Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected and DDS and TDSSKiller Won't Run


  • This topic is locked This topic is locked
28 replies to this topic

#1 beachmark

beachmark

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 16 November 2012 - 08:06 PM

This started as an infection that looked like the Windows Repair virus, but has been too stubborn for me to manage. OS is Windows XP, SP3. Computer connects to a LAN hanging off a server; server looks to be unaffected but another WinXP computer on the same LAN got infected at the same time. I am working on PC #1 now. I keep it disconnected from the LAN and the www as much as I can, while this is going on. (I got the Google Redirect bug in the switch router about 2 years ago so I am wondering if that got infected again.)

1st PC Symptoms:
1. Initially showed typical Windows Repair Virus symptoms as I have come to understand them; it affected one user primarily. Could log in as another user and not have symptoms, and ran MalwareBytes OK. Infected user seemed Ok for a while.
2. Symptoms returned for the infected user and saw other indications of more infection in other users, even administrator. Noted that the McAfee sysmbol would change (after the normal McAfee start delay) from the normal McAfee 'red M in the box', to a box filled with a blue-gray background and with ugly black squiggles all through it; no letters or pattern. This was in the icon tray in the lower right hand corner.
3. Ran MalwareBytes several times as administrator in both regular Windows XP and in Safe Mode. Early MWB runs caught several instances of a rootkit.agent with the files names JWZDCONA. These appear to have cleaned up, but then MWB always came up with the same registry issues in IE browser setting files after reboot and rerun of MWB multiple times. Also, Malwarebytes found a file C:\I386\IDREGAD.exe but it seemed to just move to other places with new names after attempts to remove it at reboot.
4. Removed McAfee with the standard WinXP SW removal procedure, since I suspected there was a bug there.
5. Other apps like Quickbooks will run normally but there are the repeated failures of MBW to get rid of the same issues at reboot, along with the issues below.
6. Tried to run TDSSKiller; no luck even after renaming to a different filename and .com extension.
7. DSS.exe will not complete running; it starts and the progress bar moves to 80% in the first screen after starting, but it and the PC are frozen; occasionally the mouse pointer changes to an hourglass but no completion even after 20+ minutes (but the taskbar clock sometimes updates....?!?) . I have to power recycle to get going again The same thing happens in regular Win XP mode and in Safe Mode (both as administrator).

This is getting beyond my expertise which is very limited. Any help would be appreciated very much. I have a separate laptop PC and wireless connection with which to work.
Beachmark

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 PM

Posted 16 November 2012 - 08:35 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 beachmark

beachmark
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 16 November 2012 - 09:55 PM

Thank you so much, Gringo. Here are the logs in the order requsted. I added RKreport 2 also.

Let me know if I need to repeat this as other users, or if doing it as administrator is enough.

I notice that some icons in the icon tray were gone after Rogue Killer, like the printer and Musicmatch and Quicktime and the Windows Security Alerts shield, but then reappeared after I restarted again. Otherwise, things look pretty much the same.

Regards!

______________________________________________________________________________________________________

CheckUP Log

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 30
Java 2 Runtime Environment, SE v1.4.2
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X 10.0.1 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````

__________________________________________________________________________________________________________________

ADWCleaner Log

# AdwCleaner v2.007 - Logfile created 11/16/2012 at 21:22:58
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - CORSICO1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator.CORSICO1\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

*************************

AdwCleaner[S2].txt - [1770 octets] - [16/11/2012 21:22:58]

########## EOF - C:\AdwCleaner[S2].txt - [1830 octets] ##########


______________________________________________________________________________________________________________

Rogue Killer Log 1

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 11/16/2012 21:32:07

Bad processes : 0

Registry Entries : 3
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [LOADED]

Infection : Root.MBR

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
192.168.2.202 corfu.gccrf.com corfu


MBR Check:

+++++ PhysicalDrive0: Maxtor 6Y080L0 +++++
--- User ---
[MBR] 6b61654af29af97c554fd93638735cc2
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 76253 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 8b567822eafddb3f78f25ebd1b54490c
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code [possible maxSST in 2!]
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 76253 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 156232125 | Size: 8 Mo

+++++ PhysicalDrive1: HP PSC 1610 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_11162012_02d2132.txt >>
RKreport[1]_S_11162012_02d2132.txt


_________________________________________________________________________________________

Rogue Killer Log 2

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 11/16/2012 21:32:47

Bad processes : 0

Registry Entries : 3
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [LOADED]

Infection : Root.MBR

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
192.168.2.202 corfu.gccrf.com corfu


MBR Check:

+++++ PhysicalDrive0: Maxtor 6Y080L0 +++++
--- User ---
[MBR] 6b61654af29af97c554fd93638735cc2
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 76253 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 8b567822eafddb3f78f25ebd1b54490c
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code [possible maxSST in 2!]
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 76253 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 156232125 | Size: 8 Mo

+++++ PhysicalDrive1: HP PSC 1610 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_11162012_02d2132.txt >>
RKreport[1]_S_11162012_02d2132.txt ; RKreport[2]_D_11162012_02d2132.txt

#4 beachmark

beachmark
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 16 November 2012 - 10:33 PM

By the way, I just noticed after the 2nd restart (when the tray icons returned) that I cannot shut down Windows in the normal fashion with Start> Shut Down> Shut Down. Also, the restart and log off functions don't work. Applications seem to start and run normally. I can shut it donwn with 'cntl-alt-del' and then select the Shut Down button from the window that pops up (that also has the Task Manager button).

No rush; it's later here and in PR too.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 PM

Posted 16 November 2012 - 10:37 PM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 beachmark

beachmark
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 17 November 2012 - 11:56 AM

Thanks Gringo,

The computer infected does not have an option in the BIOS Boot Sequence submenu for booting from a removable or USB drive; it only shows booting from 1. IDE CD-ROM, 2. Hard disk drive C: and 3. diskette. (The computer is a Dell Dimension 4600i series, BIOS version A07.) However, under the BIOS submenu of "Hard-Disk Drive Sequence', it has '1. System BIOS boot devices' and '2. USB device(not installed)'. I can move 'USB devices (not installed)' to number 1. in that submenu; will that allow boot from a USB?

And, BTW, Windows does now close in the infected PC with the normal 'Start>Shut Down>Shut down' sequence.

Thanks!

#7 beachmark

beachmark
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 17 November 2012 - 03:27 PM

OK, good deal, it managed to run Puppy Linux off of the USB; took a couple of tries at the BIOS to get it to run. BTW, I could not mount the floopy (A:) drive and am not sure that the CD (D:) drive mounted.

Screenshot 1 is attached.

Attached Files


Edited by beachmark, 17 November 2012 - 03:29 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 PM

Posted 17 November 2012 - 04:21 PM

hello

I need you to boot back into GParted and this time I want you to right click on the second (SDA2) and select manage flags and the select boot
click on apply and boot back into windows to report back here

If you have trouble booting into windows I want you to do the same process for the third partition (SDA1)

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 beachmark

beachmark
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 17 November 2012 - 05:07 PM

Did as instructed, Gringo, and Windows booted up normally after making the change to just SDA2. (Start-up may have been a wee bit faster but did nto have a stopwatch on it....) I did not have to go back to touch SDA1.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 PM

Posted 17 November 2012 - 05:30 PM

Hello


we need to boot once more into GParted and this time I want you to right click on the THirdd partition (the hidden one) and select delete


boot back into windows and report back here



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 beachmark

beachmark
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 17 November 2012 - 05:44 PM

Done; Windows booted up normally after the delete of the 3rd partition. That segment was left 'unallocated' in GParted.

BTW, I have not tried to log into Windows as any other user than 'administrator' through this process.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 PM

Posted 17 November 2012 - 06:06 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 beachmark

beachmark
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 17 November 2012 - 08:17 PM

Hey Gringo, Ran ComboFix as instructed. Ran pretty much according to what you said above; no hitches or surprises. It did download Recovery Console and installed it successfully.

Machine was running IE much faster before the ComboFix and now seems to run it and other programs at normal speed; some things are even faster. It loads bleepingcomputer.com and gets to thsoe pages must fsater than before deleting that hard drive partition.

Below is the Combofix file; let me know if this is it or if there is anymore I should do (besides install McAfee or some other antivirus program). I want to thank you and say that I am quite impressed by your knowledge and helpfulness!

----------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 12-11-16.02 - Administrator 11/17/2012 19:27:34.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.976 [GMT -5:00]
Running from: c:\documents and settings\Administrator.CORSICO1\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\CorsicoRF\g2mdlhlpx.exe
c:\documents and settings\CorsicoRF\WINDOWS
c:\documents and settings\TEMP\WINDOWS
c:\windows\system32\cryptuig.dll
c:\windows\system32\drivers\atwfuczg.sys
c:\windows\system32\drivers\jflflmos.sys
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_JFLFLMOS
-------\Service_jflflmos
.
.
((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))
.
.
2012-11-17 23:39 . 2012-11-17 23:39 -------- d-----w- c:\documents and settings\Administrator.CORSICO1\Application Data\Windows Search
2012-11-16 18:00 . 2012-11-16 18:00 -------- d-----w- c:\documents and settings\Administrator.CORSICO1\Local Settings\Application Data\Google
2012-11-16 14:38 . 2012-11-16 14:38 -------- d-----w- c:\documents and settings\Administrator.CORSICO1\Application Data\FileOpen
2012-11-15 14:29 . 2012-11-15 14:29 -------- d-----w- c:\documents and settings\Administrator.CORSICO1\Application Data\Malwarebytes
2012-11-13 16:21 . 2012-11-13 16:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-11-13 16:20 . 2012-11-13 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-11-13 16:20 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 16:20 . 2012-11-15 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-13 16:03 . 2012-11-13 16:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-06 53248]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-06 118784]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2005-10-14 69632]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-06-24 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-27 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-26 185632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker32.exe" [2011-12-10 726912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\SYSTEM32\DRIVERS\nipbcfk.sys [7/7/2009 10:23 AM 15448]
R1 ATMhelpr;ATMhelpr;c:\windows\SYSTEM32\DRIVERS\ATMHELPR.SYS [6/15/2005 11:01 AM 4064]
R2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc32.exe [12/9/2011 7:47 PM 213888]
R2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [3/5/2009 3:17 PM 131704]
R2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [12/1/2009 2:59 PM 193648]
R2 RDXmon;RDXmon 1.35;c:\program files\RD1000\Service\RDXmon.exe [3/10/2009 3:00 PM 77824]
S3 nipalfwedl;nipalfwedl;c:\windows\SYSTEM32\DRIVERS\nipalfwedl.sys [1/10/2010 3:53 AM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\SYSTEM32\DRIVERS\nipalusbedl.sys [1/10/2010 3:51 AM 11896]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JFLFLMOS
*NewlyCreated* - WS2IFSL
*Deregistered* - FileOpenWebPublisherScreenHookDriver
*Deregistered* - jflflmos
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 23:56]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 23:56]
.
2005-11-22 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-02-13 17:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.10
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Sonic RecordNow! - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-ECG and Relay Instant Cross Reference - c:\corsic~1\PRODUC~2\ECGTRA~1\ECG\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-17 19:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???????????x???x???????????x???x???????x???x???????????????????????p???h??????????????w????????????j??w????x???x??????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(328)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\system32\nisvcloc.exe
c:\windows\System32\HPZipm12.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\BCMSMMSG.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-11-17 19:50:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-18 00:50
.
Pre-Run: 43,235,852,288 bytes free
Post-Run: 44,300,906,496 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 8EB172516FAF88F0BCD93102F63482CB

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:55 PM

Posted 17 November 2012 - 08:27 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 beachmark

beachmark
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 17 November 2012 - 09:12 PM

Here you go, Gringo. Both programs executed smoothly.

--------------------------------------------------------------------------------------------------------------------
TDSSKiller Log

20:45:16.0868 3820 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:45:17.0290 3820 ============================================================
20:45:17.0290 3820 Current date / time: 2012/11/17 20:45:17.0290
20:45:17.0290 3820 SystemInfo:
20:45:17.0290 3820
20:45:17.0290 3820 OS Version: 5.1.2600 ServicePack: 3.0
20:45:17.0290 3820 Product type: Workstation
20:45:17.0290 3820 ComputerName: CORSICO1
20:45:17.0290 3820 UserName: Administrator
20:45:17.0290 3820 Windows directory: C:\WINDOWS
20:45:17.0290 3820 System windows directory: C:\WINDOWS
20:45:17.0290 3820 Processor architecture: Intel x86
20:45:17.0290 3820 Number of processors: 1
20:45:17.0290 3820 Page size: 0x1000
20:45:17.0290 3820 Boot type: Normal boot
20:45:17.0290 3820 ============================================================
20:45:19.0055 3820 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:45:19.0055 3820 Drive \Device\Harddisk1\DR3 - Size: 0x1E2A00000 (7.54 Gb), SectorSize: 0x200, Cylinders: 0x3D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:45:19.0071 3820 ============================================================
20:45:19.0071 3820 \Device\Harddisk0\DR0:
20:45:19.0071 3820 MBR partitions:
20:45:19.0071 3820 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x94EEEB9
20:45:19.0071 3820 \Device\Harddisk1\DR3:
20:45:19.0071 3820 MBR partitions:
20:45:19.0071 3820 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xC, StartLBA 0x1778, BlocksNum 0xF13888
20:45:19.0071 3820 ============================================================
20:45:19.0118 3820 C: <-> \Device\Harddisk0\DR0\Partition1
20:45:19.0118 3820 ============================================================
20:45:19.0118 3820 Initialize success
20:45:19.0118 3820 ============================================================
20:45:23.0680 1968 ============================================================
20:45:23.0680 1968 Scan started
20:45:23.0680 1968 Mode: Manual;
20:45:23.0680 1968 ============================================================
20:45:25.0508 1968 ================ Scan system memory ========================
20:45:25.0508 1968 System memory - ok
20:45:25.0508 1968 ================ Scan services =============================
20:45:25.0633 1968 Abiosdsk - ok
20:45:25.0696 1968 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
20:45:25.0696 1968 abp480n5 - ok
20:45:25.0758 1968 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:45:25.0774 1968 ACPI - ok
20:45:25.0789 1968 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:45:25.0789 1968 ACPIEC - ok
20:45:25.0852 1968 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\System32\DRIVERS\adpu160m.sys
20:45:25.0852 1968 adpu160m - ok
20:45:25.0883 1968 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
20:45:25.0883 1968 aeaudio - ok
20:45:25.0946 1968 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:45:25.0946 1968 aec - ok
20:45:25.0993 1968 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:45:26.0008 1968 AFD - ok
20:45:26.0055 1968 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\System32\DRIVERS\agp440.sys
20:45:26.0055 1968 agp440 - ok
20:45:26.0086 1968 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
20:45:26.0086 1968 agpCPQ - ok
20:45:26.0149 1968 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\System32\DRIVERS\aha154x.sys
20:45:26.0149 1968 Aha154x - ok
20:45:26.0196 1968 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\System32\DRIVERS\aic78u2.sys
20:45:26.0196 1968 aic78u2 - ok
20:45:26.0243 1968 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\System32\DRIVERS\aic78xx.sys
20:45:26.0243 1968 aic78xx - ok
20:45:26.0321 1968 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:45:26.0321 1968 Alerter - ok
20:45:26.0352 1968 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:45:26.0352 1968 ALG - ok
20:45:26.0430 1968 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\System32\DRIVERS\aliide.sys
20:45:26.0430 1968 AliIde - ok
20:45:26.0446 1968 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\System32\DRIVERS\alim1541.sys
20:45:26.0446 1968 alim1541 - ok
20:45:26.0477 1968 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\System32\DRIVERS\amdagp.sys
20:45:26.0477 1968 amdagp - ok
20:45:26.0493 1968 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\System32\DRIVERS\amsint.sys
20:45:26.0508 1968 amsint - ok
20:45:26.0602 1968 [ F2C15D421296FED50D809BA9CDFAAA9F ] APC UPS Service C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
20:45:26.0618 1968 APC UPS Service - ok
20:45:26.0680 1968 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:45:26.0680 1968 AppMgmt - ok
20:45:26.0743 1968 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\System32\DRIVERS\asc.sys
20:45:26.0743 1968 asc - ok
20:45:26.0774 1968 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\System32\DRIVERS\asc3350p.sys
20:45:26.0774 1968 asc3350p - ok
20:45:26.0789 1968 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\System32\DRIVERS\asc3550.sys
20:45:26.0789 1968 asc3550 - ok
20:45:26.0977 1968 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:45:26.0977 1968 aspnet_state - ok
20:45:27.0024 1968 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:45:27.0024 1968 AsyncMac - ok
20:45:27.0055 1968 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:45:27.0055 1968 atapi - ok
20:45:27.0071 1968 Atdisk - ok
20:45:27.0133 1968 [ 8759322FFC1A50569C1E5528EE8026B7 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:45:27.0164 1968 ati2mtag - ok
20:45:27.0227 1968 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:45:27.0227 1968 Atmarpc - ok
20:45:27.0274 1968 [ 3EF1DB7F168851914517D4ED36B57C04 ] ATMhelpr C:\WINDOWS\system32\drivers\ATMhelpr.sys
20:45:27.0289 1968 ATMhelpr - ok
20:45:27.0321 1968 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:45:27.0336 1968 AudioSrv - ok
20:45:27.0414 1968 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:45:27.0414 1968 audstub - ok
20:45:27.0493 1968 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
20:45:27.0539 1968 BCMModem - ok
20:45:27.0586 1968 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:45:27.0586 1968 Beep - ok
20:45:27.0664 1968 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:45:27.0664 1968 BITS - ok
20:45:27.0711 1968 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
20:45:27.0711 1968 Browser - ok
20:45:27.0727 1968 bvrp_pci - ok
20:45:27.0743 1968 catchme - ok
20:45:27.0789 1968 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
20:45:27.0789 1968 cbidf - ok
20:45:27.0805 1968 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:45:27.0805 1968 cbidf2k - ok
20:45:27.0836 1968 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
20:45:27.0852 1968 cd20xrnt - ok
20:45:27.0883 1968 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:45:27.0883 1968 Cdaudio - ok
20:45:27.0946 1968 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:45:27.0946 1968 Cdfs - ok
20:45:27.0961 1968 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:45:27.0961 1968 Cdrom - ok
20:45:27.0977 1968 Changer - ok
20:45:28.0024 1968 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:45:28.0039 1968 CiSvc - ok
20:45:28.0055 1968 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:45:28.0055 1968 ClipSrv - ok
20:45:28.0133 1968 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:45:28.0133 1968 clr_optimization_v2.0.50727_32 - ok
20:45:28.0196 1968 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:45:28.0196 1968 clr_optimization_v4.0.30319_32 - ok
20:45:28.0258 1968 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\System32\DRIVERS\cmdide.sys
20:45:28.0258 1968 CmdIde - ok
20:45:28.0305 1968 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:45:28.0305 1968 Compbatt - ok
20:45:28.0321 1968 COMSysApp - ok
20:45:28.0368 1968 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\System32\DRIVERS\cpqarray.sys
20:45:28.0383 1968 Cpqarray - ok
20:45:28.0383 1968 Crypkey License - ok
20:45:28.0446 1968 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:45:28.0446 1968 CryptSvc - ok
20:45:28.0493 1968 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
20:45:28.0493 1968 dac2w2k - ok
20:45:28.0508 1968 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\System32\DRIVERS\dac960nt.sys
20:45:28.0508 1968 dac960nt - ok
20:45:28.0586 1968 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:45:28.0586 1968 DcomLaunch - ok
20:45:28.0649 1968 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:45:28.0649 1968 Dhcp - ok
20:45:28.0696 1968 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:45:28.0696 1968 Disk - ok
20:45:28.0711 1968 dmadmin - ok
20:45:28.0758 1968 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:45:28.0789 1968 dmboot - ok
20:45:28.0805 1968 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:45:28.0805 1968 dmio - ok
20:45:28.0836 1968 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:45:28.0836 1968 dmload - ok
20:45:28.0899 1968 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:45:28.0899 1968 dmserver - ok
20:45:28.0946 1968 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:45:28.0946 1968 DMusic - ok
20:45:28.0993 1968 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:45:29.0008 1968 Dnscache - ok
20:45:29.0055 1968 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:45:29.0055 1968 Dot3svc - ok
20:45:29.0102 1968 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\System32\DRIVERS\dpti2o.sys
20:45:29.0102 1968 dpti2o - ok
20:45:29.0149 1968 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:45:29.0149 1968 drmkaud - ok
20:45:29.0211 1968 [ 7F056A52BCBA3102D2D37A4A2646C807 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
20:45:29.0211 1968 drvmcdb - ok
20:45:29.0227 1968 [ D3C1E501ED42E77574B3095309DD4075 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
20:45:29.0227 1968 drvnddm - ok
20:45:29.0289 1968 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:45:29.0289 1968 E100B - ok
20:45:29.0336 1968 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:45:29.0336 1968 EapHost - ok
20:45:29.0399 1968 [ 653394706FF5634F4B5180B8294BADB1 ] EL90X C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
20:45:29.0399 1968 EL90X - ok
20:45:29.0430 1968 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
20:45:29.0430 1968 EL90XBC - ok
20:45:29.0477 1968 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:45:29.0477 1968 ERSvc - ok
20:45:29.0508 1968 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:45:29.0524 1968 Eventlog - ok
20:45:29.0571 1968 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
20:45:29.0571 1968 EventSystem - ok
20:45:29.0633 1968 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:45:29.0633 1968 Fastfat - ok
20:45:29.0696 1968 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:45:29.0696 1968 FastUserSwitchingCompatibility - ok
20:45:29.0758 1968 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
20:45:29.0774 1968 Fax - ok
20:45:29.0789 1968 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:45:29.0789 1968 Fdc - ok
20:45:29.0899 1968 [ 54352CBDE8B4ADFCD900255053DE8753 ] FileOpenManagerSvc C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
20:45:29.0899 1968 FileOpenManagerSvc - ok
20:45:29.0914 1968 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:45:29.0914 1968 Fips - ok
20:45:29.0977 1968 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:45:29.0977 1968 Flpydisk - ok
20:45:30.0039 1968 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:45:30.0039 1968 FltMgr - ok
20:45:30.0118 1968 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:45:30.0118 1968 FontCache3.0.0.0 - ok
20:45:30.0164 1968 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:45:30.0164 1968 Fs_Rec - ok
20:45:30.0227 1968 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:45:30.0227 1968 Ftdisk - ok
20:45:30.0274 1968 [ 6F55305289A0765BD8AE8E8D32F17117 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:45:30.0274 1968 GEARAspiWDM - ok
20:45:30.0336 1968 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:45:30.0336 1968 Gpc - ok
20:45:30.0446 1968 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:45:30.0446 1968 gupdate - ok
20:45:30.0461 1968 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:45:30.0461 1968 gupdatem - ok
20:45:30.0539 1968 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:45:30.0555 1968 gusvc - ok
20:45:30.0649 1968 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:45:30.0649 1968 helpsvc - ok
20:45:30.0711 1968 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
20:45:30.0711 1968 HidBatt - ok
20:45:30.0727 1968 HidServ - ok
20:45:30.0774 1968 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:45:30.0789 1968 HidUsb - ok
20:45:30.0821 1968 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:45:30.0836 1968 hkmsvc - ok
20:45:30.0883 1968 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\System32\DRIVERS\hpn.sys
20:45:30.0883 1968 hpn - ok
20:45:30.0930 1968 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:45:30.0946 1968 HPZid412 - ok
20:45:30.0993 1968 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:45:30.0993 1968 HPZipr12 - ok
20:45:31.0039 1968 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:45:31.0039 1968 HPZius12 - ok
20:45:31.0102 1968 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:45:31.0102 1968 HTTP - ok
20:45:31.0164 1968 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:45:31.0164 1968 HTTPFilter - ok
20:45:31.0196 1968 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
20:45:31.0196 1968 i2omgmt - ok
20:45:31.0243 1968 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\System32\DRIVERS\i2omp.sys
20:45:31.0243 1968 i2omp - ok
20:45:31.0289 1968 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:45:31.0289 1968 i8042prt - ok
20:45:31.0368 1968 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
20:45:31.0368 1968 i81x - ok
20:45:31.0430 1968 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
20:45:31.0430 1968 iAimFP0 - ok
20:45:31.0430 1968 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
20:45:31.0446 1968 iAimFP1 - ok
20:45:31.0493 1968 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
20:45:31.0493 1968 iAimFP2 - ok
20:45:31.0539 1968 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
20:45:31.0539 1968 iAimFP3 - ok
20:45:31.0602 1968 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
20:45:31.0602 1968 iAimFP4 - ok
20:45:31.0649 1968 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
20:45:31.0649 1968 iAimTV0 - ok
20:45:31.0696 1968 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
20:45:31.0696 1968 iAimTV1 - ok
20:45:31.0711 1968 iAimTV2 - ok
20:45:31.0743 1968 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
20:45:31.0743 1968 iAimTV3 - ok
20:45:31.0789 1968 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
20:45:31.0789 1968 iAimTV4 - ok
20:45:31.0868 1968 [ 1406D6EF4436AEE970EFE13193123965 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:45:31.0883 1968 ialm - ok
20:45:32.0024 1968 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:45:32.0024 1968 IDriverT - ok
20:45:32.0180 1968 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:45:32.0243 1968 idsvc - ok
20:45:32.0289 1968 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:45:32.0289 1968 Imapi - ok
20:45:32.0336 1968 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:45:32.0352 1968 ImapiService - ok
20:45:32.0399 1968 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\System32\DRIVERS\ini910u.sys
20:45:32.0399 1968 ini910u - ok
20:45:32.0430 1968 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\System32\DRIVERS\intelide.sys
20:45:32.0430 1968 IntelIde - ok
20:45:32.0477 1968 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:45:32.0477 1968 intelppm - ok
20:45:32.0524 1968 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:45:32.0524 1968 Ip6Fw - ok
20:45:32.0586 1968 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:45:32.0586 1968 IpFilterDriver - ok
20:45:32.0618 1968 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:45:32.0633 1968 IpInIp - ok
20:45:32.0680 1968 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:45:32.0680 1968 IpNat - ok
20:45:32.0743 1968 [ F82D852F5969BD3A1EC61E42D0255954 ] iPodService C:\Program Files\iPod\bin\iPodService.exe
20:45:32.0743 1968 iPodService - ok
20:45:32.0789 1968 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:45:32.0789 1968 IPSec - ok
20:45:32.0821 1968 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:45:32.0821 1968 IRENUM - ok
20:45:32.0883 1968 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:45:32.0883 1968 isapnp - ok
20:45:33.0008 1968 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:45:33.0008 1968 JavaQuickStarterService - ok
20:45:33.0055 1968 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:45:33.0055 1968 Kbdclass - ok
20:45:33.0118 1968 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:45:33.0118 1968 kmixer - ok
20:45:33.0164 1968 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:45:33.0164 1968 KSecDD - ok
20:45:33.0211 1968 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:45:33.0227 1968 lanmanserver - ok
20:45:33.0274 1968 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:45:33.0274 1968 lanmanworkstation - ok
20:45:33.0289 1968 lbrtfdc - ok
20:45:33.0352 1968 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:45:33.0368 1968 LmHosts - ok
20:45:33.0414 1968 [ 3F6F7993AE46ADED2DB2886ED3080C80 ] LxrJD31d C:\WINDOWS\System32\Drivers\LxrJD31d.sys
20:45:33.0414 1968 LxrJD31d - ok
20:45:33.0430 1968 LxrJD31s - ok
20:45:33.0446 1968 McShield - ok
20:45:33.0446 1968 McSysmon - ok
20:45:33.0571 1968 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:45:33.0571 1968 MDM - ok
20:45:33.0618 1968 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:45:33.0618 1968 Messenger - ok
20:45:33.0680 1968 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:45:33.0680 1968 mnmdd - ok
20:45:33.0743 1968 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
20:45:33.0758 1968 mnmsrvc - ok
20:45:33.0821 1968 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:45:33.0821 1968 Modem - ok
20:45:33.0868 1968 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:45:33.0868 1968 MODEMCSA - ok
20:45:33.0930 1968 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:45:33.0930 1968 Mouclass - ok
20:45:33.0993 1968 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:45:33.0993 1968 mouhid - ok
20:45:34.0039 1968 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:45:34.0039 1968 MountMgr - ok
20:45:34.0102 1968 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\System32\DRIVERS\mraid35x.sys
20:45:34.0102 1968 mraid35x - ok
20:45:34.0133 1968 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:45:34.0149 1968 MRxDAV - ok
20:45:34.0211 1968 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:45:34.0258 1968 MRxSmb - ok
20:45:34.0321 1968 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:45:34.0321 1968 MSDTC - ok
20:45:34.0368 1968 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:45:34.0383 1968 Msfs - ok
20:45:34.0383 1968 MSIServer - ok
20:45:34.0414 1968 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:45:34.0414 1968 MSKSSRV - ok
20:45:34.0430 1968 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:45:34.0430 1968 MSPCLOCK - ok
20:45:34.0461 1968 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:45:34.0461 1968 MSPQM - ok
20:45:34.0524 1968 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:45:34.0524 1968 mssmbios - ok
20:45:34.0586 1968 MSSQL$MICROSOFTBCM - ok
20:45:34.0680 1968 [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
20:45:34.0680 1968 MSSQLServerADHelper - ok
20:45:34.0743 1968 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:45:34.0743 1968 Mup - ok
20:45:34.0805 1968 [ E91FC8B52D21E38317DC61A3C7CCFA4B ] MxlW2k C:\WINDOWS\system32\drivers\MxlW2k.sys
20:45:34.0805 1968 MxlW2k - ok
20:45:34.0868 1968 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:45:34.0883 1968 napagent - ok
20:45:34.0930 1968 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:45:34.0930 1968 NDIS - ok
20:45:34.0992 1968 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:45:34.0992 1968 NdisTapi - ok
20:45:35.0024 1968 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:45:35.0024 1968 Ndisuio - ok
20:45:35.0039 1968 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:45:35.0039 1968 NdisWan - ok
20:45:35.0102 1968 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:45:35.0102 1968 NDProxy - ok
20:45:35.0149 1968 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:45:35.0164 1968 NetBIOS - ok
20:45:35.0196 1968 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:45:35.0211 1968 NetBT - ok
20:45:35.0258 1968 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:45:35.0274 1968 NetDDE - ok
20:45:35.0289 1968 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:45:35.0289 1968 NetDDEdsdm - ok
20:45:35.0336 1968 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:45:35.0336 1968 Netlogon - ok
20:45:35.0367 1968 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:45:35.0367 1968 Netman - ok
20:45:35.0508 1968 [ 737351F39FEF765234037770ABDD72BD ] NetSvc C:\Program Files\Intel\NCS\Sync\NetSvc.exe
20:45:35.0508 1968 NetSvc - ok
20:45:35.0602 1968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:45:35.0617 1968 NetTcpPortSharing - ok
20:45:35.0664 1968 [ A6E374EA4DCF79D5004CB6805A97A24E ] NetworkX C:\WINDOWS\system32\ckldrv.sys
20:45:35.0664 1968 NetworkX - ok
20:45:35.0774 1968 [ 7F54EC83B7C3C47AD7A04887749414A1 ] niLXIDiscovery C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
20:45:35.0789 1968 niLXIDiscovery - ok
20:45:35.0899 1968 [ 11E7FF3D071099A44FFE8CC5777331D4 ] nimDNSResponder C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
20:45:35.0899 1968 nimDNSResponder - ok
20:45:35.0946 1968 [ 2EE2631F636F2CCEB8F054BEE79AD6C4 ] niorbk C:\WINDOWS\system32\drivers\niorbkl.sys
20:45:35.0946 1968 niorbk - ok
20:45:35.0977 1968 [ E9E324C60780F1CDE122BDB8A8900BD8 ] nipalfwedl C:\WINDOWS\system32\drivers\nipalfwedl.sys
20:45:35.0977 1968 nipalfwedl - ok
20:45:36.0039 1968 [ CD9F21BCE661D399F29851185C606D15 ] NIPALK C:\WINDOWS\system32\drivers\nipalk.sys
20:45:36.0102 1968 NIPALK - ok
20:45:36.0133 1968 [ 1B6DD575BD49C6E15EB331A93DE6D33A ] nipalusbedl C:\WINDOWS\system32\drivers\nipalusbedl.sys
20:45:36.0133 1968 nipalusbedl - ok
20:45:36.0149 1968 [ 96C846AB33C383583282B0375B34E9D2 ] nipbcfk C:\WINDOWS\system32\drivers\nipbcfk.sys
20:45:36.0149 1968 nipbcfk - ok
20:45:36.0164 1968 niSvcLoc - ok
20:45:36.0227 1968 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:45:36.0227 1968 Nla - ok
20:45:36.0258 1968 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:45:36.0258 1968 Npfs - ok
20:45:36.0321 1968 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:45:36.0321 1968 Ntfs - ok
20:45:36.0336 1968 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
20:45:36.0336 1968 NtLmSsp - ok
20:45:36.0414 1968 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:45:36.0430 1968 NtmsSvc - ok
20:45:36.0446 1968 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:45:36.0446 1968 Null - ok
20:45:36.0555 1968 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:45:36.0633 1968 nv - ok
20:45:36.0680 1968 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:45:36.0680 1968 NwlnkFlt - ok
20:45:36.0696 1968 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:45:36.0696 1968 NwlnkFwd - ok
20:45:36.0742 1968 [ 53D5F1278D9EDB21689BBBCECC09108D ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
20:45:36.0758 1968 omci - ok
20:45:36.0805 1968 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:45:36.0805 1968 ose - ok
20:45:36.0867 1968 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
20:45:36.0867 1968 P3 - ok
20:45:36.0914 1968 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:45:36.0914 1968 Parport - ok
20:45:36.0977 1968 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:45:36.0977 1968 PartMgr - ok
20:45:37.0039 1968 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:45:37.0039 1968 ParVdm - ok
20:45:37.0055 1968 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:45:37.0055 1968 PCI - ok
20:45:37.0071 1968 PCIDump - ok
20:45:37.0117 1968 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:45:37.0117 1968 PCIIde - ok
20:45:37.0149 1968 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:45:37.0149 1968 Pcmcia - ok
20:45:37.0164 1968 PDCOMP - ok
20:45:37.0180 1968 PDFRAME - ok
20:45:37.0196 1968 PDRELI - ok
20:45:37.0211 1968 PDRFRAME - ok
20:45:37.0258 1968 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\System32\DRIVERS\perc2.sys
20:45:37.0258 1968 perc2 - ok
20:45:37.0274 1968 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\System32\DRIVERS\perc2hib.sys
20:45:37.0274 1968 perc2hib - ok
20:45:37.0336 1968 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:45:37.0336 1968 PlugPlay - ok
20:45:37.0399 1968 [ 9D84376931440F3679BEEF2A414FA493 ] Pml Driver HPZ12 C:\WINDOWS\System32\HPZipm12.exe
20:45:37.0399 1968 Pml Driver HPZ12 - ok
20:45:37.0414 1968 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:45:37.0414 1968 PolicyAgent - ok
20:45:37.0477 1968 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:45:37.0477 1968 PptpMiniport - ok
20:45:37.0492 1968 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:45:37.0508 1968 Processor - ok
20:45:37.0602 1968 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:45:37.0602 1968 ProtectedStorage - ok
20:45:37.0649 1968 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:45:37.0664 1968 PSched - ok
20:45:37.0727 1968 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:45:37.0727 1968 Ptilink - ok
20:45:37.0789 1968 [ 7E1EACDECBA39E0B2A35306426F0DECC ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
20:45:37.0789 1968 PxHelp20 - ok
20:45:37.0852 1968 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\System32\DRIVERS\ql1080.sys
20:45:37.0852 1968 ql1080 - ok
20:45:37.0914 1968 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
20:45:37.0914 1968 Ql10wnt - ok
20:45:37.0930 1968 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\System32\DRIVERS\ql12160.sys
20:45:37.0930 1968 ql12160 - ok
20:45:37.0946 1968 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\System32\DRIVERS\ql1240.sys
20:45:37.0946 1968 ql1240 - ok
20:45:37.0992 1968 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\System32\DRIVERS\ql1280.sys
20:45:37.0992 1968 ql1280 - ok
20:45:38.0039 1968 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:45:38.0039 1968 RasAcd - ok
20:45:38.0086 1968 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:45:38.0086 1968 RasAuto - ok
20:45:38.0133 1968 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:45:38.0133 1968 Rasl2tp - ok
20:45:38.0180 1968 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:45:38.0196 1968 RasMan - ok
20:45:38.0211 1968 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:45:38.0211 1968 RasPppoe - ok
20:45:38.0227 1968 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:45:38.0227 1968 Raspti - ok
20:45:38.0258 1968 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:45:38.0258 1968 Rdbss - ok
20:45:38.0274 1968 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:45:38.0274 1968 RDPCDD - ok
20:45:38.0321 1968 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:45:38.0321 1968 rdpdr - ok
20:45:38.0383 1968 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:45:38.0383 1968 RDPWD - ok
20:45:38.0446 1968 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:45:38.0446 1968 RDSessMgr - ok
20:45:38.0539 1968 [ EEA7871252FF7B638A4F590AD5237B66 ] RDXmon C:\Program Files\RD1000\Service\RDXmon.exe
20:45:38.0555 1968 RDXmon - ok
20:45:38.0602 1968 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:45:38.0617 1968 redbook - ok
20:45:38.0680 1968 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:45:38.0680 1968 RemoteAccess - ok
20:45:38.0727 1968 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:45:38.0727 1968 RemoteRegistry - ok
20:45:38.0789 1968 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
20:45:38.0789 1968 RpcLocator - ok
20:45:38.0852 1968 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:45:38.0852 1968 RpcSs - ok
20:45:38.0883 1968 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
20:45:38.0899 1968 RSVP - ok
20:45:38.0946 1968 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:45:38.0946 1968 SamSs - ok
20:45:38.0977 1968 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:45:38.0977 1968 SCardSvr - ok
20:45:39.0024 1968 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:45:39.0039 1968 Schedule - ok
20:45:39.0102 1968 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:45:39.0102 1968 Secdrv - ok
20:45:39.0149 1968 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:45:39.0164 1968 seclogon - ok
20:45:39.0211 1968 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:45:39.0211 1968 SENS - ok
20:45:39.0274 1968 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:45:39.0274 1968 serenum - ok
20:45:39.0305 1968 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:45:39.0305 1968 Serial - ok
20:45:39.0352 1968 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:45:39.0367 1968 Sfloppy - ok
20:45:39.0430 1968 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:45:39.0430 1968 SharedAccess - ok
20:45:39.0461 1968 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:45:39.0461 1968 ShellHWDetection - ok
20:45:39.0477 1968 Simbad - ok
20:45:39.0524 1968 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\System32\DRIVERS\sisagp.sys
20:45:39.0524 1968 sisagp - ok
20:45:39.0586 1968 [ 5018A9DB5EB62E3EDB3110F82F556285 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
20:45:39.0602 1968 smwdm - ok
20:45:39.0680 1968 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
20:45:39.0680 1968 SolidWorks Licensing Service - ok
20:45:39.0727 1968 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\System32\DRIVERS\sparrow.sys
20:45:39.0727 1968 Sparrow - ok
20:45:39.0774 1968 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:45:39.0774 1968 splitter - ok
20:45:39.0836 1968 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:45:39.0836 1968 Spooler - ok
20:45:39.0836 1968 SQLAgent$MICROSOFTBCM - ok
20:45:39.0883 1968 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:45:39.0883 1968 sr - ok
20:45:39.0930 1968 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:45:39.0930 1968 srservice - ok
20:45:40.0008 1968 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:45:40.0024 1968 Srv - ok
20:45:40.0039 1968 [ 328E8BB94EC58480F60458FB4B8437A7 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:45:40.0039 1968 sscdbhk5 - ok
20:45:40.0102 1968 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:45:40.0102 1968 SSDPSRV - ok
20:45:40.0117 1968 [ 7EC8B427CEE5C0CDAC066320B93F1355 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
20:45:40.0117 1968 ssrtln - ok
20:45:40.0196 1968 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:45:40.0211 1968 stisvc - ok
20:45:40.0258 1968 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:45:40.0258 1968 swenum - ok
20:45:40.0321 1968 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:45:40.0321 1968 swmidi - ok
20:45:40.0336 1968 SwPrv - ok
20:45:40.0399 1968 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\System32\DRIVERS\symc810.sys
20:45:40.0399 1968 symc810 - ok
20:45:40.0414 1968 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\System32\DRIVERS\symc8xx.sys
20:45:40.0414 1968 symc8xx - ok
20:45:40.0430 1968 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\System32\DRIVERS\sym_hi.sys
20:45:40.0446 1968 sym_hi - ok
20:45:40.0461 1968 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\System32\DRIVERS\sym_u3.sys
20:45:40.0461 1968 sym_u3 - ok
20:45:40.0508 1968 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:45:40.0524 1968 sysaudio - ok
20:45:40.0586 1968 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:45:40.0586 1968 SysmonLog - ok
20:45:40.0649 1968 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:45:40.0664 1968 TapiSrv - ok
20:45:40.0711 1968 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:45:40.0727 1968 Tcpip - ok
20:45:40.0774 1968 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:45:40.0789 1968 TDPIPE - ok
20:45:40.0821 1968 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:45:40.0821 1968 TDTCP - ok
20:45:40.0883 1968 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:45:40.0883 1968 TermDD - ok
20:45:40.0946 1968 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:45:40.0946 1968 TermService - ok
20:45:41.0039 1968 [ C229BF90443BE8D3BD2B65D7F3AC0F35 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
20:45:41.0039 1968 tfsnboio - ok
20:45:41.0086 1968 [ 79EE9FCD7728E54AB8FBC30962F0416F ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
20:45:41.0086 1968 tfsncofs - ok
20:45:41.0117 1968 [ 9EFB37E7DE17D783A059B653F7E8AFAD ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
20:45:41.0117 1968 tfsndrct - ok
20:45:41.0164 1968 [ 130254995EBEDCB34D62E8D78EC9DBD0 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
20:45:41.0164 1968 tfsndres - ok
20:45:41.0211 1968 [ 9B40E1E4AEED849812A2E43A388A7E77 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
20:45:41.0211 1968 tfsnifs - ok
20:45:41.0227 1968 [ 818047AD850B312705AA17CA96B9427D ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
20:45:41.0227 1968 tfsnopio - ok
20:45:41.0242 1968 [ 4603E813BCC6DD465CD8D2AFD37FA90D ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
20:45:41.0242 1968 tfsnpool - ok
20:45:41.0305 1968 [ 6FC2CD904A9A55ACFDFC780A611A75ED ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
20:45:41.0305 1968 tfsnudf - ok
20:45:41.0321 1968 [ D4AFA4D00F8DB3FD1C15B3FE49C3A96C ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
20:45:41.0321 1968 tfsnudfa - ok
20:45:41.0367 1968 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:45:41.0367 1968 Themes - ok
20:45:41.0430 1968 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
20:45:41.0430 1968 TlntSvr - ok
20:45:41.0477 1968 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\System32\DRIVERS\toside.sys
20:45:41.0477 1968 TosIde - ok
20:45:41.0539 1968 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:45:41.0539 1968 TrkWks - ok
20:45:41.0586 1968 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:45:41.0586 1968 Udfs - ok
20:45:41.0649 1968 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\System32\DRIVERS\ultra.sys
20:45:41.0649 1968 ultra - ok
20:45:41.0711 1968 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\System32\wdfmgr.exe
20:45:41.0711 1968 UMWdf - ok
20:45:41.0789 1968 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:45:41.0836 1968 Update - ok
20:45:41.0899 1968 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:45:41.0899 1968 upnphost - ok
20:45:41.0946 1968 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:45:41.0946 1968 UPS - ok
20:45:42.0008 1968 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:45:42.0008 1968 usbccgp - ok
20:45:42.0055 1968 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:45:42.0071 1968 usbehci - ok
20:45:42.0102 1968 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:45:42.0102 1968 usbhub - ok
20:45:42.0133 1968 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:45:42.0133 1968 usbprint - ok
20:45:42.0180 1968 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:45:42.0180 1968 usbscan - ok
20:45:42.0242 1968 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:45:42.0242 1968 USBSTOR - ok
20:45:42.0258 1968 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:45:42.0258 1968 usbuhci - ok
20:45:42.0289 1968 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:45:42.0289 1968 VgaSave - ok
20:45:42.0336 1968 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\System32\DRIVERS\viaagp.sys
20:45:42.0336 1968 viaagp - ok
20:45:42.0367 1968 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
20:45:42.0383 1968 ViaIde - ok
20:45:42.0414 1968 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:45:42.0414 1968 VolSnap - ok
20:45:42.0477 1968 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:45:42.0492 1968 VSS - ok
20:45:42.0524 1968 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
20:45:42.0524 1968 w32time - ok
20:45:42.0586 1968 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:45:42.0602 1968 Wanarp - ok
20:45:42.0617 1968 wanatw - ok
20:45:42.0633 1968 WDICA - ok
20:45:42.0664 1968 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:45:42.0664 1968 wdmaud - ok
20:45:42.0727 1968 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:45:42.0742 1968 WebClient - ok
20:45:42.0867 1968 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:45:42.0867 1968 winmgmt - ok
20:45:42.0914 1968 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\System32\mspmsnsv.dll
20:45:42.0914 1968 WmdmPmSN - ok
20:45:42.0977 1968 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:45:42.0992 1968 Wmi - ok
20:45:43.0071 1968 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:45:43.0071 1968 WmiApSrv - ok
20:45:43.0196 1968 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:45:43.0227 1968 WPFFontCache_v0400 - ok
20:45:43.0258 1968 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:45:43.0258 1968 WS2IFSL - ok
20:45:43.0321 1968 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:45:43.0321 1968 wscsvc - ok
20:45:43.0336 1968 WSearch - ok
20:45:43.0367 1968 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:45:43.0367 1968 wuauserv - ok
20:45:43.0446 1968 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:45:43.0477 1968 WZCSVC - ok
20:45:43.0524 1968 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:45:43.0539 1968 xmlprov - ok
20:45:43.0602 1968 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
20:45:43.0602 1968 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
20:45:43.0664 1968 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
20:45:43.0664 1968 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
20:45:43.0680 1968 ================ Scan global ===============================
20:45:43.0727 1968 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:45:43.0774 1968 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
20:45:43.0805 1968 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
20:45:43.0836 1968 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:45:43.0852 1968 [Global] - ok
20:45:43.0852 1968 ================ Scan MBR ==================================
20:45:43.0899 1968 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:45:44.0164 1968 \Device\Harddisk0\DR0 - ok
20:45:44.0180 1968 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR3
20:45:44.0211 1968 \Device\Harddisk1\DR3 - ok
20:45:44.0211 1968 ================ Scan VBR ==================================
20:45:44.0227 1968 [ 4B3C9526474EA25986575AF8ACEE71CE ] \Device\Harddisk0\DR0\Partition1
20:45:44.0227 1968 \Device\Harddisk0\DR0\Partition1 - ok
20:45:44.0242 1968 [ EA4DDC64A524A2D734D11D3443C23444 ] \Device\Harddisk1\DR3\Partition1
20:45:44.0242 1968 \Device\Harddisk1\DR3\Partition1 - ok
20:45:44.0242 1968 ============================================================
20:45:44.0242 1968 Scan finished
20:45:44.0242 1968 ============================================================
20:45:44.0274 2896 Detected object count: 0
20:45:44.0274 2896 Actual detected object count: 0
20:46:13.0633 1988 ============================================================
20:46:13.0633 1988 Scan started
20:46:13.0633 1988 Mode: Manual;
20:46:13.0633 1988 ============================================================
20:46:13.0820 1988 ================ Scan system memory ========================
20:46:13.0820 1988 System memory - ok
20:46:13.0836 1988 ================ Scan services =============================
20:46:13.0945 1988 Abiosdsk - ok
20:46:14.0008 1988 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
20:46:14.0008 1988 abp480n5 - ok
20:46:14.0070 1988 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:46:14.0070 1988 ACPI - ok
20:46:14.0086 1988 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:46:14.0086 1988 ACPIEC - ok
20:46:14.0117 1988 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\System32\DRIVERS\adpu160m.sys
20:46:14.0117 1988 adpu160m - ok
20:46:14.0133 1988 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
20:46:14.0133 1988 aeaudio - ok
20:46:14.0211 1988 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:46:14.0211 1988 aec - ok
20:46:14.0258 1988 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:46:14.0258 1988 AFD - ok
20:46:14.0304 1988 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\System32\DRIVERS\agp440.sys
20:46:14.0304 1988 agp440 - ok
20:46:14.0367 1988 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
20:46:14.0367 1988 agpCPQ - ok
20:46:14.0445 1988 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\System32\DRIVERS\aha154x.sys
20:46:14.0445 1988 Aha154x - ok
20:46:14.0461 1988 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\System32\DRIVERS\aic78u2.sys
20:46:14.0461 1988 aic78u2 - ok
20:46:14.0476 1988 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\System32\DRIVERS\aic78xx.sys
20:46:14.0492 1988 aic78xx - ok
20:46:14.0523 1988 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:46:14.0539 1988 Alerter - ok
20:46:14.0570 1988 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:46:14.0570 1988 ALG - ok
20:46:14.0648 1988 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\System32\DRIVERS\aliide.sys
20:46:14.0648 1988 AliIde - ok
20:46:14.0695 1988 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\System32\DRIVERS\alim1541.sys
20:46:14.0695 1988 alim1541 - ok
20:46:14.0711 1988 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\System32\DRIVERS\amdagp.sys
20:46:14.0711 1988 amdagp - ok
20:46:14.0742 1988 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\System32\DRIVERS\amsint.sys
20:46:14.0742 1988 amsint - ok
20:46:14.0851 1988 [ F2C15D421296FED50D809BA9CDFAAA9F ] APC UPS Service C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
20:46:14.0851 1988 APC UPS Service - ok
20:46:14.0898 1988 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:46:14.0898 1988 AppMgmt - ok
20:46:14.0961 1988 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\System32\DRIVERS\asc.sys
20:46:14.0961 1988 asc - ok
20:46:14.0976 1988 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\System32\DRIVERS\asc3350p.sys
20:46:14.0976 1988 asc3350p - ok
20:46:15.0008 1988 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\System32\DRIVERS\asc3550.sys
20:46:15.0008 1988 asc3550 - ok
20:46:15.0195 1988 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:46:15.0195 1988 aspnet_state - ok
20:46:15.0242 1988 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:46:15.0242 1988 AsyncMac - ok
20:46:15.0258 1988 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:46:15.0258 1988 atapi - ok
20:46:15.0273 1988 Atdisk - ok
20:46:15.0351 1988 [ 8759322FFC1A50569C1E5528EE8026B7 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:46:15.0351 1988 ati2mtag - ok
20:46:15.0383 1988 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:46:15.0383 1988 Atmarpc - ok
20:46:15.0429 1988 [ 3EF1DB7F168851914517D4ED36B57C04 ] ATMhelpr C:\WINDOWS\system32\drivers\ATMhelpr.sys
20:46:15.0429 1988 ATMhelpr - ok
20:46:15.0476 1988 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:46:15.0476 1988 AudioSrv - ok
20:46:15.0539 1988 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:46:15.0539 1988 audstub - ok
20:46:15.0633 1988 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
20:46:15.0648 1988 BCMModem - ok
20:46:15.0711 1988 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:46:15.0711 1988 Beep - ok
20:46:15.0773 1988 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:46:15.0773 1988 BITS - ok
20:46:15.0836 1988 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
20:46:15.0836 1988 Browser - ok
20:46:15.0851 1988 bvrp_pci - ok
20:46:15.0851 1988 catchme - ok
20:46:15.0914 1988 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
20:46:15.0914 1988 cbidf - ok
20:46:15.0929 1988 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:46:15.0929 1988 cbidf2k - ok
20:46:15.0961 1988 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
20:46:15.0961 1988 cd20xrnt - ok
20:46:15.0992 1988 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:46:15.0992 1988 Cdaudio - ok
20:46:16.0054 1988 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:46:16.0054 1988 Cdfs - ok
20:46:16.0086 1988 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:46:16.0086 1988 Cdrom - ok
20:46:16.0101 1988 Changer - ok
20:46:16.0148 1988 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:46:16.0148 1988 CiSvc - ok
20:46:16.0164 1988 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:46:16.0164 1988 ClipSrv - ok
20:46:16.0258 1988 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:16.0258 1988 clr_optimization_v2.0.50727_32 - ok
20:46:16.0320 1988 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:46:16.0320 1988 clr_optimization_v4.0.30319_32 - ok
20:46:16.0351 1988 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\System32\DRIVERS\cmdide.sys
20:46:16.0351 1988 CmdIde - ok
20:46:16.0414 1988 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:46:16.0414 1988 Compbatt - ok
20:46:16.0429 1988 COMSysApp - ok
20:46:16.0476 1988 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\System32\DRIVERS\cpqarray.sys
20:46:16.0476 1988 Cpqarray - ok
20:46:16.0492 1988 Crypkey License - ok
20:46:16.0554 1988 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:46:16.0554 1988 CryptSvc - ok
20:46:16.0601 1988 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
20:46:16.0601 1988 dac2w2k - ok
20:46:16.0648 1988 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\System32\DRIVERS\dac960nt.sys
20:46:16.0648 1988 dac960nt - ok
20:46:16.0726 1988 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:46:16.0726 1988 DcomLaunch - ok
20:46:16.0789 1988 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:46:16.0789 1988 Dhcp - ok
20:46:16.0804 1988 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:46:16.0804 1988 Disk - ok
20:46:16.0820 1988 dmadmin - ok
20:46:16.0883 1988 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:46:16.0883 1988 dmboot - ok
20:46:16.0914 1988 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:46:16.0914 1988 dmio - ok
20:46:16.0945 1988 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:46:16.0945 1988 dmload - ok
20:46:16.0992 1988 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:46:16.0992 1988 dmserver - ok
20:46:17.0054 1988 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:46:17.0054 1988 DMusic - ok
20:46:17.0101 1988 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:46:17.0101 1988 Dnscache - ok
20:46:17.0148 1988 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:46:17.0148 1988 Dot3svc - ok
20:46:17.0195 1988 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\System32\DRIVERS\dpti2o.sys
20:46:17.0195 1988 dpti2o - ok
20:46:17.0242 1988 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:46:17.0242 1988 drmkaud - ok
20:46:17.0289 1988 [ 7F056A52BCBA3102D2D37A4A2646C807 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
20:46:17.0289 1988 drvmcdb - ok
20:46:17.0304 1988 [ D3C1E501ED42E77574B3095309DD4075 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
20:46:17.0320 1988 drvnddm - ok
20:46:17.0367 1988 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:46:17.0367 1988 E100B - ok
20:46:17.0414 1988 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:46:17.0414 1988 EapHost - ok
20:46:17.0476 1988 [ 653394706FF5634F4B5180B8294BADB1 ] EL90X C:\WINDOWS\system32\DRIVERS\el90xnd5.sys
20:46:17.0476 1988 EL90X - ok
20:46:17.0508 1988 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
20:46:17.0508 1988 EL90XBC - ok
20:46:17.0539 1988 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:46:17.0539 1988 ERSvc - ok
20:46:17.0586 1988 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:46:17.0586 1988 Eventlog - ok
20:46:17.0648 1988 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
20:46:17.0648 1988 EventSystem - ok
20:46:17.0711 1988 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:46:17.0711 1988 Fastfat - ok
20:46:17.0758 1988 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:46:17.0758 1988 FastUserSwitchingCompatibility - ok
20:46:17.0820 1988 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
20:46:17.0836 1988 Fax - ok
20:46:17.0851 1988 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:46:17.0851 1988 Fdc - ok
20:46:17.0961 1988 [ 54352CBDE8B4ADFCD900255053DE8753 ] FileOpenManagerSvc C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
20:46:17.0961 1988 FileOpenManagerSvc - ok
20:46:17.0992 1988 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:46:17.0992 1988 Fips - ok
20:46:18.0039 1988 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:46:18.0039 1988 Flpydisk - ok
20:46:18.0101 1988 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:46:18.0101 1988 FltMgr - ok
20:46:18.0179 1988 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:46:18.0179 1988 FontCache3.0.0.0 - ok
20:46:18.0195 1988 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:46:18.0195 1988 Fs_Rec - ok
20:46:18.0258 1988 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:46:18.0258 1988 Ftdisk - ok
20:46:18.0320 1988 [ 6F55305289A0765BD8AE8E8D32F17117 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:46:18.0320 1988 GEARAspiWDM - ok
20:46:18.0383 1988 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:46:18.0383 1988 Gpc - ok
20:46:18.0492 1988 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:46:18.0492 1988 gupdate - ok
20:46:18.0508 1988 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:46:18.0508 1988 gupdatem - ok
20:46:18.0570 1988 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:46:18.0586 1988 gusvc - ok
20:46:18.0664 1988 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:46:18.0664 1988 helpsvc - ok
20:46:18.0726 1988 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
20:46:18.0726 1988 HidBatt - ok
20:46:18.0742 1988 HidServ - ok
20:46:18.0789 1988 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:46:18.0789 1988 HidUsb - ok
20:46:18.0836 1988 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:46:18.0836 1988 hkmsvc - ok
20:46:18.0883 1988 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\System32\DRIVERS\hpn.sys
20:46:18.0883 1988 hpn - ok
20:46:18.0945 1988 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:46:18.0945 1988 HPZid412 - ok
20:46:19.0008 1988 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:46:19.0008 1988 HPZipr12 - ok
20:46:19.0039 1988 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:46:19.0039 1988 HPZius12 - ok
20:46:19.0101 1988 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:46:19.0117 1988 HTTP - ok
20:46:19.0164 1988 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:46:19.0164 1988 HTTPFilter - ok
20:46:19.0179 1988 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
20:46:19.0179 1988 i2omgmt - ok
20:46:19.0226 1988 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\System32\DRIVERS\i2omp.sys
20:46:19.0226 1988 i2omp - ok
20:46:19.0273 1988 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:46:19.0273 1988 i8042prt - ok
20:46:19.0320 1988 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
20:46:19.0336 1988 i81x - ok
20:46:19.0383 1988 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
20:46:19.0383 1988 iAimFP0 - ok
20:46:19.0398 1988 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
20:46:19.0398 1988 iAimFP1 - ok
20:46:19.0445 1988 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
20:46:19.0445 1988 iAimFP2 - ok
20:46:19.0508 1988 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
20:46:19.0508 1988 iAimFP3 - ok
20:46:19.0539 1988 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
20:46:19.0539 1988 iAimFP4 - ok
20:46:19.0586 1988 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
20:46:19.0586 1988 iAimTV0 - ok
20:46:19.0633 1988 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
20:46:19.0633 1988 iAimTV1 - ok
20:46:19.0648 1988 iAimTV2 - ok
20:46:19.0695 1988 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
20:46:19.0695 1988 iAimTV3 - ok
20:46:19.0726 1988 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
20:46:19.0726 1988 iAimTV4 - ok
20:46:19.0773 1988 [ 1406D6EF4436AEE970EFE13193123965 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:46:19.0773 1988 ialm - ok
20:46:19.0929 1988 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:46:19.0929 1988 IDriverT - ok
20:46:20.0054 1988 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:46:20.0070 1988 idsvc - ok
20:46:20.0101 1988 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:46:20.0101 1988 Imapi - ok
20:46:20.0164 1988 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:46:20.0164 1988 ImapiService - ok
20:46:20.0226 1988 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\System32\DRIVERS\ini910u.sys
20:46:20.0226 1988 ini910u - ok
20:46:20.0242 1988 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\System32\DRIVERS\intelide.sys
20:46:20.0242 1988 IntelIde - ok
20:46:20.0289 1988 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:46:20.0304 1988 intelppm - ok
20:46:20.0336 1988 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:46:20.0336 1988 Ip6Fw - ok
20:46:20.0398 1988 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:46:20.0398 1988 IpFilterDriver - ok
20:46:20.0445 1988 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:46:20.0445 1988 IpInIp - ok
20:46:20.0476 1988 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:46:20.0476 1988 IpNat - ok
20:46:20.0539 1988 [ F82D852F5969BD3A1EC61E42D0255954 ] iPodService C:\Program Files\iPod\bin\iPodService.exe
20:46:20.0554 1988 iPodService - ok
20:46:20.0570 1988 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:46:20.0570 1988 IPSec - ok
20:46:20.0617 1988 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:46:20.0617 1988 IRENUM - ok
20:46:20.0679 1988 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:46:20.0679 1988 isapnp - ok
20:46:20.0820 1988 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:46:20.0820 1988 JavaQuickStarterService - ok
20:46:20.0836 1988 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:46:20.0836 1988 Kbdclass - ok
20:46:20.0898 1988 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:46:20.0898 1988 kmixer - ok
20:46:20.0961 1988 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:46:20.0961 1988 KSecDD - ok
20:46:21.0008 1988 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:46:21.0008 1988 lanmanserver - ok
20:46:21.0070 1988 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:46:21.0070 1988 lanmanworkstation - ok
20:46:21.0086 1988 lbrtfdc - ok
20:46:21.0148 1988 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:46:21.0148 1988 LmHosts - ok
20:46:21.0211 1988 [ 3F6F7993AE46ADED2DB2886ED3080C80 ] LxrJD31d C:\WINDOWS\System32\Drivers\LxrJD31d.sys
20:46:21.0211 1988 LxrJD31d - ok
20:46:21.0226 1988 LxrJD31s - ok
20:46:21.0226 1988 McShield - ok
20:46:21.0242 1988 McSysmon - ok
20:46:21.0351 1988 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:46:21.0367 1988 MDM - ok
20:46:21.0414 1988 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:46:21.0414 1988 Messenger - ok
20:46:21.0476 1988 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:46:21.0476 1988 mnmdd - ok
20:46:21.0539 1988 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
20:46:21.0539 1988 mnmsrvc - ok
20:46:21.0586 1988 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:46:21.0601 1988 Modem - ok
20:46:21.0648 1988 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:46:21.0648 1988 MODEMCSA - ok
20:46:21.0679 1988 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:46:21.0679 1988 Mouclass - ok
20:46:21.0742 1988 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:46:21.0742 1988 mouhid - ok
20:46:21.0789 1988 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:46:21.0789 1988 MountMgr - ok
20:46:21.0836 1988 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\System32\DRIVERS\mraid35x.sys
20:46:21.0836 1988 mraid35x - ok
20:46:21.0898 1988 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:46:21.0914 1988 MRxDAV - ok
20:46:21.0976 1988 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:46:21.0992 1988 MRxSmb - ok
20:46:22.0039 1988 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:46:22.0054 1988 MSDTC - ok
20:46:22.0117 1988 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:46:22.0117 1988 Msfs - ok
20:46:22.0133 1988 MSIServer - ok
20:46:22.0164 1988 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:46:22.0179 1988 MSKSSRV - ok
20:46:22.0195 1988 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:46:22.0195 1988 MSPCLOCK - ok
20:46:22.0226 1988 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:46:22.0226 1988 MSPQM - ok
20:46:22.0289 1988 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:46:22.0289 1988 mssmbios - ok
20:46:22.0351 1988 MSSQL$MICROSOFTBCM - ok
20:46:22.0429 1988 [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
20:46:22.0429 1988 MSSQLServerADHelper - ok
20:46:22.0476 1988 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:46:22.0476 1988 Mup - ok
20:46:22.0539 1988 [ E91FC8B52D21E38317DC61A3C7CCFA4B ] MxlW2k C:\WINDOWS\system32\drivers\MxlW2k.sys
20:46:22.0539 1988 MxlW2k - ok
20:46:22.0601 1988 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:46:22.0601 1988 napagent - ok
20:46:22.0679 1988 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:46:22.0679 1988 NDIS - ok
20:46:22.0726 1988 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:46:22.0726 1988 NdisTapi - ok
20:46:22.0789 1988 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:46:22.0789 1988 Ndisuio - ok
20:46:22.0804 1988 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:46:22.0804 1988 NdisWan - ok
20:46:22.0867 1988 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:46:22.0867 1988 NDProxy - ok
20:46:22.0914 1988 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:46:22.0914 1988 NetBIOS - ok
20:46:22.0929 1988 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:46:22.0945 1988 NetBT - ok
20:46:23.0008 1988 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:46:23.0008 1988 NetDDE - ok
20:46:23.0023 1988 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:46:23.0023 1988 NetDDEdsdm - ok
20:46:23.0086 1988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:46:23.0086 1988 Netlogon - ok
20:46:23.0117 1988 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:46:23.0117 1988 Netman - ok
20:46:23.0258 1988 [ 737351F39FEF765234037770ABDD72BD ] NetSvc C:\Program Files\Intel\NCS\Sync\NetSvc.exe
20:46:23.0258 1988 NetSvc - ok
20:46:23.0336 1988 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:46:23.0336 1988 NetTcpPortSharing - ok
20:46:23.0398 1988 [ A6E374EA4DCF79D5004CB6805A97A24E ] NetworkX C:\WINDOWS\system32\ckldrv.sys
20:46:23.0398 1988 NetworkX - ok
20:46:23.0508 1988 [ 7F54EC83B7C3C47AD7A04887749414A1 ] niLXIDiscovery C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
20:46:23.0508 1988 niLXIDiscovery - ok
20:46:23.0617 1988 [ 11E7FF3D071099A44FFE8CC5777331D4 ] nimDNSResponder C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
20:46:23.0617 1988 nimDNSResponder - ok
20:46:23.0648 1988 [ 2EE2631F636F2CCEB8F054BEE79AD6C4 ] niorbk C:\WINDOWS\system32\drivers\niorbkl.sys
20:46:23.0648 1988 niorbk - ok
20:46:23.0726 1988 [ E9E324C60780F1CDE122BDB8A8900BD8 ] nipalfwedl C:\WINDOWS\system32\drivers\nipalfwedl.sys
20:46:23.0726 1988 nipalfwedl - ok
20:46:23.0789 1988 [ CD9F21BCE661D399F29851185C606D15 ] NIPALK C:\WINDOWS\system32\drivers\nipalk.sys
20:46:23.0789 1988 NIPALK - ok
20:46:23.0820 1988 [ 1B6DD575BD49C6E15EB331A93DE6D33A ] nipalusbedl C:\WINDOWS\system32\drivers\nipalusbedl.sys
20:46:23.0820 1988 nipalusbedl - ok
20:46:23.0836 1988 [ 96C846AB33C383583282B0375B34E9D2 ] nipbcfk C:\WINDOWS\system32\drivers\nipbcfk.sys
20:46:23.0836 1988 nipbcfk - ok
20:46:23.0851 1988 niSvcLoc - ok
20:46:23.0914 1988 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:46:23.0914 1988 Nla - ok
20:46:23.0961 1988 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:46:23.0961 1988 Npfs - ok
20:46:23.0992 1988 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:46:24.0007 1988 Ntfs - ok
20:46:24.0023 1988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
20:46:24.0039 1988 NtLmSsp - ok
20:46:24.0117 1988 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:46:24.0117 1988 NtmsSvc - ok
20:46:24.0148 1988 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:46:24.0148 1988 Null - ok
20:46:24.0257 1988 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:46:24.0273 1988 nv - ok
20:46:24.0320 1988 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:46:24.0320 1988 NwlnkFlt - ok
20:46:24.0336 1988 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:46:24.0336 1988 NwlnkFwd - ok
20:46:24.0398 1988 [ 53D5F1278D9EDB21689BBBCECC09108D ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
20:46:24.0398 1988 omci - ok
20:46:24.0429 1988 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:46:24.0445 1988 ose - ok
20:46:24.0507 1988 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
20:46:24.0507 1988 P3 - ok
20:46:24.0523 1988 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:46:24.0523 1988 Parport - ok
20:46:24.0554 1988 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:46:24.0554 1988 PartMgr - ok
20:46:24.0617 1988 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:46:24.0617 1988 ParVdm - ok
20:46:24.0632 1988 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:46:24.0632 1988 PCI - ok
20:46:24.0648 1988 PCIDump - ok
20:46:24.0679 1988 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:46:24.0679 1988 PCIIde - ok
20:46:24.0711 1988 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:46:24.0726 1988 Pcmcia - ok
20:46:24.0726 1988 PDCOMP - ok
20:46:24.0742 1988 PDFRAME - ok
20:46:24.0757 1988 PDRELI - ok
20:46:24.0773 1988 PDRFRAME - ok
20:46:24.0804 1988 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\System32\DRIVERS\perc2.sys
20:46:24.0804 1988 perc2 - ok
20:46:24.0820 1988 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\System32\DRIVERS\perc2hib.sys
20:46:24.0820 1988 perc2hib - ok
20:46:24.0882 1988 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:46:24.0882 1988 PlugPlay - ok
20:46:24.0945 1988 [ 9D84376931440F3679BEEF2A414FA493 ] Pml Driver HPZ12 C:\WINDOWS\System32\HPZipm12.exe
20:46:24.0945 1988 Pml Driver HPZ12 - ok
20:46:24.0976 1988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:46:24.0976 1988 PolicyAgent - ok
20:46:25.0039 1988 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:46:25.0039 1988 PptpMiniport - ok
20:46:25.0054 1988 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:46:25.0054 1988 Processor - ok
20:46:25.0070 1988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:46:25.0086 1988 ProtectedStorage - ok
20:46:25.0101 1988 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:46:25.0101 1988 PSched - ok
20:46:25.0164 1988 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:46:25.0164 1988 Ptilink - ok
20:46:25.0226 1988 [ 7E1EACDECBA39E0B2A35306426F0DECC ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
20:46:25.0226 1988 PxHelp20 - ok
20:46:25.0273 1988 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\System32\DRIVERS\ql1080.sys
20:46:25.0273 1988 ql1080 - ok
20:46:25.0304 1988 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
20:46:25.0320 1988 Ql10wnt - ok
20:46:25.0336 1988 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\System32\DRIVERS\ql12160.sys
20:46:25.0336 1988 ql12160 - ok
20:46:25.0351 1988 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\System32\DRIVERS\ql1240.sys
20:46:25.0351 1988 ql1240 - ok
20:46:25.0382 1988 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\System32\DRIVERS\ql1280.sys
20:46:25.0382 1988 ql1280 - ok
20:46:25.0429 1988 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:46:25.0429 1988 RasAcd - ok
20:46:25.0476 1988 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:46:25.0476 1988 RasAuto - ok
20:46:25.0523 1988 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:46:25.0523 1988 Rasl2tp - ok
20:46:25.0586 1988 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:46:25.0586 1988 RasMan - ok
20:46:25.0601 1988 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:46:25.0601 1988 RasPppoe - ok
20:46:25.0617 1988 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:46:25.0617 1988 Raspti - ok
20:46:25.0648 1988 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:46:25.0648 1988 Rdbss - ok
20:46:25.0679 1988 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:46:25.0679 1988 RDPCDD - ok
20:46:25.0711 1988 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:46:25.0726 1988 rdpdr - ok
20:46:25.0773 1988 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:46:25.0789 1988 RDPWD - ok
20:46:25.0851 1988 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:46:25.0851 1988 RDSessMgr - ok
20:46:25.0945 1988 [ EEA7871252FF7B638A4F590AD5237B66 ] RDXmon C:\Program Files\RD1000\Service\RDXmon.exe
20:46:25.0945 1988 RDXmon - ok
20:46:26.0007 1988 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:46:26.0007 1988 redbook - ok
20:46:26.0054 1988 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:46:26.0054 1988 RemoteAccess - ok
20:46:26.0101 1988 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:46:26.0117 1988 RemoteRegistry - ok
20:46:26.0164 1988 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
20:46:26.0179 1988 RpcLocator - ok
20:46:26.0211 1988 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:46:26.0226 1988 RpcSs - ok
20:46:26.0273 1988 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
20:46:26.0273 1988 RSVP - ok
20:46:26.0304 1988 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:46:26.0304 1988 SamSs - ok
20:46:26.0336 1988 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:46:26.0351 1988 SCardSvr - ok
20:46:26.0398 1988 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:46:26.0398 1988 Schedule - ok
20:46:26.0461 1988 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:46:26.0461 1988 Secdrv - ok
20:46:26.0523 1988 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:46:26.0539 1988 seclogon - ok
20:46:26.0586 1988 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:46:26.0586 1988 SENS - ok
20:46:26.0648 1988 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:46:26.0648 1988 serenum - ok
20:46:26.0679 1988 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:46:26.0695 1988 Serial - ok
20:46:26.0757 1988 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:46:26.0757 1988 Sfloppy - ok
20:46:26.0820 1988 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:46:26.0820 1988 SharedAccess - ok
20:46:26.0851 1988 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:46:26.0851 1988 ShellHWDetection - ok
20:46:26.0867 1988 Simbad - ok
20:46:26.0914 1988 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\System32\DRIVERS\sisagp.sys
20:46:26.0929 1988 sisagp - ok
20:46:26.0992 1988 [ 5018A9DB5EB62E3EDB3110F82F556285 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
20:46:26.0992 1988 smwdm - ok
20:46:27.0054 1988 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
20:46:27.0054 1988 SolidWorks Licensing Service - ok
20:46:27.0101 1988 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\System32\DRIVERS\sparrow.sys
20:46:27.0101 1988 Sparrow - ok
20:46:27.0164 1988 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:46:27.0164 1988 splitter - ok
20:46:27.0195 1988 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:46:27.0195 1988 Spooler - ok
20:46:27.0211 1988 SQLAgent$MICROSOFTBCM - ok
20:46:27.0226 1988 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:46:27.0226 1988 sr - ok
20:46:27.0304 1988 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:46:27.0304 1988 srservice - ok
20:46:27.0367 1988 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:46:27.0367 1988 Srv - ok
20:46:27.0414 1988 [ 328E8BB94EC58480F60458FB4B8437A7 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
20:46:27.0414 1988 sscdbhk5 - ok
20:46:27.0461 1988 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:46:27.0461 1988 SSDPSRV - ok
20:46:27.0476 1988 [ 7EC8B427CEE5C0CDAC066320B93F1355 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
20:46:27.0476 1988 ssrtln - ok
20:46:27.0539 1988 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:46:27.0554 1988 stisvc - ok
20:46:27.0601 1988 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:46:27.0601 1988 swenum - ok
20:46:27.0664 1988 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:46:27.0664 1988 swmidi - ok
20:46:27.0679 1988 SwPrv - ok
20:46:27.0742 1988 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\System32\DRIVERS\symc810.sys
20:46:27.0742 1988 symc810 - ok
20:46:27.0757 1988 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\System32\DRIVERS\symc8xx.sys
20:46:27.0757 1988 symc8xx - ok
20:46:27.0773 1988 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\System32\DRIVERS\sym_hi.sys
20:46:27.0773 1988 sym_hi - ok
20:46:27.0804 1988 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\System32\DRIVERS\sym_u3.sys
20:46:27.0804 1988 sym_u3 - ok
20:46:27.0851 1988 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:46:27.0851 1988 sysaudio - ok
20:46:27.0914 1988 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:46:27.0914 1988 SysmonLog - ok
20:46:27.0976 1988 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:46:27.0992 1988 TapiSrv - ok
20:46:28.0054 1988 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:46:28.0054 1988 Tcpip - ok
20:46:28.0101 1988 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:46:28.0101 1988 TDPIPE - ok
20:46:28.0148 1988 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:46:28.0148 1988 TDTCP - ok
20:46:28.0195 1988 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:46:28.0195 1988 TermDD - ok
20:46:28.0273 1988 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:46:28.0273 1988 TermService - ok
20:46:28.0382 1988 [ C229BF90443BE8D3BD2B65D7F3AC0F35 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
20:46:28.0382 1988 tfsnboio - ok
20:46:28.0414 1988 [ 79EE9FCD7728E54AB8FBC30962F0416F ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
20:46:28.0414 1988 tfsncofs - ok
20:46:28.0429 1988 [ 9EFB37E7DE17D783A059B653F7E8AFAD ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
20:46:28.0429 1988 tfsndrct - ok
20:46:28.0445 1988 [ 130254995EBEDCB34D62E8D78EC9DBD0 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
20:46:28.0445 1988 tfsndres - ok
20:46:28.0476 1988 [ 9B40E1E4AEED849812A2E43A388A7E77 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
20:46:28.0476 1988 tfsnifs - ok
20:46:28.0492 1988 [ 818047AD850B312705AA17CA96B9427D ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
20:46:28.0492 1988 tfsnopio - ok
20:46:28.0507 1988 [ 4603E813BCC6DD465CD8D2AFD37FA90D ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
20:46:28.0507 1988 tfsnpool - ok
20:46:28.0523 1988 [ 6FC2CD904A9A55ACFDFC780A611A75ED ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
20:46:28.0523 1988 tfsnudf - ok
20:46:28.0539 1988 [ D4AFA4D00F8DB3FD1C15B3FE49C3A96C ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
20:46:28.0539 1988 tfsnudfa - ok
20:46:28.0554 1988 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:46:28.0570 1988 Themes - ok
20:46:28.0601 1988 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
20:46:28.0617 1988 TlntSvr - ok
20:46:28.0664 1988 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\System32\DRIVERS\toside.sys
20:46:28.0664 1988 TosIde - ok
20:46:28.0726 1988 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:46:28.0726 1988 TrkWks - ok
20:46:28.0789 1988 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:46:28.0789 1988 Udfs - ok
20:46:28.0836 1988 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\System32\DRIVERS\ultra.sys
20:46:28.0836 1988 ultra - ok
20:46:28.0882 1988 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\System32\wdfmgr.exe
20:46:28.0898 1988 UMWdf - ok
20:46:28.0961 1988 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:46:28.0961 1988 Update - ok
20:46:29.0023 1988 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:46:29.0023 1988 upnphost - ok
20:46:29.0070 1988 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:46:29.0070 1988 UPS - ok
20:46:29.0117 1988 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:46:29.0117 1988 usbccgp - ok
20:46:29.0164 1988 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:46:29.0179 1988 usbehci - ok
20:46:29.0195 1988 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:46:29.0195 1988 usbhub - ok
20:46:29.0211 1988 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:46:29.0211 1988 usbprint - ok
20:46:29.0242 1988 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:46:29.0242 1988 usbscan - ok
20:46:29.0257 1988 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:46:29.0273 1988 USBSTOR - ok
20:46:29.0320 1988 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:46:29.0320 1988 usbuhci - ok
20:46:29.0351 1988 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:46:29.0351 1988 VgaSave - ok
20:46:29.0398 1988 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\System32\DRIVERS\viaagp.sys
20:46:29.0398 1988 viaagp - ok
20:46:29.0445 1988 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\System32\DRIVERS\viaide.sys
20:46:29.0445 1988 ViaIde - ok
20:46:29.0476 1988 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:46:29.0476 1988 VolSnap - ok
20:46:29.0539 1988 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:46:29.0539 1988 VSS - ok
20:46:29.0586 1988 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
20:46:29.0586 1988 w32time - ok
20:46:29.0664 1988 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:46:29.0664 1988 Wanarp - ok
20:46:29.0679 1988 wanatw - ok
20:46:29.0695 1988 WDICA - ok
20:46:29.0711 1988 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:46:29.0726 1988 wdmaud - ok
20:46:29.0773 1988 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:46:29.0773 1988 WebClient - ok
20:46:29.0898 1988 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:46:29.0898 1988 winmgmt - ok
20:46:29.0961 1988 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\System32\mspmsnsv.dll
20:46:29.0961 1988 WmdmPmSN - ok
20:46:30.0023 1988 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:46:30.0023 1988 Wmi - ok
20:46:30.0086 1988 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:46:30.0086 1988 WmiApSrv - ok
20:46:30.0211 1988 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:46:30.0211 1988 WPFFontCache_v0400 - ok
20:46:30.0257 1988 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:46:30.0257 1988 WS2IFSL - ok
20:46:30.0304 1988 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:46:30.0304 1988 wscsvc - ok
20:46:30.0320 1988 WSearch - ok
20:46:30.0351 1988 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:46:30.0367 1988 wuauserv - ok
20:46:30.0445 1988 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:46:30.0445 1988 WZCSVC - ok
20:46:30.0507 1988 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:46:30.0507 1988 xmlprov - ok
20:46:30.0586 1988 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
20:46:30.0586 1988 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
20:46:30.0617 1988 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
20:46:30.0617 1988 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
20:46:30.0617 1988 ================ Scan global ===============================
20:46:30.0695 1988 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:46:30.0757 1988 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
20:46:30.0789 1988 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
20:46:30.0820 1988 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:46:30.0836 1988 [Global] - ok
20:46:30.0836 1988 ================ Scan MBR ==================================
20:46:30.0867 1988 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:46:31.0070 1988 \Device\Harddisk0\DR0 - ok
20:46:31.0086 1988 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR3
20:46:31.0101 1988 \Device\Harddisk1\DR3 - ok
20:46:31.0117 1988 ================ Scan VBR ==================================
20:46:31.0132 1988 [ 4B3C9526474EA25986575AF8ACEE71CE ] \Device\Harddisk0\DR0\Partition1
20:46:31.0132 1988 \Device\Harddisk0\DR0\Partition1 - ok
20:46:31.0148 1988 [ EA4DDC64A524A2D734D11D3443C23444 ] \Device\Harddisk1\DR3\Partition1
20:46:31.0148 1988 \Device\Harddisk1\DR3\Partition1 - ok
20:46:31.0148 1988 ============================================================
20:46:31.0148 1988 Scan finished
20:46:31.0148 1988 ============================================================
20:46:31.0164 2772 Detected object count: 0
20:46:31.0164 2772 Actual detected object count: 0

-------------------------------------------------------------------------------------------------------------------------

aswMBR log

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-17 20:49:53
-----------------------------
20:49:53.820 OS Version: Windows 5.1.2600 Service Pack 3
20:49:53.820 Number of processors: 1 586 0x209
20:49:53.820 ComputerName: CORSICO1 UserName:
20:49:54.460 Initialize success
20:54:05.910 AVAST engine defs: 12111701
20:54:10.551 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:54:10.551 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 76293MB BusType: 3
20:54:10.551 Disk 0 MBR read successfully
20:54:10.551 Disk 0 MBR scan
20:54:10.582 Disk 0 Windows XP default MBR code
20:54:10.582 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
20:54:10.613 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76253 MB offset 64260
20:54:10.629 Disk 0 scanning sectors +156232125
20:54:10.707 Disk 0 scanning C:\WINDOWS\system32\drivers
20:54:28.645 Service scanning
20:55:00.522 Modules scanning
20:55:10.726 Disk 0 trace - called modules:
20:55:10.757 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:55:11.257 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5b8ab8]
20:55:11.257 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a609d98]
20:55:11.601 AVAST engine scan C:\WINDOWS
20:55:38.446 AVAST engine scan C:\WINDOWS\system32
21:00:50.707 AVAST engine scan C:\WINDOWS\system32\drivers
21:01:17.849 AVAST engine scan C:\Documents and Settings\Administrator.CORSICO1
21:01:52.787 AVAST engine scan C:\Documents and Settings\All Users
21:03:00.070 Scan finished successfully
21:05:05.087 Disk 0 MBR has been saved successfully to "C:\temp\bugs\MBR.dat"
21:05:05.087 The log file has been saved successfully to "C:\temp\bugs\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users