr - ok
11:24:21.0406 0x0ff4  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:24:21.0546 0x0ff4  RDPWD - ok
11:24:21.0656 0x0ff4  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:24:21.0812 0x0ff4  RDSessMgr - ok
11:24:21.0937 0x0ff4  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:24:21.0968 0x0ff4  redbook - ok
11:24:22.0250 0x0ff4  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:24:22.0265 0x0ff4  RemoteAccess - ok
11:24:22.0453 0x0ff4  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:24:22.0484 0x0ff4  RemoteRegistry - ok
11:24:22.0656 0x0ff4  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\System32\locator.exe
11:24:22.0687 0x0ff4  RpcLocator - ok
11:24:22.0921 0x0ff4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
11:24:23.0171 0x0ff4  RpcSs - ok
11:24:23.0468 0x0ff4  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\System32\rsvp.exe
11:24:23.0578 0x0ff4  RSVP - ok
11:24:23.0671 0x0ff4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:24:23.0671 0x0ff4  SamSs - ok
11:24:23.0843 0x0ff4  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:24:23.0890 0x0ff4  SCardSvr - ok
11:24:23.0953 0x0ff4  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:24:24.0109 0x0ff4  Schedule - ok
11:24:24.0312 0x0ff4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:24:24.0328 0x0ff4  Secdrv - ok
11:24:24.0468 0x0ff4  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:24:24.0500 0x0ff4  seclogon - ok
11:24:25.0656 0x0ff4  [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8, E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] senfilt         C:\WINDOWS\system32\drivers\senfilt.sys
11:24:26.0140 0x0ff4  senfilt - ok
11:24:26.0343 0x0ff4  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
11:24:26.0359 0x0ff4  SENS - ok
11:24:26.0437 0x0ff4  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:24:26.0468 0x0ff4  serenum - ok
11:24:26.0546 0x0ff4  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:24:26.0578 0x0ff4  Serial - ok
11:24:26.0687 0x0ff4  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:24:27.0640 0x0ff4  Sfloppy - ok
11:24:27.0968 0x0ff4  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:24:28.0265 0x0ff4  SharedAccess - ok
11:24:28.0468 0x0ff4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:24:28.0593 0x0ff4  ShellHWDetection - ok
11:24:28.0609 0x0ff4  Simbad - ok
11:24:28.0968 0x0ff4  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
11:24:29.0125 0x0ff4  SkypeUpdate - ok
11:24:29.0359 0x0ff4  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:24:29.0375 0x0ff4  SLIP - ok
11:24:29.0625 0x0ff4  [ 0066FF77AEB4AE70066F7E94D5A6D866, 5067FC7F71FD3D1AFF4173D6379EF85DCB2B6B5588897430F3B440F3BB85D967 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
11:24:29.0796 0x0ff4  smwdm - ok
11:24:29.0812 0x0ff4  Sparrow - ok
11:24:29.0843 0x0ff4  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:24:29.0859 0x0ff4  splitter - ok
11:24:29.0937 0x0ff4  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:24:29.0968 0x0ff4  Spooler - ok
11:24:30.0218 0x0ff4  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:24:30.0250 0x0ff4  sr - ok
11:24:30.0437 0x0ff4  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:24:30.0546 0x0ff4  srservice - ok
11:24:30.0890 0x0ff4  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:24:31.0171 0x0ff4  Srv - ok
11:24:31.0375 0x0ff4  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:24:31.0406 0x0ff4  SSDPSRV - ok
11:24:31.0593 0x0ff4  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:24:31.0718 0x0ff4  stisvc - ok
11:24:31.0796 0x0ff4  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:24:31.0828 0x0ff4  streamip - ok
11:24:31.0921 0x0ff4  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:24:31.0953 0x0ff4  swenum - ok
11:24:32.0000 0x0ff4  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:24:32.0031 0x0ff4  swmidi - ok
11:24:32.0031 0x0ff4  SwPrv - ok
11:24:32.0609 0x0ff4  [ 267C914667C94E5F47D342311C1C577F, E4FE7A8E41680E6845AD4D0FEEF4EDA6DACAE7728D2401520175AAD8ED16ABAD ] Symantec RemoteAssist C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
11:24:33.0234 0x0ff4  Symantec RemoteAssist - ok
11:24:33.0250 0x0ff4  symc810 - ok
11:24:33.0250 0x0ff4  symc8xx - ok
11:24:33.0265 0x0ff4  sym_hi - ok
11:24:33.0281 0x0ff4  sym_u3 - ok
11:24:33.0359 0x0ff4  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:24:33.0375 0x0ff4  sysaudio - ok
11:24:33.0515 0x0ff4  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:24:33.0562 0x0ff4  SysmonLog - ok
11:24:33.0687 0x0ff4  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:24:33.0906 0x0ff4  TapiSrv - ok
11:24:34.0093 0x0ff4  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:24:34.0312 0x0ff4  Tcpip - ok
11:24:34.0453 0x0ff4  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:24:35.0437 0x0ff4  TDPIPE - ok
11:24:35.0562 0x0ff4  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:24:36.0546 0x0ff4  TDTCP - ok
11:24:36.0640 0x0ff4  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:24:36.0640 0x0ff4  TermDD - ok
11:24:36.0968 0x0ff4  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
11:24:37.0281 0x0ff4  TermService - ok
11:24:37.0500 0x0ff4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:24:37.0640 0x0ff4  Themes - ok
11:24:37.0671 0x0ff4  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
11:24:37.0703 0x0ff4  TlntSvr - ok
11:24:37.0703 0x0ff4  TosIde - ok
11:24:38.0296 0x0ff4  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:24:38.0343 0x0ff4  TrkWks - ok
11:24:38.0562 0x0ff4  [ 4E75005B74BE901C30F2636DF40B0C15, 367C665D5ECC6A1DCAC7124DA202A2EB6ABCE287C6FB60599995130806946755 ] UdfReadr_xp     C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
11:24:38.0828 0x0ff4  UdfReadr_xp - ok
11:24:38.0890 0x0ff4  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:24:40.0000 0x0ff4  Udfs - ok
11:24:40.0015 0x0ff4  ultra - ok
11:24:40.0406 0x0ff4  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:24:40.0609 0x0ff4  Update - ok
11:24:40.0859 0x0ff4  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:24:41.0109 0x0ff4  upnphost - ok
11:24:41.0125 0x0ff4  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
11:24:41.0140 0x0ff4  UPS - ok
11:24:41.0281 0x0ff4  [ 83CAFCB53201BBAC04D822F32438E244, E3F6FDE4D429FB630B19417DD9752A2CE9F6C9FD58918D714B5438A3D4136853 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
11:24:41.0296 0x0ff4  USBAAPL - ok
11:24:41.0375 0x0ff4  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
11:24:41.0390 0x0ff4  usbaudio - ok
11:24:41.0468 0x0ff4  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:24:41.0468 0x0ff4  usbccgp - ok
11:24:41.0562 0x0ff4  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:24:41.0578 0x0ff4  usbehci - ok
11:24:41.0703 0x0ff4  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:24:41.0734 0x0ff4  usbhub - ok
11:24:41.0984 0x0ff4  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:24:42.0015 0x0ff4  usbscan - ok
11:24:42.0093 0x0ff4  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:24:42.0109 0x0ff4  USBSTOR - ok
11:24:42.0406 0x0ff4  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:24:42.0406 0x0ff4  usbuhci - ok
11:24:42.0609 0x0ff4  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
11:24:42.0625 0x0ff4  usbvideo - ok
11:24:42.0656 0x0ff4  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:24:42.0671 0x0ff4  VgaSave - ok
11:24:42.0671 0x0ff4  ViaIde - ok
11:24:42.0734 0x0ff4  [ 7C38F81F40D61D1607DDB62FE5817BB9, 3F93FC993956856B44375CA6E3A8268069783E0493BDC4A6277288C59BD0CDD8 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:24:42.0750 0x0ff4  Suspicious file ( Forged ): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7C38F81F40D61D1607DDB62FE5817BB9, sha256: 3F93FC993956856B44375CA6E3A8268069783E0493BDC4A6277288C59BD0CDD8, fake md5: 4C8FCB5CC53AAB716D810740FE59D025, fake sha256: 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4
11:24:42.0750 0x0ff4  VolSnap - detected Rootkit.Win32.TDSS.tdl3 ( 0 )
11:24:45.0421 0x0ff4  VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - infected
11:24:45.0421 0x0ff4  Force sending object to P2P due to detect: C:\WINDOWS\system32\drivers\VolSnap.sys
11:24:48.0062 0x0ff4  Object send P2P result: true
11:24:50.0640 0x0ff4  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
11:24:50.0828 0x0ff4  VSS - ok
11:24:52.0281 0x0ff4  [ EEEBD0C31A8607CC329AEE747AB61B22, AC562AA6A260E30A47490E46D5B0EA1704CD523DB84F37DE36FB69F1559E8140 ] vToolbarUpdater17.3.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
11:24:53.0625 0x0ff4  vToolbarUpdater17.3.0 - ok
11:24:55.0171 0x0ff4  [ A9129F1C74B137B4310F8377DBBB224C, B4CB740BD307A3F4B6A922E5F281E18E547DFBBECEA9881AA7A1AC6B19233687 ] vToolbarUpdater18.0.5 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
11:24:56.0578 0x0ff4  vToolbarUpdater18.0.5 - ok
11:24:56.0718 0x0ff4  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
11:24:56.0859 0x0ff4  W32Time - ok
11:24:56.0921 0x0ff4  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:24:56.0953 0x0ff4  Wanarp - ok
11:24:56.0968 0x0ff4  WDICA - ok
11:24:57.0015 0x0ff4  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:24:57.0062 0x0ff4  wdmaud - ok
11:24:57.0156 0x0ff4  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:24:57.0234 0x0ff4  WebClient - ok
11:24:58.0156 0x0ff4  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:24:58.0515 0x0ff4  winmgmt - ok
11:24:58.0734 0x0ff4  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
11:24:58.0765 0x0ff4  WmdmPmSN - ok
11:24:59.0265 0x0ff4  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
11:24:59.0703 0x0ff4  Wmi - ok
11:24:59.0984 0x0ff4  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
11:25:00.0000 0x0ff4  WmiApSrv - ok
11:25:00.0109 0x0ff4  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:25:00.0125 0x0ff4  WS2IFSL - ok
11:25:00.0234 0x0ff4  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:25:00.0406 0x0ff4  wscsvc - ok
11:25:00.0421 0x0ff4  WSearch - ok
11:25:00.0515 0x0ff4  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:25:00.0546 0x0ff4  WSTCODEC - ok
11:25:00.0578 0x0ff4  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:25:00.0609 0x0ff4  wuauserv - ok
11:25:00.0828 0x0ff4  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:25:01.0109 0x0ff4  WZCSVC - ok
11:25:01.0203 0x0ff4  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:25:01.0281 0x0ff4  xmlprov - ok
11:25:01.0750 0x0ff4  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:25:02.0140 0x0ff4  YahooAUService - ok
11:25:02.0156 0x0ff4  ================ Scan global ===============================
11:25:02.0343 0x0ff4  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
11:25:02.0531 0x0ff4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:25:02.0968 0x0ff4  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:25:03.0125 0x0ff4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
11:25:03.0156 0x0ff4  [ Global ] - ok
11:25:03.0156 0x0ff4  ================ Scan MBR ==================================
11:25:03.0156 0x0ff4  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:25:18.0718 0x0ff4  \Device\Harddisk0\DR0 - ok
11:25:18.0718 0x0ff4  ================ Scan VBR ==================================
11:25:18.0781 0x0ff4  [ F7A3082A53478EB6856B916E26967D30 ] \Device\Harddisk0\DR0\Partition1
11:25:18.0828 0x0ff4  \Device\Harddisk0\DR0\Partition1 - ok
11:25:24.0281 0x0ff4  AV detected via SS1: AVG AntiVirus Free Edition 2014, 2014.0, enabled, updated
11:25:24.0937 0x0ff4  Win FW state via NFM: enabled
11:25:27.0781 0x0ff4  ============================================================
11:25:27.0781 0x0ff4  Scan finished
11:25:27.0781 0x0ff4  ============================================================
11:25:27.0953 0x0a4c  Detected object count: 1
11:25:27.0953 0x0a4c  Actual detected object count: 1
11:26:02.0921 0x0a4c  VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - skipped by user
11:26:02.0921 0x0a4c  VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Skip 
12:08:02.0109 0x0ca8  ============================================================
12:08:02.0109 0x0ca8  Scan started
12:08:02.0109 0x0ca8  Mode: Manual; 
12:08:02.0109 0x0ca8  ============================================================
12:08:02.0109 0x0ca8  KSN ping started
12:08:04.0609 0x0ca8  KSN ping finished: true
12:08:05.0796 0x0ca8  ================ Scan system memory ========================
12:08:05.0796 0x0ca8  System memory - ok
12:08:05.0812 0x0ca8  ================ Scan services =============================
12:08:05.0906 0x0ca8  Abiosdsk - ok
12:08:05.0921 0x0ca8  abp480n5 - ok
12:08:05.0968 0x0ca8  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:08:05.0984 0x0ca8  ACPI - ok
12:08:06.0015 0x0ca8  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:08:06.0031 0x0ca8  ACPIEC - ok
12:08:06.0125 0x0ca8  [ 9915504F602D277EE47FD843A677FD15, 308B8FC957AB70FC982ED1B780A3D106B3E372397468795B2A7E7DF30FBB5760 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:08:06.0187 0x0ca8  AdobeFlashPlayerUpdateSvc - ok
12:08:06.0218 0x0ca8  adpu160m - ok
12:08:06.0250 0x0ca8  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:08:06.0265 0x0ca8  aec - ok
12:08:06.0312 0x0ca8  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:08:06.0312 0x0ca8  AFD - ok
12:08:06.0328 0x0ca8  Aha154x - ok
12:08:06.0359 0x0ca8  aic78u2 - ok
12:08:06.0359 0x0ca8  aic78xx - ok
12:08:06.0406 0x0ca8  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:08:06.0406 0x0ca8  Alerter - ok
12:08:06.0421 0x0ca8  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
12:08:06.0421 0x0ca8  ALG - ok
12:08:06.0437 0x0ca8  AliIde - ok
12:08:06.0437 0x0ca8  amsint - ok
12:08:06.0546 0x0ca8  [ 3DEBBECF665DCDDE3A95D9B902010817, F56F4A7A36FAF5FC2306E108A24E75E13EE1F2D1002D9CB71E3327A55F8694CE ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:08:06.0562 0x0ca8  Apple Mobile Device - ok
12:08:06.0609 0x0ca8  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
12:08:06.0640 0x0ca8  AppMgmt - ok
12:08:06.0640 0x0ca8  asc - ok
12:08:06.0656 0x0ca8  asc3350p - ok
12:08:06.0656 0x0ca8  asc3550 - ok
12:08:06.0734 0x0ca8  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:08:06.0750 0x0ca8  aspnet_state - ok
12:08:06.0796 0x0ca8  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:08:06.0796 0x0ca8  AsyncMac - ok
12:08:06.0812 0x0ca8  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:08:06.0828 0x0ca8  atapi - ok
12:08:06.0828 0x0ca8  Atdisk - ok
12:08:06.0859 0x0ca8  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:08:06.0875 0x0ca8  Atmarpc - ok
12:08:06.0921 0x0ca8  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:08:06.0921 0x0ca8  AudioSrv - ok
12:08:06.0968 0x0ca8  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:08:06.0968 0x0ca8  audstub - ok
12:08:07.0015 0x0ca8  [ B4A79941AB02993E43A6C2248CE932FD, 250A4F35CC366FA65A918C9EDDA1E278CA20AC77412EDAD716A2BB1BF07DB7B8 ] Avgdiskx        C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
12:08:07.0031 0x0ca8  Avgdiskx - ok
12:08:07.0468 0x0ca8  [ 9D5EA7BD5E29F404CD158AED17B40A15, BC38F90AD8BBB51C27D9D325E400DF10B8A8BE34A497A7207F2E73E46E9AB3EE ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
12:08:07.0671 0x0ca8  AVGIDSAgent - ok
12:08:07.0765 0x0ca8  [ 92CA68E3361576420C43FC33C47DECF7, 33C566F5327737CA1EFBFC5369372AED088A103CE18CDD352D10DDF2841A40A2 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
12:08:07.0765 0x0ca8  AVGIDSDriver - ok
12:08:07.0828 0x0ca8  [ 4D792ED58F49235704E580C34391CFF5, 368B882052B75B6FE147A3EC0873A50FC6A9E96E8298EAA50186FD259FEE5E34 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
12:08:07.0859 0x0ca8  AVGIDSHX - ok
12:08:07.0906 0x0ca8  [ 18B3FFED808F032E037ED7F54A838053, 488FBA275B7B0B97E4372EA1BDFBB53238B0BF201DF004CC8FCDA82A0A0105DD ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
12:08:07.0906 0x0ca8  AVGIDSShim - ok
12:08:07.0953 0x0ca8  [ 578ECC3D911897B2C5B760EDAF8ED6CA, 99CAACB349C8629D4BE6070BDBFB0BDB4A13ABFFF738F04D723D2AFE7EA58894 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:08:08.0000 0x0ca8  Avgldx86 - ok
12:08:08.0046 0x0ca8  [ BD1A440B9F126AFE52978A44952B0018, 83577249AACC3F0C655C27A471739113B2086BFC1FF15D0ED7E64B0215B739DB ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
12:08:08.0062 0x0ca8  Avglogx - ok
12:08:08.0078 0x0ca8  [ 7DC192EC714342E7C020C7CF42E394D8, 09F4CFFD93067E62B09C550A7A0588E90CAD190E49E1B7082FC5A949AF389781 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:08:08.0078 0x0ca8  Avgmfx86 - ok
12:08:08.0093 0x0ca8  [ E6322DF686CE1C59D7797FAEF0732454, 03534F19568B421F9BE9C99A7A5302D38FCABA26E95C49A492DA49E58A918B55 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:08:08.0125 0x0ca8  Avgrkx86 - ok
12:08:08.0171 0x0ca8  [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:08:08.0187 0x0ca8  Avgtdix - ok
12:08:08.0234 0x0ca8  [ 06AEB065AC25A2CFF80E1DF0303EC55B, EE913D669741B3F844AFEEFCF232D2D2C94081BCB39F79D81D7A7133DBC57252 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
12:08:08.0250 0x0ca8  avgtp - ok
12:08:08.0312 0x0ca8  [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
12:08:08.0343 0x0ca8  avgwd - ok
12:08:08.0421 0x0ca8  [ 2ACF06176B9D011567D7F25B83DDD066, E34D8A2DF542ADC3FD4E5D582C3D1EFED868900CD31458012AD28AAD5BB86D40 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:08:08.0421 0x0ca8  b57w2k - ok
12:08:08.0468 0x0ca8  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:08:08.0468 0x0ca8  Beep - ok
12:08:08.0531 0x0ca8  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:08:08.0578 0x0ca8  BITS - ok
12:08:08.0671 0x0ca8  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:08:08.0718 0x0ca8  Bonjour Service - ok
12:08:08.0750 0x0ca8  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
12:08:08.0750 0x0ca8  Browser - ok
12:08:08.0875 0x0ca8  catchme - ok
12:08:08.0937 0x0ca8  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:08:08.0937 0x0ca8  cbidf2k - ok
12:08:08.0968 0x0ca8  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:08:09.0000 0x0ca8  CCDECODE - ok
12:08:09.0000 0x0ca8  cd20xrnt - ok
12:08:09.0062 0x0ca8  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:08:09.0062 0x0ca8  Cdaudio - ok
12:08:09.0109 0x0ca8  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:08:09.0109 0x0ca8  Cdfs - ok
 
Link to post
Share on other sites

(Here is rest of TDSSKiller log.  It did not fit in one post...   too long!):

 

 

 

12:08:09.0156 0x0ca8  [ 297ACC7D7C66EC86EE0B4EB5AF9A8FD3, 4752F8786494D45CADC5A2618FF50D4D7F87F2823F94C12ED6D34D4F56D47B88 ] Cdr4_xp         C:\WINDOWS\system32\drivers\Cdr4_xp.sys
12:08:09.0171 0x0ca8  Cdr4_xp - ok
12:08:09.0203 0x0ca8  [ 5E31ABF467A6FD857710C0927C88EE4C, 774B0AFD7584BC7FFC4BB6C15510CD968A60DB945468CE30A03F8643471977A0 ] Cdralw2k        C:\WINDOWS\system32\drivers\Cdralw2k.sys
12:08:09.0218 0x0ca8  Cdralw2k - ok
12:08:09.0234 0x0ca8  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:08:09.0250 0x0ca8  Cdrom - ok
12:08:09.0328 0x0ca8  [ CFD81F2140193FC7F1812E6D6EAF6795, 0A356DF83744D68F1DE981E6AC756246EE3FD44E18CF3D43C57CEE301B78047B ] cdudf_xp        C:\WINDOWS\system32\drivers\cdudf_xp.sys
12:08:09.0343 0x0ca8  cdudf_xp - ok
12:08:09.0343 0x0ca8  Changer - ok
12:08:09.0406 0x0ca8  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:08:09.0406 0x0ca8  CiSvc - ok
12:08:09.0453 0x0ca8  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:08:09.0468 0x0ca8  ClipSrv - ok
12:08:09.0546 0x0ca8  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:08:09.0640 0x0ca8  clr_optimization_v2.0.50727_32 - ok
12:08:09.0640 0x0ca8  CmdIde - ok
12:08:09.0656 0x0ca8  COMSysApp - ok
12:08:09.0671 0x0ca8  Cpqarray - ok
12:08:09.0718 0x0ca8  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:08:09.0718 0x0ca8  CryptSvc - ok
12:08:09.0734 0x0ca8  dac2w2k - ok
12:08:09.0765 0x0ca8  dac960nt - ok
12:08:09.0812 0x0ca8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:08:09.0828 0x0ca8  DcomLaunch - ok
12:08:09.0906 0x0ca8  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:08:09.0921 0x0ca8  Dhcp - ok
12:08:09.0968 0x0ca8  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:08:09.0984 0x0ca8  Disk - ok
12:08:10.0000 0x0ca8  dmadmin - ok
12:08:10.0093 0x0ca8  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:08:10.0140 0x0ca8  dmboot - ok
12:08:10.0171 0x0ca8  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:08:10.0187 0x0ca8  dmio - ok
12:08:10.0234 0x0ca8  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:08:10.0234 0x0ca8  dmload - ok
12:08:10.0296 0x0ca8  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:08:10.0312 0x0ca8  dmserver - ok
12:08:10.0343 0x0ca8  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:08:10.0343 0x0ca8  DMusic - ok
12:08:10.0390 0x0ca8  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:08:10.0390 0x0ca8  Dnscache - ok
12:08:10.0437 0x0ca8  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:08:10.0453 0x0ca8  Dot3svc - ok
12:08:10.0515 0x0ca8  [ 3E4B043F8BC6BE1D4820CC6C9C500306, 41F5AB9F3D65FEF3AB50562A3B91A3268B887CCF7FE5FC9D49478147700C72F4 ] Dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
12:08:10.0531 0x0ca8  Dot4 - ok
12:08:10.0562 0x0ca8  [ 77CE63A8A34AE23D9FE4C7896D1DEBE7, FC17B00AEDC57AC436EACD2D576642098479E5CE10A42775D339B66A53460DC7 ] Dot4Print       C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
12:08:10.0578 0x0ca8  Dot4Print - ok
12:08:10.0578 0x0ca8  dpti2o - ok
12:08:10.0625 0x0ca8  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:08:10.0640 0x0ca8  drmkaud - ok
12:08:10.0640 0x0ca8  [ 677829F7010768EEEED8D0083E510DAB, 03D45E16B0949E126D139A0414C9D659EFFCAF018C4319B7FA663DE73C972B8C ] dvd_2K          C:\WINDOWS\system32\drivers\dvd_2K.sys
12:08:10.0656 0x0ca8  dvd_2K - ok
12:08:10.0687 0x0ca8  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:08:10.0703 0x0ca8  EapHost - ok
12:08:10.0750 0x0ca8  [ 6E883BF518296A40959131C2304AF714, FCBDAB6C9220742821D1A1711D39688889B578E0992F8B41945027DB23E92777 ] EL90XBC         C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
12:08:10.0750 0x0ca8  EL90XBC - ok
12:08:10.0796 0x0ca8  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:08:10.0796 0x0ca8  ERSvc - ok
12:08:10.0828 0x0ca8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
12:08:10.0843 0x0ca8  Eventlog - ok
12:08:10.0890 0x0ca8  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\System32\es.dll
12:08:10.0906 0x0ca8  EventSystem - ok
12:08:10.0937 0x0ca8  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:08:10.0953 0x0ca8  Fastfat - ok
12:08:11.0000 0x0ca8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:08:11.0000 0x0ca8  FastUserSwitchingCompatibility - ok
12:08:11.0031 0x0ca8  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
12:08:11.0046 0x0ca8  Fdc - ok
12:08:11.0078 0x0ca8  [ B73EC688C29F81F9DA0FCF63682B3ECB, 07726D786C983D871711EC32D494D57C223472607A8301B4D62FCA9E9EA20677 ] FilterService   C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
12:08:11.0109 0x0ca8  FilterService - ok
12:08:11.0140 0x0ca8  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:08:11.0156 0x0ca8  Fips - ok
12:08:11.0171 0x0ca8  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:08:11.0171 0x0ca8  Flpydisk - ok
12:08:11.0218 0x0ca8  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
12:08:11.0250 0x0ca8  FltMgr - ok
12:08:11.0312 0x0ca8  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:08:11.0312 0x0ca8  FontCache3.0.0.0 - ok
12:08:11.0328 0x0ca8  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:08:11.0328 0x0ca8  Fs_Rec - ok
12:08:11.0359 0x0ca8  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:08:11.0375 0x0ca8  Ftdisk - ok
12:08:11.0421 0x0ca8  [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:08:11.0421 0x0ca8  GEARAspiWDM - ok
12:08:11.0453 0x0ca8  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:08:11.0453 0x0ca8  Gpc - ok
12:08:11.0546 0x0ca8  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:08:11.0546 0x0ca8  helpsvc - ok
12:08:11.0593 0x0ca8  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:08:11.0593 0x0ca8  HidServ - ok
12:08:11.0640 0x0ca8  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:08:11.0640 0x0ca8  hidusb - ok
12:08:11.0671 0x0ca8  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:08:11.0687 0x0ca8  hkmsvc - ok
12:08:11.0687 0x0ca8  hpn - ok
12:08:11.0765 0x0ca8  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:08:11.0781 0x0ca8  HTTP - ok
12:08:11.0828 0x0ca8  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:08:11.0843 0x0ca8  HTTPFilter - ok
12:08:11.0843 0x0ca8  i2omgmt - ok
12:08:11.0859 0x0ca8  i2omp - ok
12:08:11.0890 0x0ca8  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
12:08:11.0906 0x0ca8  i8042prt - ok
12:08:12.0000 0x0ca8  [ 5A8E05F1D5C36ABD58CFFA111EB325EA, F881543B911C94BA6E0E4FF754286F18DBB30DAEEA13982A7D5179E51AC2C30F ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:08:12.0109 0x0ca8  ialm - ok
12:08:12.0187 0x0ca8  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:08:12.0187 0x0ca8  IDriverT - ok
12:08:12.0328 0x0ca8  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:08:12.0375 0x0ca8  idsvc - ok
12:08:12.0406 0x0ca8  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:08:12.0421 0x0ca8  Imapi - ok
12:08:12.0468 0x0ca8  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:08:12.0484 0x0ca8  ImapiService - ok
12:08:12.0500 0x0ca8  ini910u - ok
12:08:12.0515 0x0ca8  IntelIde - ok
12:08:12.0546 0x0ca8  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:08:12.0546 0x0ca8  intelppm - ok
12:08:12.0640 0x0ca8  [ 1A263BD87C082FA7AB38093014C8FC79, AC056DBA008D4909AE7D219FB624B243FD15F6451B91387CE9B4D4B3E0364C85 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
12:08:12.0640 0x0ca8  IntuitUpdateService - ok
12:08:12.0750 0x0ca8  [ 4C279F23F88E0854CE94731E55BF6E77, FC8F935BC8F062BC6CD676922B24F7721F43EA25DA4638A3CD4CCB8018F527CE ] ioloSystemService C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
12:08:12.0875 0x0ca8  ioloSystemService - ok
12:08:12.0906 0x0ca8  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
12:08:12.0937 0x0ca8  ip6fw - ok
12:08:12.0953 0x0ca8  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:08:12.0953 0x0ca8  IpInIp - ok
12:08:12.0984 0x0ca8  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:08:13.0000 0x0ca8  IpNat - ok
12:08:13.0078 0x0ca8  [ CA1972397B845B2F53F5DC63C22FD98A, EA1B454B64085E42CA344872F194E7E3776DE49C281A2F3900AA921E396CBD2D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:08:13.0156 0x0ca8  iPod Service - ok
12:08:13.0187 0x0ca8  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:08:13.0203 0x0ca8  IPSec - ok
12:08:13.0218 0x0ca8  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:08:13.0234 0x0ca8  IRENUM - ok
12:08:13.0281 0x0ca8  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:08:13.0281 0x0ca8  isapnp - ok
12:08:13.0375 0x0ca8  [ 5472D771C0197355C1D347F20392B982, 02554ECD622199DCBAA2100AFFCB54B4B7D487B184F14D1C1EFD53F0D461FC9F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
12:08:13.0375 0x0ca8  JavaQuickStarterService - ok
12:08:13.0406 0x0ca8  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:08:13.0406 0x0ca8  Kbdclass - ok
12:08:13.0421 0x0ca8  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:08:13.0421 0x0ca8  kbdhid - ok
12:08:13.0437 0x0ca8  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:08:13.0468 0x0ca8  kmixer - ok
12:08:13.0500 0x0ca8  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:08:13.0500 0x0ca8  KSecDD - ok
12:08:13.0562 0x0ca8  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
12:08:13.0562 0x0ca8  lanmanserver - ok
12:08:13.0625 0x0ca8  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:08:13.0640 0x0ca8  lanmanworkstation - ok
12:08:13.0656 0x0ca8  lbrtfdc - ok
12:08:13.0734 0x0ca8  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:08:13.0750 0x0ca8  LmHosts - ok
12:08:13.0781 0x0ca8  [ 9FB982DE1C8DD769F8ED681DD878B12F, 52239A2E7E9F1FCBE0050D525B2FF3888A3DB81C780CB0DE684FBD0E1C9A941C ] lvpopflt        C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
12:08:13.0781 0x0ca8  lvpopflt - ok
12:08:13.0828 0x0ca8  [ 1A7DB7A00A4B0D8DA24CD691A4547291, 604E29E827841EA06313172D9063FD946CE592BF844CEA8D10173CAA397704F8 ] LVPr2Mon        C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
12:08:13.0843 0x0ca8  LVPr2Mon - ok
12:08:13.0953 0x0ca8  [ 0DDFDCAA92C7F553328DB06BA599BEA9, DB779E38B1CF1CAD69193857043F8ED8BBEB603E97363CD798F6699431D94A41 ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
12:08:13.0953 0x0ca8  LVPrcSrv - ok
12:08:14.0015 0x0ca8  [ 37072EC9299E825F4335CC554B6FAC6A, AF5809137454A1DFE029F96BF6C6198CB19D469A0FE3285D7CDE7B0D84D8A465 ] LVRS            C:\WINDOWS\system32\DRIVERS\lvrs.sys
12:08:14.0031 0x0ca8  LVRS - ok
12:08:14.0406 0x0ca8  [ A240E42A7402E927A71B6E8AA4629B13, 43E361B97FCC11F4F81C3211489AE5938D5422D3FCEC3C143CF5C4C4D4E553DB ] LVUVC           C:\WINDOWS\system32\DRIVERS\lvuvc.sys
12:08:14.0828 0x0ca8  LVUVC - ok
12:08:14.0906 0x0ca8  [ 0DB7527DB188C7D967A37BB51BBF3963, 3812E26626EC49BE61B0B8DA5FE6E838C0FEF8A08363C239F64E6CCA0BA949D5 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
12:08:14.0906 0x0ca8  MBAMSwissArmy - ok
12:08:15.0000 0x0ca8  [ 8566E3E7E14517C3142F9EBAF68C3CF4, 1E7A279B8EF1FA8C4D7DB0B72E031DDC39D82FC694A22808BD6C76EF98BB7BF1 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
12:08:15.0000 0x0ca8  McComponentHostService - ok
12:08:15.0078 0x0ca8  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:08:15.0078 0x0ca8  Messenger - ok
12:08:15.0093 0x0ca8  [ 9B90303A9C9405A6CE1466FF4AA20FDD, 86EEAC9FEBD5EBE0564D899FE74C1AABEDA45CD5EE0989AAC7CF8A1034B459E9 ] mmc_2K          C:\WINDOWS\system32\drivers\mmc_2K.sys
12:08:15.0093 0x0ca8  mmc_2K - ok
12:08:15.0140 0x0ca8  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:08:15.0140 0x0ca8  mnmdd - ok
12:08:15.0187 0x0ca8  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
12:08:15.0187 0x0ca8  mnmsrvc - ok
12:08:15.0234 0x0ca8  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:08:15.0234 0x0ca8  Modem - ok
12:08:15.0250 0x0ca8  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:08:15.0265 0x0ca8  Mouclass - ok
12:08:15.0265 0x0ca8  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:08:15.0281 0x0ca8  mouhid - ok
12:08:15.0296 0x0ca8  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:08:15.0312 0x0ca8  MountMgr - ok
12:08:15.0328 0x0ca8  mraid35x - ok
12:08:15.0343 0x0ca8  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:08:15.0343 0x0ca8  MRxDAV - ok
12:08:15.0406 0x0ca8  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:08:15.0468 0x0ca8  MRxSmb - ok
12:08:15.0531 0x0ca8  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
12:08:15.0531 0x0ca8  MSDTC - ok
12:08:15.0562 0x0ca8  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:08:15.0578 0x0ca8  Msfs - ok
12:08:15.0578 0x0ca8  MSIServer - ok
12:08:15.0609 0x0ca8  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:08:15.0609 0x0ca8  MSKSSRV - ok
12:08:15.0625 0x0ca8  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:08:15.0625 0x0ca8  MSPCLOCK - ok
12:08:15.0656 0x0ca8  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:08:15.0656 0x0ca8  MSPQM - ok
12:08:15.0671 0x0ca8  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:08:15.0703 0x0ca8  mssmbios - ok
12:08:15.0734 0x0ca8  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
12:08:15.0734 0x0ca8  MSTEE - ok
12:08:15.0796 0x0ca8  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:08:15.0796 0x0ca8  Mup - ok
12:08:15.0875 0x0ca8  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:08:15.0875 0x0ca8  NABTSFEC - ok
12:08:15.0921 0x0ca8  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:08:15.0937 0x0ca8  napagent - ok
12:08:15.0968 0x0ca8  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:08:15.0984 0x0ca8  NDIS - ok
12:08:16.0031 0x0ca8  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:08:16.0031 0x0ca8  NdisIP - ok
12:08:16.0078 0x0ca8  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:08:16.0078 0x0ca8  NdisTapi - ok
12:08:16.0156 0x0ca8  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:08:16.0156 0x0ca8  Ndisuio - ok
12:08:16.0171 0x0ca8  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:08:16.0171 0x0ca8  NdisWan - ok
12:08:16.0218 0x0ca8  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:08:16.0250 0x0ca8  NDProxy - ok
12:08:16.0265 0x0ca8  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:08:16.0265 0x0ca8  NetBIOS - ok
12:08:16.0312 0x0ca8  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:08:16.0312 0x0ca8  NetBT - ok
12:08:16.0375 0x0ca8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:08:16.0375 0x0ca8  NetDDE - ok
12:08:16.0390 0x0ca8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:08:16.0406 0x0ca8  NetDDEdsdm - ok
12:08:16.0453 0x0ca8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:08:16.0453 0x0ca8  Netlogon - ok
12:08:16.0515 0x0ca8  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
12:08:16.0531 0x0ca8  Netman - ok
12:08:16.0562 0x0ca8  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:08:16.0562 0x0ca8  NetTcpPortSharing - ok
12:08:16.0609 0x0ca8  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:08:16.0640 0x0ca8  Nla - ok
12:08:16.0671 0x0ca8  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:08:16.0671 0x0ca8  Npfs - ok
12:08:16.0734 0x0ca8  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:08:16.0812 0x0ca8  Ntfs - ok
12:08:16.0828 0x0ca8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
12:08:16.0828 0x0ca8  NtLmSsp - ok
12:08:16.0906 0x0ca8  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:08:16.0921 0x0ca8  NtmsSvc - ok
12:08:16.0937 0x0ca8  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:08:16.0953 0x0ca8  Null - ok
12:08:16.0984 0x0ca8  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:08:16.0984 0x0ca8  NwlnkFlt - ok
12:08:17.0000 0x0ca8  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:08:17.0031 0x0ca8  NwlnkFwd - ok
12:08:17.0125 0x0ca8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:08:17.0187 0x0ca8  odserv - ok
12:08:17.0218 0x0ca8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:08:17.0234 0x0ca8  ose - ok
12:08:17.0265 0x0ca8  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
12:08:17.0296 0x0ca8  Parport - ok
12:08:17.0343 0x0ca8  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:08:17.0343 0x0ca8  PartMgr - ok
12:08:17.0390 0x0ca8  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:08:17.0421 0x0ca8  ParVdm - ok
12:08:17.0453 0x0ca8  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:08:17.0453 0x0ca8  PCI - ok
12:08:17.0453 0x0ca8  PCIDump - ok
12:08:17.0500 0x0ca8  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:08:17.0500 0x0ca8  PCIIde - ok
12:08:17.0531 0x0ca8  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:08:17.0562 0x0ca8  Pcmcia - ok
12:08:17.0562 0x0ca8  PDCOMP - ok
12:08:17.0578 0x0ca8  PDFRAME - ok
12:08:17.0625 0x0ca8  [ 40C611622882C3FCAFEB845C1E12A10F, A4F5790D9976D06822A656DCFDFEF76831A00089F6AC5519429142E6CBBC3EAC ] PDFsFilter      C:\WINDOWS\system32\DRIVERS\PDFsFilter.sys
12:08:17.0625 0x0ca8  PDFsFilter - ok
12:08:17.0640 0x0ca8  PDRELI - ok
12:08:17.0640 0x0ca8  PDRFRAME - ok
12:08:17.0656 0x0ca8  perc2 - ok
12:08:17.0671 0x0ca8  perc2hib - ok
12:08:17.0750 0x0ca8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:08:17.0750 0x0ca8  PlugPlay - ok
12:08:17.0765 0x0ca8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:08:17.0765 0x0ca8  PolicyAgent - ok
12:08:17.0843 0x0ca8  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:08:17.0843 0x0ca8  PptpMiniport - ok
12:08:17.0859 0x0ca8  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
12:08:17.0859 0x0ca8  Processor - ok
12:08:17.0875 0x0ca8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:08:17.0875 0x0ca8  ProtectedStorage - ok
12:08:17.0890 0x0ca8  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:08:17.0890 0x0ca8  PSched - ok
12:08:17.0937 0x0ca8  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:08:17.0953 0x0ca8  Ptilink - ok
12:08:17.0984 0x0ca8  [ D8B90616A8BD53DE281DBDB664C0984A, C7E6631716E6BF8CCCE1D49961DE6BE824F44C3E9C4906BA61839600B27C9CD9 ] pwd_2k          C:\WINDOWS\system32\drivers\pwd_2k.sys
12:08:17.0984 0x0ca8  pwd_2k - ok
12:08:18.0000 0x0ca8  ql1080 - ok
12:08:18.0015 0x0ca8  Ql10wnt - ok
12:08:18.0015 0x0ca8  ql12160 - ok
12:08:18.0031 0x0ca8  ql1240 - ok
12:08:18.0046 0x0ca8  ql1280 - ok
12:08:18.0062 0x0ca8  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:08:18.0062 0x0ca8  RasAcd - ok
12:08:18.0109 0x0ca8  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:08:18.0109 0x0ca8  RasAuto - ok
12:08:18.0140 0x0ca8  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:08:18.0140 0x0ca8  Rasl2tp - ok
12:08:18.0171 0x0ca8  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:08:18.0187 0x0ca8  RasMan - ok
12:08:18.0203 0x0ca8  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:08:18.0218 0x0ca8  RasPppoe - ok
12:08:18.0234 0x0ca8  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:08:18.0234 0x0ca8  Raspti - ok
12:08:18.0265 0x0ca8  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:08:18.0265 0x0ca8  Rdbss - ok
12:08:18.0281 0x0ca8  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:08:18.0281 0x0ca8  RDPCDD - ok
12:08:18.0312 0x0ca8  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:08:18.0359 0x0ca8  rdpdr - ok
12:08:18.0421 0x0ca8  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:08:18.0421 0x0ca8  RDPWD - ok
12:08:18.0468 0x0ca8  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:08:18.0484 0x0ca8  RDSessMgr - ok
12:08:18.0515 0x0ca8  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:08:18.0515 0x0ca8  redbook - ok
12:08:18.0562 0x0ca8  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:08:18.0562 0x0ca8  RemoteAccess - ok
12:08:18.0609 0x0ca8  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
12:08:18.0609 0x0ca8  RemoteRegistry - ok
12:08:18.0640 0x0ca8  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\System32\locator.exe
12:08:18.0656 0x0ca8  RpcLocator - ok
12:08:18.0703 0x0ca8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
12:08:18.0718 0x0ca8  RpcSs - ok
12:08:18.0796 0x0ca8  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\System32\rsvp.exe
12:08:18.0796 0x0ca8  RSVP - ok
12:08:18.0828 0x0ca8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:08:18.0828 0x0ca8  SamSs - ok
12:08:18.0875 0x0ca8  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:08:18.0875 0x0ca8  SCardSvr - ok
12:08:18.0921 0x0ca8  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:08:18.0937 0x0ca8  Schedule - ok
12:08:18.0968 0x0ca8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:08:19.0000 0x0ca8  Secdrv - ok
12:08:19.0015 0x0ca8  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:08:19.0031 0x0ca8  seclogon - ok
12:08:19.0093 0x0ca8  [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8, E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] senfilt         C:\WINDOWS\system32\drivers\senfilt.sys
12:08:19.0171 0x0ca8  senfilt - ok
12:08:19.0203 0x0ca8  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
12:08:19.0218 0x0ca8  SENS - ok
12:08:19.0234 0x0ca8  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
12:08:19.0265 0x0ca8  serenum - ok
12:08:19.0281 0x0ca8  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:08:19.0281 0x0ca8  Serial - ok
12:08:19.0343 0x0ca8  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:08:19.0343 0x0ca8  Sfloppy - ok
12:08:19.0375 0x0ca8  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:08:19.0390 0x0ca8  SharedAccess - ok
12:08:19.0437 0x0ca8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:08:19.0437 0x0ca8  ShellHWDetection - ok
12:08:19.0453 0x0ca8  Simbad - ok
12:08:19.0546 0x0ca8  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
12:08:19.0546 0x0ca8  SkypeUpdate - ok
12:08:19.0593 0x0ca8  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:08:19.0593 0x0ca8  SLIP - ok
12:08:19.0640 0x0ca8  [ 0066FF77AEB4AE70066F7E94D5A6D866, 5067FC7F71FD3D1AFF4173D6379EF85DCB2B6B5588897430F3B440F3BB85D967 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
12:08:19.0671 0x0ca8  smwdm - ok
12:08:19.0687 0x0ca8  Sparrow - ok
12:08:19.0703 0x0ca8  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:08:19.0703 0x0ca8  splitter - ok
12:08:19.0750 0x0ca8  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:08:19.0750 0x0ca8  Spooler - ok
12:08:19.0781 0x0ca8  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:08:19.0796 0x0ca8  sr - ok
12:08:19.0859 0x0ca8  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:08:19.0859 0x0ca8  srservice - ok
12:08:19.0906 0x0ca8  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:08:19.0953 0x0ca8  Srv - ok
12:08:20.0000 0x0ca8  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:08:20.0015 0x0ca8  SSDPSRV - ok
12:08:20.0046 0x0ca8  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:08:20.0078 0x0ca8  stisvc - ok
12:08:20.0109 0x0ca8  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:08:20.0109 0x0ca8  streamip - ok
12:08:20.0140 0x0ca8  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:08:20.0140 0x0ca8  swenum - ok
12:08:20.0171 0x0ca8  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:08:20.0171 0x0ca8  swmidi - ok
12:08:20.0187 0x0ca8  SwPrv - ok
12:08:20.0296 0x0ca8  [ 267C914667C94E5F47D342311C1C577F, E4FE7A8E41680E6845AD4D0FEEF4EDA6DACAE7728D2401520175AAD8ED16ABAD ] Symantec RemoteAssist C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
12:08:20.0328 0x0ca8  Symantec RemoteAssist - ok
12:08:20.0375 0x0ca8  symc810 - ok
12:08:20.0375 0x0ca8  symc8xx - ok
12:08:20.0390 0x0ca8  sym_hi - ok
12:08:20.0406 0x0ca8  sym_u3 - ok
12:08:20.0437 0x0ca8  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:08:20.0453 0x0ca8  sysaudio - ok
12:08:20.0500 0x0ca8  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:08:20.0500 0x0ca8  SysmonLog - ok
12:08:20.0562 0x0ca8  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:08:20.0593 0x0ca8  TapiSrv - ok
12:08:20.0671 0x0ca8  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:08:20.0703 0x0ca8  Tcpip - ok
12:08:20.0750 0x0ca8  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:08:20.0750 0x0ca8  TDPIPE - ok
12:08:20.0765 0x0ca8  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:08:20.0765 0x0ca8  TDTCP - ok
12:08:20.0796 0x0ca8  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:08:20.0796 0x0ca8  TermDD - ok
12:08:20.0859 0x0ca8  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
12:08:20.0890 0x0ca8  TermService - ok
12:08:20.0921 0x0ca8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:08:20.0921 0x0ca8  Themes - ok
12:08:20.0968 0x0ca8  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
12:08:20.0968 0x0ca8  TlntSvr - ok
12:08:20.0984 0x0ca8  TosIde - ok
12:08:21.0031 0x0ca8  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:08:21.0046 0x0ca8  TrkWks - ok
12:08:21.0062 0x0ca8  [ 4E75005B74BE901C30F2636DF40B0C15, 367C665D5ECC6A1DCAC7124DA202A2EB6ABCE287C6FB60599995130806946755 ] UdfReadr_xp     C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
12:08:21.0078 0x0ca8  UdfReadr_xp - ok
12:08:21.0125 0x0ca8  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:08:21.0156 0x0ca8  Udfs - ok
12:08:21.0171 0x0ca8  ultra - ok
12:08:21.0234 0x0ca8  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:08:21.0296 0x0ca8  Update - ok
12:08:21.0343 0x0ca8  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:08:21.0359 0x0ca8  upnphost - ok
12:08:21.0421 0x0ca8  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
12:08:21.0421 0x0ca8  UPS - ok
12:08:21.0453 0x0ca8  [ 83CAFCB53201BBAC04D822F32438E244, E3F6FDE4D429FB630B19417DD9752A2CE9F6C9FD58918D714B5438A3D4136853 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
12:08:21.0453 0x0ca8  USBAAPL - ok
12:08:21.0484 0x0ca8  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
12:08:21.0484 0x0ca8  usbaudio - ok
12:08:21.0500 0x0ca8  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:08:21.0500 0x0ca8  usbccgp - ok
12:08:21.0562 0x0ca8  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:08:21.0562 0x0ca8  usbehci - ok
12:08:21.0609 0x0ca8  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:08:21.0609 0x0ca8  usbhub - ok
12:08:21.0656 0x0ca8  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:08:21.0656 0x0ca8  usbscan - ok
12:08:21.0687 0x0ca8  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:08:21.0687 0x0ca8  USBSTOR - ok
12:08:21.0703 0x0ca8  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:08:21.0718 0x0ca8  usbuhci - ok
12:08:21.0750 0x0ca8  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
12:08:21.0765 0x0ca8  usbvideo - ok
12:08:21.0812 0x0ca8  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:08:21.0812 0x0ca8  VgaSave - ok
12:08:21.0828 0x0ca8  ViaIde - ok
12:08:21.0875 0x0ca8  [ 7C38F81F40D61D1607DDB62FE5817BB9, 3F93FC993956856B44375CA6E3A8268069783E0493BDC4A6277288C59BD0CDD8 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:08:21.0875 0x0ca8  Suspicious file ( Forged ): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7C38F81F40D61D1607DDB62FE5817BB9, sha256: 3F93FC993956856B44375CA6E3A8268069783E0493BDC4A6277288C59BD0CDD8, fake md5: 4C8FCB5CC53AAB716D810740FE59D025, fake sha256: 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4
12:08:21.0875 0x0ca8  VolSnap - detected Rootkit.Win32.TDSS.tdl3 ( 0 )
12:08:21.0875 0x0ca8  VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - infected
12:08:21.0875 0x0ca8  Force sending object to P2P due to detect: C:\WINDOWS\system32\drivers\VolSnap.sys
12:08:35.0828 0x0ca8  Object send P2P result: true
12:08:38.0359 0x0ca8  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
12:08:38.0375 0x0ca8  VSS - ok
12:08:38.0593 0x0ca8  [ EEEBD0C31A8607CC329AEE747AB61B22, AC562AA6A260E30A47490E46D5B0EA1704CD523DB84F37DE36FB69F1559E8140 ] vToolbarUpdater17.3.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
12:08:38.0781 0x0ca8  vToolbarUpdater17.3.0 - ok
12:08:38.0937 0x0ca8  [ A9129F1C74B137B4310F8377DBBB224C, B4CB740BD307A3F4B6A922E5F281E18E547DFBBECEA9881AA7A1AC6B19233687 ] vToolbarUpdater18.0.5 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
12:08:39.0046 0x0ca8  vToolbarUpdater18.0.5 - ok
12:08:39.0125 0x0ca8  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
12:08:39.0125 0x0ca8  W32Time - ok
12:08:39.0156 0x0ca8  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:08:39.0156 0x0ca8  Wanarp - ok
12:08:39.0171 0x0ca8  WDICA - ok
12:08:39.0187 0x0ca8  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:08:39.0203 0x0ca8  wdmaud - ok
12:08:39.0250 0x0ca8  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:08:39.0250 0x0ca8  WebClient - ok
12:08:39.0343 0x0ca8  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:08:39.0343 0x0ca8  winmgmt - ok
12:08:39.0421 0x0ca8  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
12:08:39.0421 0x0ca8  WmdmPmSN - ok
12:08:39.0484 0x0ca8  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
12:08:39.0515 0x0ca8  Wmi - ok
12:08:39.0562 0x0ca8  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:08:39.0578 0x0ca8  WmiApSrv - ok
12:08:39.0640 0x0ca8  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:08:39.0671 0x0ca8  WS2IFSL - ok
12:08:39.0750 0x0ca8  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:08:39.0765 0x0ca8  wscsvc - ok
12:08:39.0781 0x0ca8  WSearch - ok
12:08:39.0843 0x0ca8  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:08:39.0859 0x0ca8  WSTCODEC - ok
12:08:39.0906 0x0ca8  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:08:39.0921 0x0ca8  wuauserv - ok
12:08:40.0015 0x0ca8  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:08:40.0187 0x0ca8  WZCSVC - ok
12:08:40.0281 0x0ca8  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:08:40.0296 0x0ca8  xmlprov - ok
12:08:40.0484 0x0ca8  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
12:08:40.0765 0x0ca8  YahooAUService - ok
12:08:40.0796 0x0ca8  ================ Scan global ===============================
12:08:40.0843 0x0ca8  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
12:08:40.0921 0x0ca8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
12:08:40.0953 0x0ca8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
12:08:41.0000 0x0ca8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
12:08:41.0000 0x0ca8  [ Global ] - ok
12:08:41.0015 0x0ca8  ================ Scan MBR ==================================
12:08:41.0031 0x0ca8  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:08:41.0609 0x0ca8  \Device\Harddisk0\DR0 - ok
12:08:41.0625 0x0ca8  ================ Scan VBR ==================================
12:08:41.0625 0x0ca8  [ F7A3082A53478EB6856B916E26967D30 ] \Device\Harddisk0\DR0\Partition1
12:08:41.0625 0x0ca8  \Device\Harddisk0\DR0\Partition1 - ok
12:08:41.0687 0x0ca8  AV detected via SS1: AVG AntiVirus Free Edition 2014, 2014.0, enabled, updated
12:08:41.0687 0x0ca8  Win FW state via NFM: enabled
12:08:44.0140 0x0ca8  ============================================================
12:08:44.0140 0x0ca8  Scan finished
12:08:44.0140 0x0ca8  ============================================================
12:08:44.0171 0x0b60  Detected object count: 1
12:08:44.0171 0x0b60  Actual detected object count: 1
12:09:00.0750 0x0b60  C:\WINDOWS\system32\drivers\VolSnap.sys - copied to quarantine
12:09:01.0015 0x0b60  VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Quarantine 
12:11:15.0046 0x0c30  Deinitialize success
 
Link to post
Share on other sites

Ok, ComboFix worked ok.  Log file:

 

 

ComboFix 14-03-24.01 - user 03/24/2014  13:23:25.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.557 [GMT -4:00]
Running from: c:\documents and settings\user\My Documents\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-24 to 2014-03-24  )))))))))))))))))))))))))))))))
.
.
2014-03-24 16:09 . 2014-03-24 16:09 -------- d-----w- C:\TDSSKiller_Quarantine
2014-03-24 15:31 . 2014-03-24 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2014-03-23 23:49 . 2014-03-23 23:49 -------- d-----w- c:\program files\ESET
2014-03-23 22:04 . 2014-03-23 22:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-03-23 21:53 . 2014-03-23 21:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2014-03-18 14:44 . 2014-02-26 01:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-18 14:44 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-03-18 14:41 . 2014-03-18 14:41 -------- d-----w- c:\documents and settings\user\Application Data\AVG2014
2014-03-18 01:14 . 2014-03-18 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2014
2014-03-18 00:58 . 2014-03-18 16:03 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Avg2014
2014-03-18 00:31 . 2014-03-18 00:31 -------- d-----w- c:\program files\McAfee Security Scan
2014-03-08 23:08 . 2014-03-08 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2014-03-07 21:48 . 2014-03-07 21:48 -------- d-----w- c:\program files\Common Files\Skype
2014-02-26 21:22 . 2014-02-26 21:22 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\WMTools Downloaded Files
2014-02-26 19:53 . 2014-02-26 19:53 -------- d-----w- c:\program files\GUM2.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-20 20:07 . 2013-04-01 01:28 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-02-24 11:46 . 2003-07-16 16:45 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2003-07-16 16:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2003-07-16 16:24 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2003-07-16 16:20 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2008-12-09 22:34 385024 ----a-w- c:\windows\system32\html.iec
2014-02-07 02:01 . 2003-07-16 16:45 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2003-07-16 16:36 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-20 01:46 . 2011-12-23 17:32 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-01-04 03:13 . 2003-07-16 16:43 420864 ----a-w- c:\windows\system32\vbscript.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-03-20 20:07 3486232 ----a-w- c:\program files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll" [2014-03-20 3486232]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ROC_ROC_JAN2013_AV"="c:\documents and settings\user\Application Data\AVG January 2013 Campaign\ROC_JAN2013_AV.exe" [2013-01-17 1234000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP SchedIndexer"="c:\program files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe" [2002-01-03 94208]
"HP AutoIndexer"="c:\program files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe" [2002-01-03 90112]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-03-20 4971024]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2014-03-20 2544664]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP LaserJet Director.lnk - c:\program files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe [2009-4-2 204800]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 277920]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [11/25/2013 9:49 PM 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [3/31/2013 9:28 PM 42272]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/24/2013 1:33 AM 348008]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/27/2013 12:38 PM 1053184]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [1/27/2013 12:38 PM 68464]
R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2/8/2014 5:25 PM 1772056]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [3/20/2014 4:08 PM 1771032]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2/23/2014 9:22 PM 3782672]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 9:15 AM 172192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/23/2014 6:04 PM 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [1/15/2014 8:39 PM 235696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 02:46]
.
2014-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2014-03-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-09-07 15:21]
.
2014-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1801674531-839522115-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-02 23:24]
.
2014-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1801674531-839522115-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-02 23:24]
.
2014-03-24 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
2014-03-19 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
2014-03-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
2013-01-27 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\documents and settings\All Users\Application Data\AVG January 2013 Campaign\ROC.exe [2013-01-27 21:16]
.
2014-03-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-04-09 21:43]
.
2014-03-24 c:\windows\Tasks\User_Feed_Synchronization-{22C36C8E-C947-46D7-8BD5-E0AF3555115F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-24 13:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2014-03-24  13:34:44
ComboFix-quarantined-files.txt  2014-03-24 17:34
.
Pre-Run: 12,138,254,336 bytes free
Post-Run: 12,128,595,968 bytes free
.
- - End Of File - - 1799E8F489A54EE6718A346F028C2026
8F558EB6672622401DA993E1E865C861
Link to post
Share on other sites

Update:

 

In between running TDSSKiller and Combofix above, I got a new error message saying "PEV.exe needs to close. Send error report to MicroSoft?".  

 

I don't think I was running anything called "PEV.exe".  But this did not force a reboot like my SERVICES.exe always does.

 

Also, just a few minutes ago, I did get my usual random SERVICES.exe forced reboot again. So whatever TDSSKiller managed to quarantine, the trojan is still active somewhere.

Link to post
Share on other sites

PEV.exe is part of Combofix and crashes sometimes on unstable systems - no worries.

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"




Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.