Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Pro IE problems and Malware Bytes will not update


  • Please log in to reply
19 replies to this topic

#1 keithaw1

keithaw1

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 19 August 2013 - 07:45 PM

I am trying to help a friend (my Boss) who said all of a sudden Internet Explorer will not load. When I checked his PC out, he was right, IE loaded extremely slow (IE 8) and when I opened MW Bytes, it said 190 plus day out of date and Update always fails with a refused message. I found a way to manually DL an Update which puts it only 7 days out, and a full scan found 4 items and cleaned them. On reboot, it took forever for his personal settiongs to load and XP to come up and the IE problem is still there. I Dl'd FireFox and it seems to worl great. I am convinced he DL'd something and pickek up a Virus or Trojan......In Processes I sae a 39ffxtbr and another 39 something and googled them to an adware app called mapsgalaxy and got rid of all that. The problem is still there.....any help?  



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:11 PM

Posted 19 August 2013 - 07:57 PM

Hello, I moved this to the Am I Infected forum..
 
Would you please post the log that lists the infections found.
 
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 keithaw1

keithaw1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 19 August 2013 - 08:45 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.12.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
earl :: EJ001 [administrator]

8/19/2013 3:11:46 PM
mbam-log-2013-08-19 (15-11-46).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 385107
Time elapsed: 51 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:5643 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\earl.HTIS\Local Settings\Temporary Internet Files\Content.Outlook\0MXG5BEB\Case_3508573 (2).zip (Trojan.Agent.rf2) -> Quarantined and deleted successfully.
C:\Documents and Settings\earl.HTIS\Local Settings\Temporary Internet Files\Content.Outlook\0MXG5BEB\Case_3508573.zip (Trojan.Agent.rf2) -> Quarantined and deleted successfully.
C:\Documents and Settings\earl.HTIS\Desktop\Antivirus Pro.lnk (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.

(end)

 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:11 PM

Posted 20 August 2013 - 09:48 AM

Please do this next. Update your MBAM...now run RKill

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
Now rerun MBAM.

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 keithaw1

keithaw1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 20 August 2013 - 10:17 AM

MBA< finally allowed itself to download and Update. When I ran RKILL, it took a couple of minutes to actually run, it was a LONG pause. When the Command Window came up it tool anain quite a while to run. While I am waiting for that, on the "rerun MBAM", do you want to perform another Full Scan??



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:11 PM

Posted 20 August 2013 - 10:24 AM

Yes,but after RKill
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 keithaw1

keithaw1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 20 August 2013 - 10:32 AM

Correct....Rkill finished and put a text file on the Desktop and I have already started the MB Full Scan in anticipitation of your answer.



#8 keithaw1

keithaw1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 20 August 2013 - 11:07 AM

Mbam finished withy no errors, but when I ran TDSSkiller, the PC locked up and the only thing I could access was the Task Manager and it would freeze after about 6 seconds or so. I had to reboot the PC. Once it is back up I will try the TDSSkiller again.



#9 keithaw1

keithaw1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 20 August 2013 - 11:19 AM

After reboot TDSSkiller ran fine. Here is the text in the log file:

 

11:14:33.0781 0x0c10  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
11:14:35.0781 0x0c10  ============================================================
11:14:35.0781 0x0c10  Current date / time: 2013/08/20 11:14:35.0781
11:14:35.0781 0x0c10  SystemInfo:
11:14:35.0781 0x0c10 
11:14:35.0781 0x0c10  OS Version: 5.1.2600 ServicePack: 3.0
11:14:35.0781 0x0c10  Product type: Workstation
11:14:35.0781 0x0c10  ComputerName: EJ001
11:14:35.0781 0x0c10  UserName: earl
11:14:35.0781 0x0c10  Windows directory: C:\WINDOWS
11:14:35.0781 0x0c10  System windows directory: C:\WINDOWS
11:14:35.0781 0x0c10  Processor architecture: Intel x86
11:14:35.0781 0x0c10  Number of processors: 2
11:14:35.0781 0x0c10  Page size: 0x1000
11:14:35.0781 0x0c10  Boot type: Normal boot
11:14:35.0781 0x0c10  ============================================================
11:14:37.0062 0x0c10  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:14:37.0062 0x0c10  ============================================================
11:14:37.0062 0x0c10  \Device\Harddisk0\DR0:
11:14:37.0062 0x0c10  MBR partitions:
11:14:37.0062 0x0c10  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x129F1720
11:14:37.0062 0x0c10  ============================================================
11:14:37.0140 0x0c10  C: <-> \Device\Harddisk0\DR0\Partition1
11:14:37.0140 0x0c10  ============================================================
11:14:37.0140 0x0c10  Initialize success
11:14:37.0140 0x0c10  ============================================================
11:15:54.0203 0x0e64  ============================================================
11:15:54.0203 0x0e64  Scan started
11:15:54.0203 0x0e64  Mode: Manual; TDLFS;
11:15:54.0203 0x0e64  ============================================================
11:15:54.0375 0x0e64  ================ Scan system memory ========================
11:15:54.0375 0x0e64  System memory - ok
11:15:54.0375 0x0e64  ================ Scan services =============================
11:15:54.0500 0x0e64  Abiosdsk - ok
11:15:54.0546 0x0e64  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:15:54.0546 0x0e64  abp480n5 - ok
11:15:54.0578 0x0e64  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:15:54.0578 0x0e64  ACPI - ok
11:15:54.0578 0x0e64  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:15:54.0578 0x0e64  ACPIEC - ok
11:15:54.0640 0x0e64  [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:15:54.0656 0x0e64  AdobeFlashPlayerUpdateSvc - ok
11:15:54.0656 0x0e64  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:15:54.0656 0x0e64  adpu160m - ok
11:15:54.0718 0x0e64  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:15:54.0718 0x0e64  aec - ok
11:15:54.0781 0x0e64  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:15:54.0781 0x0e64  AFD - ok
11:15:54.0781 0x0e64  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
11:15:54.0781 0x0e64  agp440 - ok
11:15:54.0796 0x0e64  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:15:54.0796 0x0e64  agpCPQ - ok
11:15:54.0796 0x0e64  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:15:54.0796 0x0e64  Aha154x - ok
11:15:54.0812 0x0e64  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:15:54.0812 0x0e64  aic78u2 - ok
11:15:54.0812 0x0e64  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:15:54.0828 0x0e64  aic78xx - ok
11:15:54.0859 0x0e64  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:15:54.0875 0x0e64  Alerter - ok
11:15:54.0906 0x0e64  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
11:15:54.0906 0x0e64  ALG - ok
11:15:54.0921 0x0e64  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
11:15:54.0921 0x0e64  AliIde - ok
11:15:54.0921 0x0e64  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:15:54.0937 0x0e64  alim1541 - ok
11:15:54.0937 0x0e64  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:15:54.0937 0x0e64  amdagp - ok
11:15:54.0937 0x0e64  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
11:15:54.0953 0x0e64  amsint - ok
11:15:54.0968 0x0e64  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:15:54.0984 0x0e64  AppMgmt - ok
11:15:54.0984 0x0e64  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
11:15:54.0984 0x0e64  asc - ok
11:15:55.0000 0x0e64  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:15:55.0000 0x0e64  asc3350p - ok
11:15:55.0000 0x0e64  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:15:55.0000 0x0e64  asc3550 - ok
11:15:55.0093 0x0e64  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:15:55.0109 0x0e64  aspnet_state - ok
11:15:55.0140 0x0e64  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:15:55.0140 0x0e64  AsyncMac - ok
11:15:55.0203 0x0e64  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:15:55.0203 0x0e64  atapi - ok
11:15:55.0218 0x0e64  Atdisk - ok
11:15:55.0218 0x0e64  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:15:55.0218 0x0e64  Atmarpc - ok
11:15:55.0250 0x0e64  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:15:55.0250 0x0e64  AudioSrv - ok
11:15:55.0250 0x0e64  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:15:55.0250 0x0e64  audstub - ok
11:15:55.0328 0x0e64  [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND          C:\Program Files\Broadcom\SNMP\BASFND.sys
11:15:55.0328 0x0e64  BASFND - ok
11:15:55.0359 0x0e64  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:15:55.0359 0x0e64  Beep - ok
11:15:55.0421 0x0e64  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:15:55.0484 0x0e64  BITS - ok
11:15:55.0515 0x0e64  [ 3EDAE8E7B40257DA798C6952EDB26EB0 ] Blfp            C:\WINDOWS\system32\DRIVERS\baspxp32.sys
11:15:55.0515 0x0e64  Blfp - ok
11:15:55.0546 0x0e64  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
11:15:55.0546 0x0e64  Browser - ok
11:15:55.0593 0x0e64  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:15:55.0593 0x0e64  cbidf - ok
11:15:55.0609 0x0e64  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:15:55.0609 0x0e64  cbidf2k - ok
11:15:55.0609 0x0e64  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:15:55.0609 0x0e64  cd20xrnt - ok
11:15:55.0656 0x0e64  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:15:55.0656 0x0e64  Cdaudio - ok
11:15:55.0703 0x0e64  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:15:55.0718 0x0e64  Cdfs - ok
11:15:55.0750 0x0e64  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:15:55.0750 0x0e64  Cdrom - ok
11:15:55.0765 0x0e64  Changer - ok
11:15:55.0812 0x0e64  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:15:55.0812 0x0e64  CiSvc - ok
11:15:55.0828 0x0e64  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:15:55.0828 0x0e64  ClipSrv - ok
11:15:55.0875 0x0e64  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:15:55.0921 0x0e64  clr_optimization_v2.0.50727_32 - ok
11:15:56.0000 0x0e64  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:15:56.0015 0x0e64  clr_optimization_v4.0.30319_32 - ok
11:15:56.0015 0x0e64  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:15:56.0015 0x0e64  CmdIde - ok
11:15:56.0015 0x0e64  COMSysApp - ok
11:15:56.0031 0x0e64  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:15:56.0031 0x0e64  Cpqarray - ok
11:15:56.0093 0x0e64  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:15:56.0093 0x0e64  CryptSvc - ok
11:15:56.0109 0x0e64  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:15:56.0125 0x0e64  dac2w2k - ok
11:15:56.0125 0x0e64  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:15:56.0125 0x0e64  dac960nt - ok
11:15:56.0171 0x0e64  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:15:56.0171 0x0e64  DcomLaunch - ok
11:15:56.0234 0x0e64  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:15:56.0234 0x0e64  Dhcp - ok
11:15:56.0250 0x0e64  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:15:56.0250 0x0e64  Disk - ok
11:15:56.0250 0x0e64  dmadmin - ok
11:15:56.0296 0x0e64  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:15:56.0312 0x0e64  dmboot - ok
11:15:56.0312 0x0e64  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:15:56.0312 0x0e64  dmio - ok
11:15:56.0328 0x0e64  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:15:56.0328 0x0e64  dmload - ok
11:15:56.0328 0x0e64  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:15:56.0328 0x0e64  dmserver - ok
11:15:56.0375 0x0e64  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:15:56.0375 0x0e64  DMusic - ok
11:15:56.0406 0x0e64  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:15:56.0406 0x0e64  Dnscache - ok
11:15:56.0421 0x0e64  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:15:56.0437 0x0e64  Dot3svc - ok
11:15:56.0453 0x0e64  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:15:56.0453 0x0e64  dpti2o - ok
11:15:56.0484 0x0e64  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:15:56.0484 0x0e64  drmkaud - ok
11:15:56.0531 0x0e64  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:15:56.0531 0x0e64  EapHost - ok
11:15:56.0546 0x0e64  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:15:56.0546 0x0e64  ERSvc - ok
11:15:56.0593 0x0e64  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
11:15:56.0593 0x0e64  Eventlog - ok
11:15:56.0609 0x0e64  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
11:15:56.0609 0x0e64  EventSystem - ok
11:15:56.0656 0x0e64  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:15:56.0656 0x0e64  Fastfat - ok
11:15:56.0703 0x0e64  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:15:56.0703 0x0e64  FastUserSwitchingCompatibility - ok
11:15:56.0765 0x0e64  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
11:15:56.0765 0x0e64  Fax - ok
11:15:56.0765 0x0e64  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
11:15:56.0765 0x0e64  Fdc - ok
11:15:56.0781 0x0e64  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:15:56.0781 0x0e64  Fips - ok
11:15:56.0796 0x0e64  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
11:15:56.0796 0x0e64  Flpydisk - ok
11:15:56.0812 0x0e64  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:15:56.0812 0x0e64  FltMgr - ok
11:15:56.0890 0x0e64  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:15:56.0890 0x0e64  FontCache3.0.0.0 - ok
11:15:56.0906 0x0e64  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:15:56.0906 0x0e64  Fs_Rec - ok
11:15:56.0906 0x0e64  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:15:56.0906 0x0e64  Ftdisk - ok
11:15:56.0921 0x0e64  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:15:56.0921 0x0e64  Gpc - ok
11:15:57.0031 0x0e64  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:15:57.0031 0x0e64  gupdate - ok
11:15:57.0031 0x0e64  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:15:57.0031 0x0e64  gupdatem - ok
11:15:57.0062 0x0e64  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:15:57.0062 0x0e64  HDAudBus - ok
11:15:57.0109 0x0e64  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:15:57.0109 0x0e64  helpsvc - ok
11:15:57.0140 0x0e64  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:15:57.0140 0x0e64  HidServ - ok
11:15:57.0171 0x0e64  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:15:57.0171 0x0e64  hidusb - ok
11:15:57.0187 0x0e64  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:15:57.0187 0x0e64  hkmsvc - ok
11:15:57.0218 0x0e64  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
11:15:57.0218 0x0e64  hpn - ok
11:15:57.0265 0x0e64  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:15:57.0265 0x0e64  HTTP - ok
11:15:57.0312 0x0e64  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:15:57.0312 0x0e64  HTTPFilter - ok
11:15:57.0328 0x0e64  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
11:15:57.0328 0x0e64  i2omgmt - ok
11:15:57.0343 0x0e64  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:15:57.0343 0x0e64  i2omp - ok
11:15:57.0500 0x0e64  [ A01BB8DA8D73BCA83702A4CF1CD56DCE ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:15:57.0609 0x0e64  ialm - ok
11:15:57.0718 0x0e64  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:15:57.0734 0x0e64  idsvc - ok
11:15:57.0781 0x0e64  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:15:57.0781 0x0e64  Imapi - ok
11:15:57.0843 0x0e64  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:15:57.0843 0x0e64  ImapiService - ok
11:15:57.0859 0x0e64  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:15:57.0859 0x0e64  ini910u - ok
11:15:58.0015 0x0e64  [ 9126D796A5101765650CC39D99C5ACE7 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtDHDAud.sys
11:15:58.0046 0x0e64  IntcAzAudAddService - ok
11:15:58.0062 0x0e64  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
11:15:58.0062 0x0e64  IntelIde - ok
11:15:58.0078 0x0e64  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:15:58.0078 0x0e64  intelppm - ok
11:15:58.0093 0x0e64  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:15:58.0093 0x0e64  Ip6Fw - ok
11:15:58.0109 0x0e64  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:15:58.0109 0x0e64  IpFilterDriver - ok
11:15:58.0109 0x0e64  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:15:58.0109 0x0e64  IpInIp - ok
11:15:58.0140 0x0e64  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:15:58.0140 0x0e64  IpNat - ok
11:15:58.0156 0x0e64  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:15:58.0156 0x0e64  IPSec - ok
11:15:58.0156 0x0e64  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:15:58.0156 0x0e64  IRENUM - ok
11:15:58.0171 0x0e64  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:15:58.0171 0x0e64  isapnp - ok
11:15:58.0187 0x0e64  [ 997190701BD80DD0F4412ED202CC7816 ] k57w2k          C:\WINDOWS\system32\DRIVERS\k57xp32.sys
11:15:58.0187 0x0e64  k57w2k - ok
11:15:58.0234 0x0e64  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:15:58.0234 0x0e64  Kbdclass - ok
11:15:58.0265 0x0e64  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:15:58.0265 0x0e64  kbdhid - ok
11:15:58.0296 0x0e64  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:15:58.0296 0x0e64  kmixer - ok
11:15:58.0328 0x0e64  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:15:58.0328 0x0e64  KSecDD - ok
11:15:58.0375 0x0e64  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
11:15:58.0375 0x0e64  LanmanServer - ok
11:15:58.0421 0x0e64  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:15:58.0437 0x0e64  lanmanworkstation - ok
11:15:58.0468 0x0e64  [ 9FFD1CF2A782F2560E78EEC4B8B8689E ] LBeepKE         C:\WINDOWS\system32\Drivers\LBeepKE.sys
11:15:58.0484 0x0e64  LBeepKE - ok
11:15:58.0484 0x0e64  lbrtfdc - ok
11:15:58.0531 0x0e64  [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
11:15:58.0546 0x0e64  LBTServ - ok
11:15:58.0593 0x0e64  [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
11:15:58.0593 0x0e64  LHidFilt - ok
11:15:58.0656 0x0e64  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:15:58.0656 0x0e64  LmHosts - ok
11:15:58.0703 0x0e64  [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
11:15:58.0703 0x0e64  LMouFilt - ok
11:15:58.0796 0x0e64  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
11:15:58.0796 0x0e64  MDM - ok
11:15:58.0843 0x0e64  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:15:58.0843 0x0e64  Messenger - ok
11:15:58.0906 0x0e64  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:15:58.0906 0x0e64  mnmdd - ok
11:15:58.0921 0x0e64  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:15:58.0937 0x0e64  mnmsrvc - ok
11:15:58.0953 0x0e64  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:15:58.0953 0x0e64  Modem - ok
11:15:58.0968 0x0e64  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:15:58.0968 0x0e64  Mouclass - ok
11:15:58.0984 0x0e64  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:15:58.0984 0x0e64  mouhid - ok
11:15:59.0000 0x0e64  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:15:59.0000 0x0e64  MountMgr - ok
11:15:59.0046 0x0e64  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:15:59.0046 0x0e64  MozillaMaintenance - ok
11:15:59.0062 0x0e64  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:15:59.0062 0x0e64  mraid35x - ok
11:15:59.0062 0x0e64  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:15:59.0062 0x0e64  MRxDAV - ok
11:15:59.0125 0x0e64  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:15:59.0125 0x0e64  MRxSmb - ok
11:15:59.0140 0x0e64  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
11:15:59.0140 0x0e64  MSDTC - ok
11:15:59.0140 0x0e64  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:15:59.0156 0x0e64  Msfs - ok
11:15:59.0156 0x0e64  MSIServer - ok
11:15:59.0171 0x0e64  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:15:59.0171 0x0e64  MSKSSRV - ok
11:15:59.0218 0x0e64  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:15:59.0218 0x0e64  MSPCLOCK - ok
11:15:59.0234 0x0e64  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:15:59.0234 0x0e64  MSPQM - ok
11:15:59.0234 0x0e64  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:15:59.0234 0x0e64  mssmbios - ok
11:15:59.0281 0x0e64  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:15:59.0281 0x0e64  Mup - ok
11:15:59.0328 0x0e64  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:15:59.0343 0x0e64  napagent - ok
11:15:59.0359 0x0e64  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:15:59.0359 0x0e64  NDIS - ok
11:15:59.0406 0x0e64  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:15:59.0406 0x0e64  NdisTapi - ok
11:15:59.0406 0x0e64  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:15:59.0406 0x0e64  Ndisuio - ok
11:15:59.0421 0x0e64  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:15:59.0421 0x0e64  NdisWan - ok
11:15:59.0468 0x0e64  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:15:59.0468 0x0e64  NDProxy - ok
11:15:59.0468 0x0e64  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:15:59.0468 0x0e64  NetBIOS - ok
11:15:59.0484 0x0e64  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:15:59.0500 0x0e64  NetBT - ok
11:15:59.0546 0x0e64  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:15:59.0546 0x0e64  NetDDE - ok
11:15:59.0546 0x0e64  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:15:59.0546 0x0e64  NetDDEdsdm - ok
11:15:59.0593 0x0e64  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:15:59.0593 0x0e64  Netlogon - ok
11:15:59.0609 0x0e64  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
11:15:59.0609 0x0e64  Netman - ok
11:15:59.0656 0x0e64  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:15:59.0656 0x0e64  NetTcpPortSharing - ok
11:15:59.0703 0x0e64  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:15:59.0718 0x0e64  Nla - ok
11:15:59.0718 0x0e64  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:15:59.0718 0x0e64  Npfs - ok
11:15:59.0796 0x0e64  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:15:59.0796 0x0e64  Ntfs - ok
11:15:59.0796 0x0e64  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:15:59.0812 0x0e64  NtLmSsp - ok
11:15:59.0843 0x0e64  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:15:59.0843 0x0e64  NtmsSvc - ok
11:15:59.0875 0x0e64  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:15:59.0875 0x0e64  Null - ok
11:15:59.0890 0x0e64  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:15:59.0890 0x0e64  NwlnkFlt - ok
11:15:59.0890 0x0e64  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:15:59.0906 0x0e64  NwlnkFwd - ok
11:16:00.0000 0x0e64  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:16:00.0000 0x0e64  odserv - ok
11:16:00.0046 0x0e64  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:16:00.0046 0x0e64  ose - ok
11:16:00.0062 0x0e64  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:16:00.0062 0x0e64  Parport - ok
11:16:00.0062 0x0e64  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:16:00.0062 0x0e64  PartMgr - ok
11:16:00.0093 0x0e64  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:16:00.0093 0x0e64  ParVdm - ok
11:16:00.0109 0x0e64  [ 4088C1ECD1F54281A92FA663B0FDC36F ] PBADRV          C:\WINDOWS\system32\DRIVERS\PBADRV.sys
11:16:00.0109 0x0e64  PBADRV - ok
11:16:00.0125 0x0e64  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:16:00.0125 0x0e64  PCI - ok
11:16:00.0125 0x0e64  PCIDump - ok
11:16:00.0140 0x0e64  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:16:00.0140 0x0e64  PCIIde - ok
11:16:00.0140 0x0e64  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:16:00.0140 0x0e64  Pcmcia - ok
11:16:00.0156 0x0e64  PDCOMP - ok
11:16:00.0156 0x0e64  PDFRAME - ok
11:16:00.0171 0x0e64  PDRELI - ok
11:16:00.0171 0x0e64  PDRFRAME - ok
11:16:00.0187 0x0e64  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
11:16:00.0187 0x0e64  perc2 - ok
11:16:00.0187 0x0e64  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:16:00.0187 0x0e64  perc2hib - ok
11:16:00.0234 0x0e64  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
11:16:00.0234 0x0e64  PlugPlay - ok
11:16:00.0250 0x0e64  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:16:00.0250 0x0e64  PolicyAgent - ok
11:16:00.0265 0x0e64  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:16:00.0265 0x0e64  PptpMiniport - ok
11:16:00.0265 0x0e64  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:16:00.0265 0x0e64  ProtectedStorage - ok
11:16:00.0281 0x0e64  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:16:00.0281 0x0e64  PSched - ok
11:16:00.0281 0x0e64  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:16:00.0281 0x0e64  Ptilink - ok
11:16:00.0312 0x0e64  [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:16:00.0312 0x0e64  PxHelp20 - ok
11:16:00.0312 0x0e64  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:16:00.0312 0x0e64  ql1080 - ok
11:16:00.0343 0x0e64  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:16:00.0343 0x0e64  Ql10wnt - ok
11:16:00.0343 0x0e64  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:16:00.0359 0x0e64  ql12160 - ok
11:16:00.0375 0x0e64  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:16:00.0375 0x0e64  ql1240 - ok
11:16:00.0390 0x0e64  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:16:00.0390 0x0e64  ql1280 - ok
11:16:00.0406 0x0e64  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:16:00.0406 0x0e64  RasAcd - ok
11:16:00.0453 0x0e64  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:16:00.0453 0x0e64  RasAuto - ok
11:16:00.0468 0x0e64  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:16:00.0468 0x0e64  Rasl2tp - ok
11:16:00.0500 0x0e64  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:16:00.0500 0x0e64  RasMan - ok
11:16:00.0500 0x0e64  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:16:00.0500 0x0e64  RasPppoe - ok
11:16:00.0515 0x0e64  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:16:00.0515 0x0e64  Raspti - ok
11:16:00.0531 0x0e64  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:16:00.0531 0x0e64  Rdbss - ok
11:16:00.0546 0x0e64  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:16:00.0546 0x0e64  RDPCDD - ok
11:16:00.0546 0x0e64  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:16:00.0562 0x0e64  rdpdr - ok
11:16:00.0593 0x0e64  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:16:00.0609 0x0e64  RDPWD - ok
11:16:00.0640 0x0e64  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:16:00.0640 0x0e64  RDSessMgr - ok
11:16:00.0656 0x0e64  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:16:00.0671 0x0e64  redbook - ok
11:16:00.0718 0x0e64  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:16:00.0718 0x0e64  RemoteAccess - ok
11:16:00.0750 0x0e64  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:16:00.0750 0x0e64  RemoteRegistry - ok
11:16:00.0781 0x0e64  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:16:00.0781 0x0e64  RpcLocator - ok
11:16:00.0812 0x0e64  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:16:00.0812 0x0e64  RpcSs - ok
11:16:00.0843 0x0e64  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:16:00.0843 0x0e64  RSVP - ok
11:16:00.0875 0x0e64  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:16:00.0875 0x0e64  SamSs - ok
11:16:00.0875 0x0e64  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:16:00.0875 0x0e64  SCardSvr - ok
11:16:00.0890 0x0e64  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:16:00.0890 0x0e64  Schedule - ok
11:16:00.0937 0x0e64  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:16:00.0937 0x0e64  Secdrv - ok
11:16:00.0968 0x0e64  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:16:00.0968 0x0e64  seclogon - ok
11:16:01.0078 0x0e64  [ D7F978C1B6387544FE132EB5B915ED1A ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
11:16:01.0093 0x0e64  SecureStorageService - ok
11:16:01.0109 0x0e64  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
11:16:01.0109 0x0e64  SENS - ok
11:16:01.0125 0x0e64  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:16:01.0125 0x0e64  Serenum - ok
11:16:01.0140 0x0e64  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:16:01.0140 0x0e64  Serial - ok
11:16:01.0171 0x0e64  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:16:01.0171 0x0e64  Sfloppy - ok
11:16:01.0234 0x0e64  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:16:01.0234 0x0e64  SharedAccess - ok
11:16:01.0250 0x0e64  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:16:01.0250 0x0e64  ShellHWDetection - ok
11:16:01.0250 0x0e64  Simbad - ok
11:16:01.0265 0x0e64  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:16:01.0265 0x0e64  sisagp - ok
11:16:01.0312 0x0e64  [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP            C:\WINDOWS\System32\snmp.exe
11:16:01.0328 0x0e64  SNMP - ok
11:16:01.0328 0x0e64  [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
11:16:01.0328 0x0e64  SNMPTRAP - ok
11:16:01.0343 0x0e64  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:16:01.0343 0x0e64  Sparrow - ok
11:16:01.0390 0x0e64  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:16:01.0390 0x0e64  splitter - ok
11:16:01.0437 0x0e64  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:16:01.0437 0x0e64  Spooler - ok
11:16:01.0453 0x0e64  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:16:01.0453 0x0e64  sr - ok
11:16:01.0484 0x0e64  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:16:01.0484 0x0e64  srservice - ok
11:16:01.0515 0x0e64  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:16:01.0515 0x0e64  Srv - ok
11:16:01.0546 0x0e64  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:16:01.0546 0x0e64  SSDPSRV - ok
11:16:01.0578 0x0e64  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:16:01.0578 0x0e64  stisvc - ok
11:16:01.0656 0x0e64  [ E476C66713C842F58E61A95826ED1D57 ] stllssvr        c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:16:01.0671 0x0e64  stllssvr - ok
11:16:01.0687 0x0e64  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:16:01.0687 0x0e64  swenum - ok
11:16:01.0703 0x0e64  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:16:01.0703 0x0e64  swmidi - ok
11:16:01.0718 0x0e64  SwPrv - ok
11:16:01.0781 0x0e64  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
11:16:01.0781 0x0e64  symc810 - ok
11:16:01.0796 0x0e64  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:16:01.0796 0x0e64  symc8xx - ok
11:16:01.0812 0x0e64  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:16:01.0812 0x0e64  sym_hi - ok
11:16:01.0812 0x0e64  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:16:01.0828 0x0e64  sym_u3 - ok
11:16:01.0843 0x0e64  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:16:01.0843 0x0e64  sysaudio - ok
11:16:01.0890 0x0e64  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:16:01.0906 0x0e64  SysmonLog - ok
11:16:01.0921 0x0e64  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:16:01.0921 0x0e64  TapiSrv - ok
11:16:01.0968 0x0e64  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:16:01.0984 0x0e64  Tcpip - ok
11:16:02.0046 0x0e64  [ 69F1A38A6DBFE682491CB61A596662E3 ] tcsd_win32.exe  C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
11:16:02.0078 0x0e64  tcsd_win32.exe - ok
11:16:02.0171 0x0e64  [ A62F1DE032E59C4BB35557A2219CB160 ] TdmService      C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
11:16:02.0203 0x0e64  TdmService - ok
11:16:02.0250 0x0e64  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:16:02.0250 0x0e64  TDPIPE - ok
11:16:02.0265 0x0e64  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:16:02.0265 0x0e64  TDTCP - ok
11:16:02.0265 0x0e64  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:16:02.0281 0x0e64  TermDD - ok
11:16:02.0328 0x0e64  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
11:16:02.0328 0x0e64  TermService - ok
11:16:02.0343 0x0e64  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:16:02.0343 0x0e64  Themes - ok
11:16:02.0359 0x0e64  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
11:16:02.0375 0x0e64  TlntSvr - ok
11:16:02.0390 0x0e64  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
11:16:02.0390 0x0e64  TosIde - ok
11:16:02.0390 0x0e64  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:16:02.0406 0x0e64  TrkWks - ok
11:16:02.0421 0x0e64  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:16:02.0421 0x0e64  Udfs - ok
11:16:02.0437 0x0e64  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
11:16:02.0437 0x0e64  ultra - ok
11:16:02.0437 0x0e64  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:16:02.0453 0x0e64  Update - ok
11:16:02.0468 0x0e64  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:16:02.0484 0x0e64  upnphost - ok
11:16:02.0500 0x0e64  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
11:16:02.0500 0x0e64  UPS - ok
11:16:02.0515 0x0e64  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:16:02.0515 0x0e64  usbccgp - ok
11:16:02.0562 0x0e64  [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:16:02.0562 0x0e64  usbehci - ok
11:16:02.0609 0x0e64  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:16:02.0625 0x0e64  usbhub - ok
11:16:02.0625 0x0e64  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:16:02.0640 0x0e64  usbuhci - ok
11:16:02.0687 0x0e64  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:16:02.0687 0x0e64  VgaSave - ok
11:16:02.0703 0x0e64  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:16:02.0703 0x0e64  viaagp - ok
11:16:02.0718 0x0e64  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
11:16:02.0734 0x0e64  ViaIde - ok
11:16:02.0734 0x0e64  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:16:02.0734 0x0e64  VolSnap - ok
11:16:02.0765 0x0e64  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
11:16:02.0781 0x0e64  VSS - ok
11:16:02.0812 0x0e64  [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time         C:\WINDOWS\system32\w32time.dll
11:16:02.0812 0x0e64  w32time - ok
11:16:02.0843 0x0e64  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:16:02.0843 0x0e64  Wanarp - ok
11:16:02.0875 0x0e64  [ E1369C7A53C76EB681AFD0EBA348B45A ] WavxDMgr        C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
11:16:02.0875 0x0e64  WavxDMgr - ok
11:16:02.0921 0x0e64  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:16:02.0921 0x0e64  Wdf01000 - ok
11:16:02.0921 0x0e64  WDICA - ok
11:16:02.0937 0x0e64  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:16:02.0937 0x0e64  wdmaud - ok
11:16:02.0968 0x0e64  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:16:02.0968 0x0e64  WebClient - ok
11:16:03.0078 0x0e64  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:16:03.0078 0x0e64  winmgmt - ok
11:16:03.0171 0x0e64  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
11:16:03.0203 0x0e64  WinRM - ok
11:16:03.0250 0x0e64  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
11:16:03.0265 0x0e64  WmdmPmSN - ok
11:16:03.0296 0x0e64  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
11:16:03.0312 0x0e64  Wmi - ok
11:16:03.0312 0x0e64  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:16:03.0312 0x0e64  WmiAcpi - ok
11:16:03.0375 0x0e64  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:16:03.0375 0x0e64  WmiApSrv - ok
11:16:03.0468 0x0e64  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
11:16:03.0484 0x0e64  WMPNetworkSvc - ok
11:16:03.0578 0x0e64  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:16:03.0593 0x0e64  WPFFontCache_v0400 - ok
11:16:03.0640 0x0e64  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:16:03.0640 0x0e64  wscsvc - ok
11:16:03.0656 0x0e64  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:16:03.0656 0x0e64  wuauserv - ok
11:16:03.0703 0x0e64  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:16:03.0703 0x0e64  WudfPf - ok
11:16:03.0718 0x0e64  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:16:03.0718 0x0e64  WudfRd - ok
11:16:03.0765 0x0e64  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
11:16:03.0765 0x0e64  WudfSvc - ok
11:16:03.0796 0x0e64  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:16:03.0796 0x0e64  WZCSVC - ok
11:16:03.0843 0x0e64  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:16:03.0843 0x0e64  xmlprov - ok
11:16:03.0843 0x0e64  ================ Scan global ===============================
11:16:03.0890 0x0e64  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:16:03.0937 0x0e64  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:16:03.0937 0x0e64  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:16:03.0968 0x0e64  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:16:03.0968 0x0e64  [Global] - ok
11:16:03.0968 0x0e64  ================ Scan MBR ==================================
11:16:04.0000 0x0e64  [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
11:16:04.0265 0x0e64  \Device\Harddisk0\DR0 - ok
11:16:04.0265 0x0e64  ================ Scan VBR ==================================
11:16:04.0265 0x0e64  [ 462294A2E3A92A41632BBA9793982B63 ] \Device\Harddisk0\DR0\Partition1
11:16:04.0265 0x0e64  \Device\Harddisk0\DR0\Partition1 - ok
11:16:04.0265 0x0e64  ============================================================
11:16:04.0265 0x0e64  Scan finished
11:16:04.0265 0x0e64  ============================================================
11:16:04.0281 0x0e24  Detected object count: 0
11:16:04.0281 0x0e24  Actual detected object count: 0
11:16:53.0562 0x0c0c  Deinitialize success
 

And here is the text from the AdwCleaner Log:

 

# AdwCleaner v3.000 - Report created 20/08/2013 at 11:19:07
# Updated 20/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : earl - EJ001
# Running from : C:\Documents and Settings\earl.HTIS\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\earl.HTIS\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\earl.HTIS\Application Data\mapsgalaxy_39

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\MapsGalaxy_39
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v18.0.1 (en-US)

[ File : C:\Documents and Settings\earl.HTIS\Application Data\Mozilla\Firefox\Profiles\blniz243.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [2143 octets] - [20/08/2013 11:17:49]
AdwCleaner[S0].txt - [2098 octets] - [20/08/2013 11:19:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2158 octets] ##########



#10 keithaw1

keithaw1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 20 August 2013 - 12:30 PM

There is still something wrong with his PC. all these Logs and Scanners show no issues found, but here some examples......The Rkill Log file on the Desktop, I right click and go to properties and it takes 90 seconds for the properties window to finally pop up. I open IE 8 and it takes about 2 minutes or better before you can actually use it. even the URL drop down arrow. FireFox, loads right away and can be used right away......



#11 keithaw1

keithaw1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 20 August 2013 - 01:07 PM

I am bringing him current right now on Windows Updates to see if this will help......



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:11 PM

Posted 20 August 2013 - 01:14 PM

I am suspecting a 0Access rootkit as we cannot get the RKill log.

We are going to need to get a deeper look. Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 keithaw1

keithaw1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 20 August 2013 - 01:19 PM

Rkill worked good after the reboot. The instructions did not say tp Post the Rkill Log. Here it is now:

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/20/2013 10:16:39 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Checking Windows Service Integrity:

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 08/20/2013 10:24:42 AM
Execution time: 0 hours(s), 8 minute(s), and 2 seconds(s)



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:11 PM

Posted 20 August 2013 - 01:24 PM

Ok, that was better...

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.


Now can you update?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 keithaw1

keithaw1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 20 August 2013 - 01:31 PM

Ok, I need to ask what you mean by "now can I update"?? I stated earlier MBAM (I mis-spelled it as MBA< ) finally allowed Update to go through. Mu issue now is just the slowness as I stated just above..






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users