Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Get the BSOD Periodically


  • Please log in to reply
15 replies to this topic

#1 L Dub

L Dub

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 18 November 2013 - 03:27 PM

Hello BC!

 

Awesome community as always! This is only the 2nd issue I've had with my old Dell Dimension 8250 desktop since first getting it back in April 2003! Other than that, it's been a very good machine.

 

Ya'll helped me remove a mebroot trojan back in 2009 and now I've been getting the dreaded BSOD about a couple of times out the week when going into standby or shutting down. I noticed my internet connection would get VERY slow at times in addition to programs taking a while to open.

 

The screen states beginning dump of physical memory. Physical memory dump complete, etc.

 

=========================

 

Technical information:

 

STOP: 0X0000008E (0XC0000005, 0XF686FB8D, 0XBA2DF084, 0X00000000)

 

ctoss2k.sys - Address F686FB8D base at F6862000, DateSamp 3df3fdef

 

=========================

 

Not sure if the 'e' in the datestamp is correct as I took a picture of it on my phone and it came out a little blurry.


Edited by hamluis, 19 November 2013 - 09:50 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Roodo

Roodo

  • Members
  • 760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 AM

Posted 18 November 2013 - 04:54 PM

Could be faulty ram. Take it out clean it and reseat to see if that helps.



#3 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 19 November 2013 - 12:35 AM

Thanks Roodo. I've done as you suggested but believe it could be more to it than that since my PC still runs a little slower than normal.

I did use Super Anti Spyware to remove 60 malware threats but I'm afraid there could be more hidden in the background it probably wasn't able to find.

#4 Roodo

Roodo

  • Members
  • 760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:42 AM

Posted 19 November 2013 - 05:53 PM

Run AdwCleaner here:

http://www.bleepingcomputer.com/download/adwcleaner/



#5 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 19 November 2013 - 07:15 PM

Do you need to see the log file? Most of the folks providing assistance want to see logs before you "clean" anything.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 25 November 2013 - 08:03 PM

Please post the log and I'll look.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 27 November 2013 - 10:02 AM

Hi Boopme!

 

Below is the AdwCleaner log. I'm only able to connect to the internet via safe mode w/networking.

 

 

AdwCleaner log:

 

# AdwCleaner v3.013 - Report created 27/11/2013 at 08:50:18
# Updated 24/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Larry - BART
# Running from : C:\Documents and Settings\Larry\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\zlsfajs9.default\user.js
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Found C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found C:\Documents and Settings\HelpAssistant\AGI
Folder Found C:\Documents and Settings\HelpAssistant\Application Data\Viewpoint
Folder Found C:\Documents and Settings\HelpAssistant\Object
Folder Found C:\Documents and Settings\Kiki\Application Data\Viewpoint
Folder Found C:\Documents and Settings\Larry\AGI
Folder Found C:\Documents and Settings\Larry\Application Data\Viewpoint
Folder Found C:\Documents and Settings\Larry\Local Settings\Application Data\Babylon
Folder Found C:\Documents and Settings\Larry\Object
Folder Found C:\Program Files\BitLord
Folder Found C:\Program Files\Common Files\Software Update Utility
Folder Found C:\Program Files\Trymedia

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Viewpoint
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Found : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\clickpotatolitesa
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\BitLord\BitLord.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\aqt50qdd.default\prefs.js ]


[ File : C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\zlsfajs9.default\prefs.js ]


[ File : C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\zlsfajs9.default\prefs.js ]

Line Found : user_pref("aol_toolbar.buttons.defaultview", 1);
Line Found : user_pref("aol_toolbar.buttons.layout", "1302891316442_1333819122863;1330360256709_1333819060564;aol_mail_32490;facebook_41300;youtube_41311;mapquest_41322;twitter_41333;gmail_41344;wikipedia_41355;ya[...]
Line Found : user_pref("aol_toolbar.cookie.homepage", "1");
Line Found : user_pref("aol_toolbar.cookie.search", "");
Line Found : user_pref("aol_toolbar.firsttime.showwindow", false);
Line Found : user_pref("aol_toolbar.guid", "{D275B153-5786-1828-A133-67C8851E4525}");
Line Found : user_pref("aol_toolbar.install.lastTbVersion", "5.212.1.7818");
Line Found : user_pref("aol_toolbar.install.lid", "");
Line Found : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000018");
Line Found : user_pref("aol_toolbar.install.ncid", "");
Line Found : user_pref("aol_toolbar.metrics.activestampdate", "15");
Line Found : user_pref("aol_toolbar.metrics.activestampmonth", "1");
Line Found : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Line Found : user_pref("aol_toolbar.metrics.originalDate", "7");
Line Found : user_pref("aol_toolbar.metrics.originalHours", "17");
Line Found : user_pref("aol_toolbar.metrics.originalMinutes", "16");
Line Found : user_pref("aol_toolbar.metrics.originalMonth", "4");
Line Found : user_pref("aol_toolbar.metrics.originalSeconds", "34");
Line Found : user_pref("aol_toolbar.metrics.originalYear", "2012");
Line Found : user_pref("aol_toolbar.relatednews.enabled", false);
Line Found : user_pref("aol_toolbar.remote.publish.xml", "1360963549684");
Line Found : user_pref("aol_toolbar.rtw.active", false);
Line Found : user_pref("aol_toolbar.search.cid", "07-04-2012");
Line Found : user_pref("aol_toolbar.search.instd", "20120407171634325");
Line Found : user_pref("aol_toolbar.search.oid", "07-04-2012");
Line Found : user_pref("aol_toolbar.search.populateoncomplete", false);
Line Found : user_pref("aol_toolbar.search.searchtype", "web");
Line Found : user_pref("aol_toolbar.search.source", "customfirefoxright");
Line Found : user_pref("aol_toolbar.skin.custom", false);
Line Found : user_pref("aol_toolbar.surf.date", "62");
Line Found : user_pref("aol_toolbar.surf.lastDate", "15");
Line Found : user_pref("aol_toolbar.surf.lastMonth", "1");
Line Found : user_pref("aol_toolbar.surf.lastYear", "2013");
Line Found : user_pref("aol_toolbar.surf.month", "410");
Line Found : user_pref("aol_toolbar.surf.prevMonth", "379");
Line Found : user_pref("aol_toolbar.surf.total", "7381");
Line Found : user_pref("aol_toolbar.surf.week", "88");
Line Found : user_pref("aol_toolbar.surf.year", "788");
Line Found : user_pref("aol_toolbar.ticker.active", false);
Line Found : user_pref("aol_toolbar.upgrade.showwindow", false);
Line Found : user_pref("aol_toolbar.weather.degc", "19");
Line Found : user_pref("aol_toolbar.weather.degf", "67");
Line Found : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/34.png");
Line Found : user_pref("aol_toolbar.weather.metric", true);
Line Found : user_pref("aol_toolbar.weather.tooltip", "Pearland , TX : Mostly Sunny");
Line Found : user_pref("aol_toolbar.weather.update", "1360963550363");
Line Found : user_pref("aol_toolbar.weather.zipcode", "77584");
Line Found : user_pref("aol_toolbar.winamp.volume", "");
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

*************************

AdwCleaner[R0].txt - [10334 octets] - [27/11/2013 08:50:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10395 octets] ##########
 



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 27 November 2013 - 02:27 PM

Next run these , If you cannot run normally use Safe again,but let me know.
 
Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
  • [/list]

    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.



  • img=http://imageshack.us/a/img841/7292/thisisujrt.gif] Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 28 November 2013 - 05:02 PM

I was able to run everything in normal mode. Had to run JRT 3 times before it created the log file. Here are the 3 logs you requested (JRT and ESET logs are in the same repy):

 

 

=============

TDSSKiller LOG

=============

 

16:59:04.0593 0x0e38  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
16:59:21.0984 0x0e38  ============================================================
16:59:21.0984 0x0e38  Current date / time: 2013/11/27 16:59:21.0984
16:59:21.0984 0x0e38  SystemInfo:
16:59:21.0984 0x0e38  
16:59:21.0984 0x0e38  OS Version: 5.1.2600 ServicePack: 3.0
16:59:21.0984 0x0e38  Product type: Workstation
16:59:21.0984 0x0e38  ComputerName: BART
16:59:21.0984 0x0e38  UserName: Larry
16:59:21.0984 0x0e38  Windows directory: C:\WINDOWS
16:59:21.0984 0x0e38  System windows directory: C:\WINDOWS
16:59:21.0984 0x0e38  Processor architecture: Intel x86
16:59:21.0984 0x0e38  Number of processors: 1
16:59:21.0984 0x0e38  Page size: 0x1000
16:59:21.0984 0x0e38  Boot type: Normal boot
16:59:21.0984 0x0e38  ============================================================
16:59:44.0828 0x0e38  KLMD registered as C:\WINDOWS\system32\drivers\14062718.sys
16:59:52.0640 0x0e38  System UUID: {BB9D3C38-95EB-196A-A1F8-A82EBCBD9689}
17:00:15.0140 0x0e38  Drive \Device\Harddisk0\DR0 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:00:15.0156 0x0e38  ============================================================
17:00:15.0156 0x0e38  \Device\Harddisk0\DR0:
17:00:15.0156 0x0e38  MBR partitions:
17:00:15.0156 0x0e38  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0xDF68576
17:00:15.0156 0x0e38  ============================================================
17:00:15.0656 0x0e38  C: <-> \Device\Harddisk0\DR0\Partition1
17:00:15.0656 0x0e38  ============================================================
17:00:15.0656 0x0e38  Initialize success
17:00:15.0656 0x0e38  ============================================================
17:00:36.0984 0x0140  ============================================================
17:00:36.0984 0x0140  Scan started
17:00:36.0984 0x0140  Mode: Manual;
17:00:36.0984 0x0140  ============================================================
17:00:36.0984 0x0140  KSN ping started
17:00:41.0828 0x0140  KSN ping finished: true
17:00:49.0609 0x0140  ================ Scan system memory ========================
17:00:49.0625 0x0140  System memory - ok
17:00:49.0625 0x0140  ================ Scan services =============================
17:00:49.0765 0x0140  [ 51F207D5A9E7B2E76BEE59C05CCC23C4, BE78957DD197777D899FAFBBE71E2FDB5DB9AC6AC4F1595A562FD362429BED6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:00:50.0328 0x0140  !SASCORE - ok
17:00:52.0421 0x0140  [ 1F61CACACB521215F39061789147968C, EFBCBD984027B432F6F8B8969F13CEA3361C42C7843410D526F899588CB762B1 ] a347bus         C:\WINDOWS\system32\DRIVERS\a347bus.sys
17:00:52.0515 0x0140  a347bus - ok
17:00:53.0031 0x0140  [ 113E4B318BBAA7483CA4E582A4D63F49, 049B3963306CBF351A1A864779E89B67404C8629D816C5A3AC3A18C48706953C ] a347scsi        C:\WINDOWS\system32\Drivers\a347scsi.sys
17:00:53.0046 0x0140  a347scsi - ok
17:00:53.0062 0x0140  Abiosdsk - ok
17:00:53.0078 0x0140  abp480n5 - ok
17:00:53.0125 0x0140  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:00:53.0140 0x0140  ACPI - ok
17:00:53.0703 0x0140  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
17:00:53.0718 0x0140  ACPIEC - ok
17:00:54.0312 0x0140  [ 177FF6608B48638D4066726F3A3F8444, D0D7B7EAEFDF30210CE4D31E9C7AB349CEB862A452D5925E698B60204AAE8A49 ] AdobeActiveFileMonitor5.0 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
17:00:54.0312 0x0140  AdobeActiveFileMonitor5.0 - ok
17:00:54.0937 0x0140  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:00:55.0093 0x0140  AdobeFlashPlayerUpdateSvc - ok
17:00:55.0109 0x0140  adpu160m - ok
17:00:55.0140 0x0140  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:00:55.0578 0x0140  aec - ok
17:00:55.0625 0x0140  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:00:55.0640 0x0140  AFD - ok
17:00:56.0078 0x0140  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
17:00:56.0109 0x0140  agp440 - ok
17:00:56.0125 0x0140  Aha154x - ok
17:00:56.0140 0x0140  aic78u2 - ok
17:00:56.0156 0x0140  aic78xx - ok
17:00:56.0203 0x0140  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:00:56.0203 0x0140  Alerter - ok
17:00:56.0218 0x0140  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
17:00:56.0234 0x0140  ALG - ok
17:00:56.0250 0x0140  AliIde - ok
17:00:56.0703 0x0140  amsint - ok
17:00:56.0921 0x0140  [ 5D1CA4190CF61560C9C64E45E900CBFB, 78734D9D0C44ADBCE0FFF56A032F72D7A4DEF4DAD841595832C7E9A43BFDCB9D ] apmwin          C:\WINDOWS\system32\DRIVERS\apmwin.sys
17:00:56.0921 0x0140  apmwin - ok
17:00:56.0984 0x0140  [ 76CC227A1236C5825D4E802CBB011FF2, D24E9CA1620BAE4D879E7BF711554C6F76C617F551C6DE2C27CFEA2542DD0CD3 ] apmwinsrv       C:\Program Files\Paragon Software\HFS+ for Windows  9.1\apmwinsrv.exe
17:00:57.0015 0x0140  apmwinsrv - ok
17:00:57.0609 0x0140  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:00:57.0609 0x0140  Apple Mobile Device - ok
17:00:57.0625 0x0140  AppMgmt - ok
17:00:57.0656 0x0140  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:00:57.0656 0x0140  Arp1394 - ok
17:00:57.0671 0x0140  asc - ok
17:00:57.0687 0x0140  asc3350p - ok
17:00:57.0703 0x0140  asc3550 - ok
17:00:57.0734 0x0140  [ D880831279ED91F9A4190A2DB9539EA9, EAF7D48E026C99EE9C4BC838A3004966517F948051B39DA5B5072F6DE81165AB ] ASCTRM          C:\WINDOWS\system32\drivers\ASCTRM.sys
17:00:57.0750 0x0140  ASCTRM - ok
17:00:57.0875 0x0140  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:00:57.0921 0x0140  aspnet_state - ok
17:00:57.0984 0x0140  [ B9FE438B3CAD82B2014710349A2022F7, F9A3045590DAC38D7389957377BDD78E608D3078686EFD046FADDC2381ABB599 ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:00:57.0984 0x0140  aswFsBlk - ok
17:00:58.0046 0x0140  [ AE5549DD21F6DE06406031EF1D51ACC3, 7E4AA6B03864C3E09DB869174BC5660F825D43FC27ABBE54E84F89650FD7679F ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
17:00:58.0078 0x0140  aswMonFlt - ok
17:00:58.0125 0x0140  [ D084D0A7A66619FC29776CBBB9D5FA55, 1896F3A0A0D5C7E08A1A7D08F9D17D6C535FE688AD93C1BAB2A7D911ACAE1D27 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
17:00:58.0125 0x0140  AswRdr - ok
17:00:58.0187 0x0140  [ FA72FA503F580C3C628DD8C7D7622E37, 434FC6A3CB120299C80D99201D5FBA48E4E8C5DDB76F7F0EF4FE95EE522AEE6C ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
17:00:58.0203 0x0140  aswRvrt - ok
17:00:58.0281 0x0140  [ 4D53349D848C6BADB3D4ACBE98C27676, AC9EAE6F0611F8876CA45FA499A9C4D4DD8EC5DB77F5C52E1BAFD64598F4437A ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
17:00:58.0328 0x0140  aswSnx - ok
17:00:58.0390 0x0140  [ 813024DFD54A41B3AFAE2B1E2796CB80, A8C5FB0510E86B0BE567A67A412530312B36FB5BB777EEEE7E17C1D8D4D9699D ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
17:00:58.0406 0x0140  aswSP - ok
17:00:58.0437 0x0140  [ 5E18413310134130D7772F0668698CB7, 18CBA5356341640085575D77ABD24358ACD818603FCA2BD49475239E5B50FDD1 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
17:00:58.0453 0x0140  aswTdi - ok
17:00:58.0484 0x0140  [ A5F637D61719D37A5B4868C385E363C0, 36505921AF5A09175395EBAEA29C72B2A69A3A9204384A767A5BE8A721F31B10 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
17:00:58.0484 0x0140  aswVmm - ok
17:00:58.0531 0x0140  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:00:58.0531 0x0140  AsyncMac - ok
17:00:58.0562 0x0140  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:00:58.0578 0x0140  atapi - ok
17:00:58.0593 0x0140  Atdisk - ok
17:00:58.0656 0x0140  [ 3E47191DDAFFCDD9B28CBC50FB6499B5, 732160AD214F2993DFA6FE93F7BD9D11289F2750A1165B69BCA0CDBC54155FD2 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:00:58.0718 0x0140  Ati HotKey Poller - ok
17:00:58.0781 0x0140  [ 096C9955485F2B3F910F4C503C318D74, E2519F432AF0971EF3D75CCFEF3C76DE121E6C34BBD12167D241B603C95BA7B3 ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe
17:00:58.0875 0x0140  ATI Smart - ok
17:00:58.0968 0x0140  [ 41BCC13F9EC12085C88F24D52DD85865, C24910209B0D6DFEB70D33F726A04775204937C623CF998A64C3CFDF25FE5A10 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:00:59.0156 0x0140  Suspicious file ( Forged ): C:\WINDOWS\system32\DRIVERS\ati2mtag.sys. Real md5: 41BCC13F9EC12085C88F24D52DD85865, sha256: C24910209B0D6DFEB70D33F726A04775204937C623CF998A64C3CFDF25FE5A10, fake md5: E51AA5ADF535C847072C0AED3E642912, fake sha256: DE9271A482D57098E21BB31634218970472C6772936A59CB8B993361B7E10442
17:00:59.0203 0x0140  ati2mtag - detected ForgedFile.Multi.Generic ( 1 )
17:01:01.0921 0x0140  Detect skipped due to KSN trusted
17:01:01.0921 0x0140  ati2mtag - ok
17:01:01.0968 0x0140  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:01:01.0968 0x0140  Atmarpc - ok
17:01:02.0218 0x0140  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:01:02.0281 0x0140  AudioSrv - ok
17:01:02.0843 0x0140  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:01:02.0859 0x0140  audstub - ok
17:01:03.0984 0x0140  [ 9330941C8F6DF417F6DBBE998DB6687E, 28BC051D7C74721BAF85BE2AAB97EAE44152779106C5BDA1FDA07B9C049E2FDC ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:01:04.0000 0x0140  avast! Antivirus - ok
17:01:05.0187 0x0140  [ 41347688046D49CDE0F6D138A534F73D, 3EF4157B47C103BC289E9C2BBDC2EFF3961EEAD0C40509076064FF7B9E75FF22 ] BCMModem        C:\WINDOWS\system32\DRIVERS\BCMSM.sys
17:01:05.0953 0x0140  BCMModem - ok
17:01:06.0000 0x0140  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:01:06.0000 0x0140  Beep - ok
17:01:06.0062 0x0140  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
17:01:06.0765 0x0140  BITS - ok
17:01:06.0859 0x0140  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:01:06.0875 0x0140  Bonjour Service - ok
17:01:07.0406 0x0140  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
17:01:07.0421 0x0140  Browser - ok
17:01:07.0984 0x0140  [ 2FE6D5BE0629F706197B30C0AA05DE30, 528ED3AA8129FDD6C8EF698E5ECE9BB93C0249CF0200115F13B36410A353F353 ] BrPar           C:\WINDOWS\System32\drivers\BrPar.sys
17:01:07.0984 0x0140  BrPar - ok
17:01:08.0000 0x0140  bvrp_pci - ok
17:01:08.0031 0x0140  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:01:08.0046 0x0140  cbidf2k - ok
17:01:08.0046 0x0140  cd20xrnt - ok
17:01:08.0578 0x0140  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:01:08.0593 0x0140  Cdaudio - ok
17:01:08.0625 0x0140  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:01:08.0640 0x0140  Cdfs - ok
17:01:08.0671 0x0140  [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:01:09.0484 0x0140  Cdrom - ok
17:01:09.0500 0x0140  Changer - ok
17:01:10.0265 0x0140  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:01:10.0265 0x0140  CiSvc - ok
17:01:10.0328 0x0140  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:01:10.0359 0x0140  ClipSrv - ok
17:01:10.0890 0x0140  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:01:12.0562 0x0140  clr_optimization_v2.0.50727_32 - ok
17:01:13.0906 0x0140  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:01:14.0359 0x0140  clr_optimization_v4.0.30319_32 - ok
17:01:15.0609 0x0140  [ DA318076455530B6FEDFD1111BF57DAB, 92CFA69748B0FF6E731FC4B6623AE6D3C71A10BFF59A738F749DEBA0997F9E0D ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
17:01:17.0093 0x0140  Suspicious file ( Forged ): C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe. Real md5: DA318076455530B6FEDFD1111BF57DAB, sha256: 92CFA69748B0FF6E731FC4B6623AE6D3C71A10BFF59A738F749DEBA0997F9E0D, fake md5: BB76C416AC9064F184A1C715179DE7A9, fake sha256: DC702456F2CEB7135D527A2203E036028A7BF9B4220358D48CC2195E1FFD1EE0
17:01:17.0125 0x0140  cmdAgent - detected ForgedFile.Multi.Generic ( 1 )
17:01:21.0640 0x0140  cmdAgent ( ForgedFile.Multi.Generic ) - warning
17:01:21.0640 0x0140  Force sending object to P2P due to detect: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
17:01:42.0437 0x0140  Object send P2P result: false
17:01:46.0359 0x0140  [ 7E7C723B64DF1E264F3909D6263E0FF9, 98757FD5B098DF6F869BF542FE05AF6C181ACD3F72F01B52ED4F6EE5E1435201 ] cmderd          C:\WINDOWS\system32\DRIVERS\cmderd.sys
17:01:46.0953 0x0140  cmderd - ok
17:01:47.0609 0x0140  [ ADE6F053C0767B0DAED0C4FEBF8B62B5, 551F4812C0F9511376F4EB49303B87439D9F29718B4864CC67D7070800AC0490 ] cmdGuard        C:\WINDOWS\system32\DRIVERS\cmdguard.sys
17:01:48.0343 0x0140  cmdGuard - ok
17:01:48.0421 0x0140  [ CA93B11EDA062B5D4BAB6A97FE9FECCD, A62FC4EAFE3951A3F434F03A050B59587D9D1046D477847B8FEAE8C23C9B3037 ] cmdHlp          C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
17:01:48.0468 0x0140  cmdHlp - ok
17:01:48.0484 0x0140  CmdIde - ok
17:01:49.0187 0x0140  [ E6E4CDA093D59D576178BF2BB272C124, 8DEB2739467D904C886483C6B5E3401D697DDCA4895023D5FB7C1E177BE3A760 ] cmdvirth        C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
17:01:49.0187 0x0140  cmdvirth - ok
17:01:49.0203 0x0140  COMSysApp - ok
17:01:49.0234 0x0140  Cpqarray - ok
17:01:49.0281 0x0140  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:01:49.0296 0x0140  CryptSvc - ok
17:01:49.0906 0x0140  [ CB1D3E1594EED0899577B9EA549BCA61, E28DE7A3F35550A4D52627D3E493E0AF5A766B73C396DF983B28B20ED09168E7 ] ctac32k         C:\WINDOWS\system32\drivers\ctac32k.sys
17:01:50.0031 0x0140  ctac32k - ok
17:01:50.0078 0x0140  [ F9CDFCF87A406FBC71DD25BF80183575, 7BBF8578C1C536F0D7223D59CE6E31402391097E73B17ABE984D4E1A7ADEEEC8 ] ctaud2k         C:\WINDOWS\system32\drivers\ctaud2k.sys
17:01:50.0109 0x0140  ctaud2k - ok
17:01:50.0156 0x0140  [ 4559A3099F7E23D773FABCD708967001, 8DDC63FB0D5A9D459A2725E0239AC6F8E53F84E90B9947BAC1F5B64629DA2F31 ] ctdvda2k        C:\WINDOWS\system32\drivers\ctdvda2k.sys
17:01:50.0671 0x0140  ctdvda2k - ok
17:01:50.0734 0x0140  [ 4093150F33E7734C27E62E159D8B1F63, 05C77D6B8D949B854BECCF5CBF0DAE71FA902FBAE7E1E8514827E558E709DB86 ] ctprxy2k        C:\WINDOWS\system32\drivers\ctprxy2k.sys
17:01:50.0765 0x0140  ctprxy2k - ok
17:01:51.0328 0x0140  [ 38491017DDAAF0144E021FBC26E99E7E, 916ACC3CDE956F7612C96CD1B48C4DB87BB6965343CB3C85BC2EE9880F95D58C ] ctsfm2k         C:\WINDOWS\system32\drivers\ctsfm2k.sys
17:01:51.0343 0x0140  ctsfm2k - ok
17:01:51.0359 0x0140  dac2w2k - ok
17:01:51.0375 0x0140  dac960nt - ok
17:01:52.0593 0x0140  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:01:53.0312 0x0140  DcomLaunch - ok
17:01:53.0828 0x0140  DgiVecp - ok
17:01:53.0890 0x0140  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:01:54.0484 0x0140  Dhcp - ok
17:01:54.0531 0x0140  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:01:54.0578 0x0140  Disk - ok
17:01:54.0593 0x0140  dmadmin - ok
17:01:55.0171 0x0140  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:01:55.0218 0x0140  dmboot - ok
17:01:55.0250 0x0140  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:01:55.0265 0x0140  dmio - ok
17:01:55.0296 0x0140  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:01:55.0296 0x0140  dmload - ok
17:01:55.0390 0x0140  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:01:55.0421 0x0140  dmserver - ok
17:01:55.0453 0x0140  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:01:55.0468 0x0140  DMusic - ok
17:01:55.0843 0x0140  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:01:55.0843 0x0140  Dnscache - ok
17:01:56.0265 0x0140  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
17:01:56.0515 0x0140  Dot3svc - ok
17:01:56.0546 0x0140  dpti2o - ok
17:01:56.0578 0x0140  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:01:56.0781 0x0140  drmkaud - ok
17:01:57.0093 0x0140  [ 842C20BA5D00FA40E5A25B20FECD0F57, A514D26B21E70414105AD2EC3D26087BCEAF87279089AB365DE01630AAF4BDFC ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:01:57.0109 0x0140  E100B - ok
17:01:57.0156 0x0140  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
17:01:57.0171 0x0140  EapHost - ok
17:01:58.0421 0x0140  EMebDrv - ok
17:01:58.0453 0x0140  [ 77C293C20870A0D88318B4B67B17A35D, F5BE8E30A5536CAF4BFA8A8450CA0983FB0E92AED598A06402F78F1D07C06BA2 ] emupia          C:\WINDOWS\system32\drivers\emupia2k.sys
17:01:59.0015 0x0140  emupia - ok
17:01:59.0078 0x0140  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:01:59.0093 0x0140  ERSvc - ok
17:02:00.0250 0x0140  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
17:02:00.0312 0x0140  Eventlog - ok
17:02:00.0890 0x0140  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\System32\es.dll
17:02:01.0062 0x0140  EventSystem - ok
17:02:01.0078 0x0140  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:02:01.0093 0x0140  Fastfat - ok
17:02:01.0687 0x0140  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:02:01.0703 0x0140  FastUserSwitchingCompatibility - ok
17:02:02.0296 0x0140  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
17:02:02.0296 0x0140  Fdc - ok
17:02:02.0343 0x0140  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:02:02.0875 0x0140  Fips - ok
17:02:03.0562 0x0140  [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:02:04.0140 0x0140  FLEXnet Licensing Service - ok
17:02:04.0171 0x0140  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:02:04.0187 0x0140  Flpydisk - ok
17:02:04.0750 0x0140  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
17:02:04.0781 0x0140  FltMgr - ok
17:02:05.0968 0x0140  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:02:06.0000 0x0140  FontCache3.0.0.0 - ok
17:02:06.0031 0x0140  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:02:06.0031 0x0140  Fs_Rec - ok
17:02:06.0578 0x0140  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:02:06.0703 0x0140  Ftdisk - ok
17:02:07.0343 0x0140  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:02:07.0406 0x0140  GEARAspiWDM - ok
17:02:07.0453 0x0140  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:02:07.0953 0x0140  Gpc - ok
17:02:07.0984 0x0140  [ 2C7D8892C79EEDAC098F05C3DC12CC8A, 29F09B31240CA16DE39BD09ABFA1F5C248E9D5B873CBB5A2E0FC20A4E5B40D93 ] gpt_loader      C:\WINDOWS\system32\DRIVERS\gpt_loader.sys
17:02:08.0562 0x0140  gpt_loader - ok
17:02:09.0906 0x0140  [ A7B13A3143F3CD11AF19E37A2F5F8F95, D8B25EAADD2AE1B1AB52B35E8A8045428BAD66CA45A46352F2B9B698813C0DC8 ] ha10kx2k        C:\WINDOWS\system32\drivers\ha10kx2k.sys
17:02:11.0125 0x0140  ha10kx2k - ok
17:02:11.0187 0x0140  [ D172145ED7869201CC1E4279D610EB60, 5F278E8A122F217096BF982B64C845EBB55C974E8A568A2D8DECC3E7AD7A402D ] hap16v2k        C:\WINDOWS\system32\drivers\hap16v2k.sys
17:02:11.0218 0x0140  hap16v2k - ok
17:02:11.0796 0x0140  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:02:12.0156 0x0140  helpsvc - ok
17:02:12.0734 0x0140  [ 5F8933FE91D93EC2B3D7F64C54C9CE70, 9064EE181272605A1A76B874948C5539832A970592DB36AB5658A35F08D284F3 ] Hfsplus         C:\WINDOWS\system32\DRIVERS\hfsplus.sys
17:02:12.0765 0x0140  Hfsplus - ok
17:02:13.0343 0x0140  [ DA21E55FF2FE2FEC098551AF8397C1DB, 12766F9F44558DA1506C49A6F2D764048F7995AB52A153590215C84C4E13A1EB ] HfsplusRec      C:\WINDOWS\system32\DRIVERS\hfsplusrec.sys
17:02:13.0375 0x0140  HfsplusRec - ok
17:02:13.0390 0x0140  HidServ - ok
17:02:13.0453 0x0140  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:02:14.0015 0x0140  hidusb - ok
17:02:14.0640 0x0140  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
17:02:14.0734 0x0140  hkmsvc - ok
17:02:14.0750 0x0140  hpn - ok
17:02:15.0375 0x0140  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:02:16.0000 0x0140  HTTP - ok
17:02:16.0046 0x0140  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:02:16.0703 0x0140  HTTPFilter - ok
17:02:16.0718 0x0140  i2omgmt - ok
17:02:16.0734 0x0140  i2omp - ok
17:02:16.0750 0x0140  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:02:16.0765 0x0140  i8042prt - ok
17:02:17.0375 0x0140  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:02:17.0500 0x0140  IDriverT - ok
17:02:18.0140 0x0140  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:02:18.0218 0x0140  idsvc - ok
17:02:18.0234 0x0140  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:02:18.0234 0x0140  Imapi - ok
17:02:18.0312 0x0140  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:02:18.0328 0x0140  ImapiService - ok
17:02:18.0406 0x0140  ini910u - ok
17:02:18.0453 0x0140  [ 4E9612379CF48934356B2A843677FED2, 547C004D53BC5EAEE96CFD47FAFBA7C7A8E0A70199BF3BB566D8FF10E75E0628 ] Inspect         C:\WINDOWS\system32\DRIVERS\inspect.sys
17:02:18.0546 0x0140  Inspect - ok
17:02:18.0562 0x0140  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
17:02:19.0156 0x0140  IntelIde - ok
17:02:19.0203 0x0140  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:02:19.0203 0x0140  intelppm - ok
17:02:19.0312 0x0140  [ D9DA7B3117BF5EFF921C0CDED4D58050, D51A2AFC0E310C5A0EE1540A9E6353F5F7C9E76711187FAD91EEB0B3254EE935 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
17:02:19.0312 0x0140  IntuitUpdateServiceV4 - ok
17:02:19.0343 0x0140  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
17:02:19.0343 0x0140  ip6fw - ok
17:02:19.0375 0x0140  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:02:19.0390 0x0140  IpFilterDriver - ok
17:02:19.0421 0x0140  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:02:19.0421 0x0140  IpInIp - ok
17:02:19.0468 0x0140  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:02:19.0484 0x0140  IpNat - ok
17:02:20.0000 0x0140  [ FE56897B27ED266F9C4E7D90A0B5DA47, 6B39D25FAFBA886ACF3ABC0A2946E053914B80C3F4769AD36279126C5D4970B6 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:02:20.0046 0x0140  iPod Service - ok
17:02:20.0078 0x0140  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:02:20.0109 0x0140  IPSec - ok
17:02:20.0140 0x0140  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:02:20.0156 0x0140  IRENUM - ok
17:02:20.0171 0x0140  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:02:20.0187 0x0140  isapnp - ok
17:02:20.0375 0x0140  [ 9ECF00E19736054E019C532AED8228FC, F5A64A8269EA3655BBD4850298F335C0BD30535258928ED7CE62A32A3363E60B ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
17:02:20.0390 0x0140  JavaQuickStarterService - ok
17:02:20.0406 0x0140  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:02:20.0406 0x0140  Kbdclass - ok
17:02:20.0421 0x0140  kbeepm - ok
17:02:20.0453 0x0140  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:02:20.0500 0x0140  kmixer - ok
17:02:21.0046 0x0140  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:02:21.0062 0x0140  KSecDD - ok
17:02:21.0156 0x0140  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
17:02:21.0437 0x0140  lanmanserver - ok
17:02:21.0484 0x0140  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:02:21.0515 0x0140  lanmanworkstation - ok
17:02:21.0531 0x0140  lbrtfdc - ok
17:02:21.0640 0x0140  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:02:21.0656 0x0140  LmHosts - ok
17:02:21.0656 0x0140  mbr - ok
17:02:21.0671 0x0140  MCVSRte - ok
17:02:21.0703 0x0140  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:02:21.0718 0x0140  Messenger - ok
17:02:21.0781 0x0140  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:02:21.0796 0x0140  Microsoft Office Groove Audit Service - ok
17:02:22.0328 0x0140  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:02:22.0406 0x0140  mnmdd - ok
17:02:22.0437 0x0140  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
17:02:23.0156 0x0140  mnmsrvc - ok
17:02:23.0203 0x0140  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:02:23.0203 0x0140  Modem - ok
17:02:23.0875 0x0140  [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:02:23.0921 0x0140  MODEMCSA - ok
17:02:23.0937 0x0140  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:02:23.0953 0x0140  Mouclass - ok
17:02:24.0484 0x0140  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:02:24.0546 0x0140  mouhid - ok
17:02:24.0640 0x0140  [ CA88E0E963BA3CF183BC898759709CCD, A2A56E12ECA5F0F41299066CC00212BFB1C3666E248AEA4554FA10D0B0E7BA26 ] mounthlp        C:\WINDOWS\system32\DRIVERS\mounthlp.sys
17:02:24.0640 0x0140  mounthlp - ok
17:02:25.0250 0x0140  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:02:25.0265 0x0140  MountMgr - ok
17:02:26.0875 0x0140  [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:02:26.0890 0x0140  MozillaMaintenance - ok
17:02:26.0906 0x0140  mraid35x - ok
17:02:26.0937 0x0140  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:02:26.0937 0x0140  MRxDAV - ok
17:02:28.0171 0x0140  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:02:28.0250 0x0140  MRxSmb - ok
17:02:28.0296 0x0140  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
17:02:28.0312 0x0140  MSDTC - ok
17:02:28.0375 0x0140  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:02:28.0375 0x0140  Msfs - ok
17:02:28.0421 0x0140  [ 877FFD0FB093B80F5ED6BA64D7921881, E8E02F529674ED51454BD932942A71D20672CC96A00A2AF0C1F5C0259230EE61 ] Msikbd2k        C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
17:02:28.0437 0x0140  Msikbd2k - ok
17:02:28.0437 0x0140  MSIServer - ok
17:02:28.0468 0x0140  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:02:28.0484 0x0140  MSKSSRV - ok
17:02:28.0578 0x0140  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:02:28.0593 0x0140  MSPCLOCK - ok
17:02:28.0625 0x0140  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:02:28.0625 0x0140  MSPQM - ok
17:02:28.0656 0x0140  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:02:28.0671 0x0140  mssmbios - ok
17:02:28.0734 0x0140  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:02:28.0734 0x0140  Mup - ok
17:02:28.0781 0x0140  [ A1520761F42DBB06DB7929D6FA9753EA, FFD1D4B3C057371126CAC9D19ADA26762EBE8B61EE533073C91B2804ABC4CF89 ] MxlW2k          C:\WINDOWS\system32\drivers\MxlW2k.sys
17:02:28.0796 0x0140  MxlW2k - ok
17:02:29.0390 0x0140  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
17:02:29.0468 0x0140  napagent - ok
17:02:30.0031 0x0140  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:02:30.0062 0x0140  NDIS - ok
17:02:30.0593 0x0140  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:02:30.0609 0x0140  NdisTapi - ok
17:02:30.0625 0x0140  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:02:30.0625 0x0140  Ndisuio - ok
17:02:30.0656 0x0140  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:02:30.0687 0x0140  NdisWan - ok
17:02:31.0187 0x0140  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:02:31.0203 0x0140  NDProxy - ok
17:02:31.0234 0x0140  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:02:31.0234 0x0140  NetBIOS - ok
17:02:31.0796 0x0140  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:02:32.0359 0x0140  NetBT - ok
17:02:32.0921 0x0140  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:02:32.0937 0x0140  NetDDE - ok
17:02:32.0953 0x0140  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:02:32.0953 0x0140  NetDDEdsdm - ok
17:02:33.0640 0x0140  [ 38CE271DAC632044AA18A7457CBBE2D2, 342D07965BCA402364CB87E98A8EFDBAA69DFBB129D36B658C0B91223AB0AAEE ] NETGEARGenieDaemon C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
17:02:34.0156 0x0140  NETGEARGenieDaemon - ok
17:02:34.0406 0x0140  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:02:34.0437 0x0140  Netlogon - ok
17:02:35.0078 0x0140  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
17:02:35.0609 0x0140  Netman - ok
17:02:36.0265 0x0140  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:02:36.0281 0x0140  NetTcpPortSharing - ok
17:02:36.0328 0x0140  [ 522215532916836B9CA19EE30658F3C1, 9BD1917290E7CE5B1B9C62502E0A4BBAAC46F6612B540EBE82835A223214C19A ] Nhksrv          C:\WINDOWS\Nhksrv.exe
17:03:07.0734 0x0140  Nhksrv - ok
17:03:08.0078 0x0140  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:03:08.0109 0x0140  NIC1394 - ok
17:03:08.0109 0x0140  NielGfx - ok
17:03:08.0171 0x0140  nielprt - ok
17:03:08.0218 0x0140  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
17:03:08.0281 0x0140  Nla - ok
17:03:08.0343 0x0140  [ B48DC6ABCD3AEFF8618350CCBDC6B09A, 824D8B03E061DDD0D33EF9F03C669B13E7B6E339684009BD44D69178C45E2DE1 ] NPF             C:\WINDOWS\system32\drivers\npf.sys
17:03:08.0343 0x0140  NPF - ok
17:03:08.0375 0x0140  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:03:08.0375 0x0140  Npfs - ok
17:03:08.0515 0x0140  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:03:08.0656 0x0140  Ntfs - ok
17:03:08.0687 0x0140  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
17:03:08.0703 0x0140  NtLmSsp - ok
17:03:08.0890 0x0140  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:03:10.0406 0x0140  NtmsSvc - ok
17:03:10.0453 0x0140  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:03:10.0468 0x0140  Null - ok
17:03:10.0640 0x0140  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:03:10.0687 0x0140  NwlnkFlt - ok
17:03:10.0718 0x0140  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:03:11.0593 0x0140  NwlnkFwd - ok
17:03:13.0578 0x0140  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:03:14.0203 0x0140  odserv - ok
17:03:14.0968 0x0140  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:03:14.0984 0x0140  ohci1394 - ok
17:03:15.0453 0x0140  [ CEC7E2C6C1FA00C7AB2F5434F848AE51, 399CF962689652F6B3906F40D20EE7BBDA856CD56031A65C5A1E8718016FCE90 ] OMCI            C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
17:03:15.0468 0x0140  OMCI - ok
17:03:16.0140 0x0140  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:03:16.0781 0x0140  ose - ok
17:03:16.0843 0x0140  [ 1A15AE948AFDF74E973F054D4E4FA607, 9918772F1CC35F8CF8E637C55B982AAEA2C97A772EEBF36EE2B82920A7EC2788 ] ossrv           C:\WINDOWS\system32\drivers\ctoss2k.sys
17:03:17.0046 0x0140  ossrv - ok
17:03:17.0640 0x0140  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
17:03:17.0718 0x0140  Parport - ok
17:03:17.0718 0x0140  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:03:17.0734 0x0140  PartMgr - ok
17:03:17.0796 0x0140  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:03:17.0812 0x0140  ParVdm - ok
17:03:18.0406 0x0140  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:03:18.0421 0x0140  PCI - ok
17:03:18.0421 0x0140  PCIDump - ok
17:03:18.0437 0x0140  PCIIde - ok
17:03:18.0468 0x0140  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
17:03:18.0984 0x0140  Pcmcia - ok
17:03:19.0000 0x0140  PDCOMP - ok
17:03:19.0015 0x0140  PDFRAME - ok
17:03:19.0046 0x0140  PDRELI - ok
17:03:19.0062 0x0140  PDRFRAME - ok
17:03:19.0062 0x0140  perc2 - ok
17:03:19.0093 0x0140  perc2hib - ok
17:03:19.0234 0x0140  [ D0A7467AFF534B23D0B31D073713A584, 1030A1BF05D15E7BA9950C9E0936B565BA7825633853AC6E6AD63071D46DA914 ] PfModNT         C:\WINDOWS\System32\PfModNT.sys
17:03:19.0250 0x0140  PfModNT - ok
17:03:19.0296 0x0140  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
17:03:19.0296 0x0140  PlugPlay - ok
17:03:19.0875 0x0140  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:03:19.0890 0x0140  PolicyAgent - ok
17:03:20.0562 0x0140  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:03:21.0203 0x0140  PptpMiniport - ok
17:03:21.0234 0x0140  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
17:03:21.0250 0x0140  Processor - ok
17:03:21.0859 0x0140  [ B6984BF7A1B120D1059426169E665501, 90A610FACE484F1331EAB5F5C97E960AEA5A881E4F043DA029F62E1D32D23F67 ] PROCEXP90       C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
17:03:21.0875 0x0140  PROCEXP90 - ok
17:03:22.0468 0x0140  [ F2E3C8F1EB6BA0733E0A1F6373DF7957, 757D9738E168D2CBECF4CB1D26A582104BE42BB200A3E679B9F2BC6EC86D4691 ] prodrv06        C:\WINDOWS\System32\drivers\prodrv06.sys
17:03:22.0625 0x0140  prodrv06 - ok
17:03:22.0656 0x0140  [ 150307B52807D0C493C605AB913038AD, 6E3EECE8ACE72274728D8607306BB9EF7095707842C15D91CF09646422A7103D ] prohlp02        C:\WINDOWS\system32\drivers\prohlp02.sys
17:03:23.0312 0x0140  prohlp02 - ok
17:03:23.0953 0x0140  [ F3471E7971EE62420451D958DA635064, 7F6CA14D455AB43B31F0D2B2B431EF1180E258D670C2E362E248CC6E55665718 ] prosync1        C:\WINDOWS\system32\drivers\prosync1.sys
17:03:23.0968 0x0140  prosync1 - ok
17:03:24.0000 0x0140  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:03:24.0015 0x0140  ProtectedStorage - ok
17:03:24.0718 0x0140  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:03:24.0781 0x0140  PSched - ok
17:03:24.0859 0x0140  [ 365622E1F0B6D5F9871D76E89BF0501A, FDEFB12866BF7254C7312A4A653C757BA743ABD7144647E8ED2C2E266DE0193A ] PSI             C:\WINDOWS\system32\DRIVERS\psi_mf.sys
17:03:24.0875 0x0140  PSI - ok
17:03:25.0500 0x0140  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:03:25.0531 0x0140  Ptilink - ok
17:03:26.0890 0x0140  [ D86B4A68565E444D76457F14172C875A, 06B1CF81A62B3DAA8D0C5A8B88C56A504DE8E9278C520F754AF363A6676C58B0 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:03:27.0515 0x0140  PxHelp20 - ok
17:03:27.0546 0x0140  ql1080 - ok
17:03:27.0562 0x0140  Ql10wnt - ok
17:03:27.0593 0x0140  ql12160 - ok
17:03:27.0609 0x0140  ql1240 - ok
17:03:27.0625 0x0140  ql1280 - ok
17:03:27.0671 0x0140  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:03:27.0671 0x0140  RasAcd - ok
17:03:27.0734 0x0140  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:03:27.0781 0x0140  RasAuto - ok
17:03:27.0812 0x0140  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:03:27.0843 0x0140  Rasl2tp - ok
17:03:28.0000 0x0140  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:03:28.0062 0x0140  RasMan - ok
17:03:28.0093 0x0140  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:03:28.0109 0x0140  RasPppoe - ok
17:03:28.0734 0x0140  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:03:28.0781 0x0140  Raspti - ok
17:03:29.0375 0x0140  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:03:29.0390 0x0140  Rdbss - ok
17:03:29.0406 0x0140  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:03:30.0078 0x0140  RDPCDD - ok
17:03:30.0656 0x0140  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:03:30.0671 0x0140  RDPWD - ok
17:03:31.0296 0x0140  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:03:31.0328 0x0140  RDSessMgr - ok
17:03:31.0375 0x0140  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:03:31.0437 0x0140  redbook - ok
17:03:32.0062 0x0140  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:03:32.0078 0x0140  RemoteAccess - ok
17:03:32.0765 0x0140  [ F17713D108ACA124A139FDE877EEF68A, AB254B8B4BDB10685280A8595CA69FEA2F1E68923E676C8CAF3F5468AE4C566E ] RimUsb          C:\WINDOWS\system32\Drivers\RimUsb.sys
17:03:33.0500 0x0140  RimUsb - ok
17:03:33.0578 0x0140  [ 2C4FB2E9F039287767C384E46EE91030, 5290E9457256C007A3FCAE246D0C536179C54D9F4B365E3143B9D0764FCBFCDB ] RimVSerPort     C:\WINDOWS\system32\DRIVERS\RimSerial.sys
17:03:34.0234 0x0140  RimVSerPort - ok
17:03:34.0890 0x0140  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
17:03:34.0890 0x0140  ROOTMODEM - ok
17:03:35.0578 0x0140  RoxLiveShare9 - ok
17:03:35.0656 0x0140  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\System32\locator.exe
17:03:35.0671 0x0140  RpcLocator - ok
17:03:37.0062 0x0140  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
17:03:37.0359 0x0140  RpcSs - ok
17:03:38.0218 0x0140  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\System32\rsvp.exe
17:03:38.0296 0x0140  RSVP - ok
17:03:38.0328 0x0140  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:03:38.0343 0x0140  SamSs - ok
17:03:38.0421 0x0140  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:03:38.0421 0x0140  SASDIFSV - ok
17:03:38.0453 0x0140  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:03:38.0484 0x0140  SASKUTIL - ok
17:03:38.0546 0x0140  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:03:39.0109 0x0140  SCardSvr - ok
17:03:39.0187 0x0140  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:03:39.0218 0x0140  Schedule - ok
17:03:39.0281 0x0140  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:03:39.0281 0x0140  Secdrv - ok
17:03:39.0343 0x0140  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:03:39.0343 0x0140  seclogon - ok
17:03:40.0156 0x0140  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
17:03:40.0265 0x0140  SENS - ok
17:03:40.0906 0x0140  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
17:03:40.0906 0x0140  serenum - ok
17:03:40.0953 0x0140  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
17:03:41.0015 0x0140  Serial - ok
17:03:41.0656 0x0140  [ 00DE597B81B381053CB5B21A7F20E365, F9BF3D90587BD1D2CD2C1CF5F04D02183A3AADE38ACB9D19122959F385BBAD3D ] sfdrv01         C:\WINDOWS\system32\drivers\sfdrv01.sys
17:03:41.0656 0x0140  sfdrv01 - ok
17:03:42.0328 0x0140  [ 462AEE0EA0481EA8BD45CAC876A4CCC4, C26AF130C2FB4234B6AA5EE979DEFDFAC38EA038D6046495196F8DF62DEE4120 ] sfhlp01         C:\WINDOWS\system32\drivers\sfhlp01.sys
17:03:42.0359 0x0140  sfhlp01 - ok
17:03:42.0375 0x0140  [ 64B9AB76F1B16EB059CB6CDD906C067A, 1123D705562EF1B4F70C3DFC88F6C7332D5A73D732AE9684A089CA1D1C4B7F53 ] sfhlp02         C:\WINDOWS\system32\drivers\sfhlp02.sys
17:03:42.0375 0x0140  sfhlp02 - ok
17:03:42.0406 0x0140  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
17:03:42.0421 0x0140  Sfloppy - ok
17:03:43.0031 0x0140  [ 798D918D8F20380008277CE3CE5319D1, F65F4E3756FD4AA999E5DF942FEAEBF0582FFBEBF9E869C14E646C79518D78FA ] sfsync02        C:\WINDOWS\system32\drivers\sfsync02.sys
17:03:43.0031 0x0140  sfsync02 - ok
17:03:43.0843 0x0140  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:03:44.0656 0x0140  SharedAccess - ok
17:03:44.0843 0x0140  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:03:44.0859 0x0140  ShellHWDetection - ok
17:03:44.0875 0x0140  Simbad - ok
17:03:44.0921 0x0140  SiwvidStart - ok
17:03:44.0968 0x0140  Sparrow - ok
17:03:45.0000 0x0140  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:03:45.0000 0x0140  splitter - ok
17:03:45.0046 0x0140  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:03:45.0062 0x0140  Spooler - ok
17:03:45.0093 0x0140  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:03:45.0093 0x0140  sr - ok
17:03:45.0140 0x0140  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
17:03:45.0171 0x0140  srservice - ok
17:03:45.0234 0x0140  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:03:46.0000 0x0140  Srv - ok
17:03:46.0031 0x0140  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:03:46.0046 0x0140  SSDPSRV - ok
17:03:47.0375 0x0140  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:03:48.0031 0x0140  stisvc - ok
17:03:48.0062 0x0140  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:03:48.0078 0x0140  swenum - ok
17:03:48.0093 0x0140  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:03:48.0109 0x0140  swmidi - ok
17:03:48.0125 0x0140  SwPrv - ok
17:03:48.0734 0x0140  symc810 - ok
17:03:48.0781 0x0140  symc8xx - ok
17:03:48.0812 0x0140  sym_hi - ok
17:03:48.0828 0x0140  sym_u3 - ok
17:03:48.0859 0x0140  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:03:48.0890 0x0140  sysaudio - ok
17:03:48.0953 0x0140  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:03:49.0531 0x0140  SysmonLog - ok
17:03:49.0593 0x0140  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:03:50.0468 0x0140  TapiSrv - ok
17:03:50.0515 0x0140  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:03:50.0562 0x0140  Tcpip - ok
17:03:50.0578 0x0140  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:03:50.0593 0x0140  TDPIPE - ok
17:03:51.0171 0x0140  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:03:51.0265 0x0140  TDTCP - ok
17:03:51.0281 0x0140  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:03:51.0296 0x0140  TermDD - ok
17:03:51.0343 0x0140  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
17:03:51.0937 0x0140  TermService - ok
17:03:51.0984 0x0140  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:03:52.0656 0x0140  Themes - ok
17:03:52.0671 0x0140  TosIde - ok
17:03:52.0750 0x0140  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:03:52.0765 0x0140  TrkWks - ok
17:03:53.0359 0x0140  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:03:53.0375 0x0140  Udfs - ok
17:03:53.0390 0x0140  ultra - ok
17:03:54.0078 0x0140  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:03:54.0640 0x0140  Update - ok
17:03:54.0687 0x0140  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:03:55.0343 0x0140  upnphost - ok
17:03:55.0421 0x0140  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
17:03:55.0484 0x0140  UPS - ok
17:03:55.0546 0x0140  [ 83CAFCB53201BBAC04D822F32438E244, E3F6FDE4D429FB630B19417DD9752A2CE9F6C9FD58918D714B5438A3D4136853 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
17:03:55.0562 0x0140  USBAAPL - ok
17:03:55.0609 0x0140  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:03:55.0640 0x0140  usbccgp - ok
17:03:55.0671 0x0140  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:03:55.0687 0x0140  usbehci - ok
17:03:55.0734 0x0140  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:03:55.0750 0x0140  usbhub - ok
17:03:55.0765 0x0140  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:03:55.0796 0x0140  usbprint - ok
17:03:55.0828 0x0140  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:03:55.0843 0x0140  usbscan - ok
17:03:55.0875 0x0140  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:03:56.0500 0x0140  USBSTOR - ok
17:03:56.0515 0x0140  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:03:56.0531 0x0140  usbuhci - ok
17:03:56.0609 0x0140  [ 2A7A8AD9D39A2FAF9D9293B5DAFF3A4B, 38C6F6A440B718C75F7A1361297ACE671FC258B75BDCE9E0C27D497E3DF03C61 ] USB_RNDIS       C:\WINDOWS\system32\DRIVERS\usb8023.sys
17:03:57.0187 0x0140  USB_RNDIS - ok
17:03:57.0203 0x0140  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:03:57.0250 0x0140  VgaSave - ok
17:03:57.0265 0x0140  ViaIde - ok
17:03:57.0953 0x0140  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:03:57.0984 0x0140  VolSnap - ok
17:03:58.0000 0x0140  vsdatant - ok
17:03:58.0562 0x0140  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
17:03:59.0265 0x0140  VSS - ok
17:03:59.0312 0x0140  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
17:03:59.0953 0x0140  W32Time - ok
17:04:00.0000 0x0140  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:04:00.0031 0x0140  Wanarp - ok
17:04:00.0046 0x0140  wanatw - ok
17:04:00.0859 0x0140  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
17:04:01.0015 0x0140  Wdf01000 - ok
17:04:01.0046 0x0140  WDICA - ok
17:04:01.0109 0x0140  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:04:01.0125 0x0140  wdmaud - ok
17:04:01.0843 0x0140  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:04:02.0765 0x0140  WebClient - ok
17:04:03.0437 0x0140  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:04:03.0531 0x0140  winmgmt - ok
17:04:04.0265 0x0140  [ 668056D5C3C11AB7D266819A96B964E8, 770A3D5758495A535A0CEC1D51740474F47A6982554D8D9BDC3A8A19E1D21304 ] WMDM PMSP Service C:\WINDOWS\System32\MsPMSPSv.exe
17:04:04.0859 0x0140  WMDM PMSP Service - ok
17:04:04.0921 0x0140  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
17:04:04.0937 0x0140  WmdmPmSN - ok
17:04:05.0609 0x0140  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:04:05.0609 0x0140  WmiApSrv - ok
17:04:06.0328 0x0140  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
17:04:07.0187 0x0140  WMPNetworkSvc - ok
17:04:07.0234 0x0140  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:04:07.0250 0x0140  WpdUsb - ok
17:04:08.0687 0x0140  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:04:09.0468 0x0140  WPFFontCache_v0400 - ok
17:04:10.0125 0x0140  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:04:10.0171 0x0140  WS2IFSL - ok
17:04:10.0250 0x0140  [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] Ws2_u3          C:\WINDOWS\system32\drivers\ks.sys
17:04:10.0843 0x0140  Ws2_u3 - ok
17:04:11.0578 0x0140  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:04:11.0625 0x0140  wscsvc - ok
17:04:11.0671 0x0140  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:04:11.0703 0x0140  wuauserv - ok
17:04:11.0765 0x0140  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:04:11.0781 0x0140  WudfPf - ok
17:04:11.0828 0x0140  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:04:11.0859 0x0140  WudfRd - ok
17:04:11.0906 0x0140  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
17:04:11.0921 0x0140  WudfSvc - ok
17:04:12.0562 0x0140  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:04:13.0343 0x0140  WZCSVC - ok
17:04:13.0406 0x0140  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:04:13.0437 0x0140  xmlprov - ok
17:04:14.0046 0x0140  ================ Scan global ===============================
17:04:14.0656 0x0140  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
17:04:15.0390 0x0140  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
17:04:16.0109 0x0140  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
17:04:16.0156 0x0140  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
17:04:16.0171 0x0140  [ Global ] - ok
17:04:16.0171 0x0140  ================ Scan MBR ==================================
17:04:16.0187 0x0140  [ 22E7F0E7E70E532DDD9753FA48DB71D7 ] \Device\Harddisk0\DR0
17:04:16.0843 0x0140  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b ( 0 )
17:04:16.0843 0x0140  \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
17:04:19.0906 0x0140  ================ Scan VBR ==================================
17:04:19.0937 0x0140  [ 37C09CED81222F760B5B7CA24D8A3F23 ] \Device\Harddisk0\DR0\Partition1
17:04:19.0937 0x0140  \Device\Harddisk0\DR0\Partition1 - ok
17:04:19.0953 0x0140  Waiting for KSN requests completion. In queue: 71
17:04:22.0515 0x0140  AV detected via SS1: avast! Antivirus, 5.0.134219225, enabled, updated
17:04:22.0515 0x0140  FW detected via SS1: COMODO Firewall, 6.0, enabled
17:04:25.0421 0x0140  ============================================================
17:04:25.0421 0x0140  Scan finished
17:04:25.0421 0x0140  ============================================================
17:04:25.0515 0x0c00  Detected object count: 2
17:04:25.0515 0x0c00  Actual detected object count: 2
17:06:07.0046 0x0c00  cmdAgent ( ForgedFile.Multi.Generic ) - skipped by user
17:06:07.0046 0x0c00  cmdAgent ( ForgedFile.Multi.Generic ) - User select action: Skip
17:06:09.0796 0x0c00  \Device\Harddisk0\DR0\# - copied to quarantine
17:06:09.0796 0x0c00  \Device\Harddisk0\DR0 - copied to quarantine
17:06:11.0718 0x0c00  \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
17:06:12.0437 0x0c00  \Device\Harddisk0\DR0 - ok
17:06:12.0437 0x0c00  \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
17:06:35.0421 0x0c00  KLMD registered as C:\WINDOWS\system32\drivers\43383932.sys
17:07:41.0578 0x0da4  Deinitialize success
 


Edited by L Dub, 28 November 2013 - 05:06 PM.


#10 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 28 November 2013 - 05:04 PM

=============

JRT LOG

=============

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Larry on Wed 11/27/2013 at 21:22:27.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/27/2013 at 22:19:28.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


=============

ESET LOG

=============

 

 

C:\Documents and Settings\Larry\Local Settings\temp\EE712B77-BAB0-7891-A8C5-211A5DC13DFF\Latest\IEHelper.dll    Win32/Toolbar.Babylon.E application    cleaned by deleting - quarantined
C:\Documents and Settings\Larry\My Documents\Applications\picpick_inst.exe    Win32/InstallMonetizer.AN application    cleaned by deleting - quarantined
C:\Documents and Settings\Larry\My Documents\Downloads\cbsidlm-cbsi134-Ashampoo_Internet_Accelerator-ORG-10699423.exe    a variant of Win32/CNETInstaller.B application    cleaned by deleting - quarantined
C:\Program Files\BitLord\Downloads\Adobe Photoshop CS2 RETAIL\Adobe_Photoshop_CS2_RETAIL.iso    a variant of Win32/Keygen.CW application    deleted - quarantined
 



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 01 December 2013 - 06:48 PM

Hello, went to see my dad for the holiday.. You need to reboot the PC to j=kill the rootkit jf you have not.. Also remove whar=t ADWcleaner found.

Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 02 December 2013 - 09:38 PM

Thanks. I wasn't expecting a response for a few days given the holidays and all. Hope you had a good one. I appreciate you getting back to me at your earliest convenience.

 

The time from boot up to the desktop is pretty good (has never been an issue). The only issue is it's very sluggish when it comes to opening programs. FF took about 5 mins to open. I haven't experienced any BSOD's but I'm thinking it might be the RAM going bad (unless my PC is infected with something else).

 

I tried Memtest86 but it won't run. All I get is a blue screen with a blinking cursor. I ran Windows Memory Diagnostic and it didn't show any errors.

 

 

Adware Cleaner log:

 

# AdwCleaner v3.014 - Report created 02/12/2013 at 06:36:30
# Updated 01/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Larry - BART
# Running from : C:\Documents and Settings\Larry\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\AGI
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Object
[!] Folder Deleted : C:\Documents and Settings\Larry\AGI
[!] Folder Deleted : C:\Documents and Settings\Larry\Object

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\BitLord\BitLord.exe]
Key Deleted : HKCU\Software\Viewpoint
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\clickpotatolitesa
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\aqt50qdd.default\prefs.js ]


[ File : C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\zlsfajs9.default\prefs.js ]


[ File : C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\zlsfajs9.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [10476 octets] - [27/11/2013 08:50:18]
AdwCleaner[R1].txt - [4637 octets] - [01/12/2013 19:42:21]
AdwCleaner[R2].txt - [4577 octets] - [01/12/2013 19:43:07]
AdwCleaner[R3].txt - [4565 octets] - [02/12/2013 06:17:49]
AdwCleaner[S0].txt - [4220 octets] - [01/12/2013 19:54:22]
AdwCleaner[S1].txt - [4588 octets] - [02/12/2013 06:36:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4648 octets] ##########
 



#13 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 02 December 2013 - 10:04 PM

Spoke too soon! Received the BSOD Stop: 0x0000008E message.

 

It happened while I was trying to close FF to shut down my PC after posting to this topic.



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 02 December 2013 - 10:19 PM

Ok, I believe we are clean now.. As this error has several possibilities I suggest you post it I the XP forum so thise that know XP better than I can solve it.

Thanks
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 L Dub

L Dub
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 18 December 2013 - 04:18 PM

Boopme,

 

Thanks for all your help. I thought I'd reply to the thread so folks would know the outcome. My 10 year old PC is running like the day I first got it.

 

The BSOD's now have ceased. Come to find out the errors were being caused by Comodo firewall (v6). It's been replaced with Online Armor. I've seen online where Comodo's firewall is at the top of the list in terms of causing BSOD's.

 

Thanks again for your help and have a wonderful holiday season! :)


Edited by L Dub, 18 December 2013 - 04:19 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users