Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP (media center) affected, but infected?


  • This topic is locked This topic is locked
5 replies to this topic

#1 Gordon C

Gordon C

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:07:59 PM

Posted 14 December 2013 - 04:40 PM

This HP laptop is running XP Media Center. This particular unit has had the FBI/greendot infection before and has been successfully cleaned using hitmanpro kickstart in the past. It went back to the user with Microsoft Security Essentials and Malwarebytes as first string protection. It was brought back to me after some months in the field with the description 'has the same stuff on it that it did before'.

 

What I have not seen:

-FBI/Greendot or any of the variants

-Any direct indication of infection by any intruder

 

What I have seen:

-The system event viewer had been flushed when I got it.

-Microsoft Security Essentials (installed) and Malwarebytes (installed) fail to find intrusion.

-When I try to boot to hitmanpro kickstart media the boot 'fails to find OS'. This is true of the same media I'd used on it before AND one that I built when that previous one failed to start.

-Malwarebytes rootkit scanner fails to find an issue.

-IE8 starts but ALWAYS issues a warning that "A program on your computer has corrupted your default search provider setting for Internet Explorer. Internet Explorer has reset this setting to your original search provider, Live Search (search.love.com). Internet Explorer will now open Search Settings, where you  can change this setting or install more search providers." It does open the settings dialogue and you can add search providers but you CANNOT change the default. Any attempt to change the default is ignored (i.e. the 'make default' button is not grayed out but produces no reaction at all). If Live Search is selected the 'delete' button is grayed out.

-Downloading other browsers was fraught with hazard. Notifications of certificate errors, etc. did their best to keep other browsers at bay.

 

Restore media is not handy so am trying to get this sorted out without reinstalling Windows if possible. Any help very much appreciated.


Edited by Gordon C, 14 December 2013 - 06:31 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:59 PM

Posted 14 December 2013 - 05:55 PM

Please download TDSSKiller exe version to your desktop.
Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.

Click on Change Parameters and click Detect TDLFS File System.
    Click the Start Scan button.
    Do not use the computer during the scan
    If the scan completes with nothing found, click Close to exit.
    If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    A TDSSKiller text file would be saved in Local Disk C.
    Copy and paste the contents of that file in your next reply.


ADW Cleaner


Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#3 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:07:59 PM

Posted 15 December 2013 - 12:05 PM

Here are the logs requested.
Please note the ADWCleaner log was not in the root directory as indicated so I ran it a second time to see where
it put the log file. The first run quarantined something called Viewpoint Media Player.

 

 

10:48:51.0239 0x06ac  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
10:48:58.0801 0x06ac  ============================================================
10:48:58.0801 0x06ac  Current date / time: 2013/12/15 10:48:58.0801
10:48:58.0801 0x06ac  SystemInfo:
10:48:58.0801 0x06ac 
10:48:58.0801 0x06ac  OS Version: 5.1.2600 ServicePack: 3.0
10:48:58.0801 0x06ac  Product type: Workstation
10:48:58.0801 0x06ac  ComputerName: PC139223223129
10:48:58.0801 0x06ac  UserName: boss
10:48:58.0801 0x06ac  Windows directory: C:\WINDOWS
10:48:58.0801 0x06ac  System windows directory: C:\WINDOWS
10:48:58.0801 0x06ac  Processor architecture: Intel x86
10:48:58.0801 0x06ac  Number of processors: 2
10:48:58.0801 0x06ac  Page size: 0x1000
10:48:58.0801 0x06ac  Boot type: Normal boot
10:48:58.0801 0x06ac  ============================================================
10:48:59.0504 0x06ac  KLMD registered as C:\WINDOWS\system32\drivers\99918238.sys
10:48:59.0817 0x06ac  System UUID: {5A3BF981-806C-A96F-DC44-87956F77EFE2}
10:49:02.0160 0x06ac  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:49:02.0504 0x06ac  Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:49:02.0629 0x06ac  Drive \Device\Harddisk2\DR6 - Size: 0x6E680000 (1.73 Gb), SectorSize: 0x200, Cylinders: 0xE1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:49:02.0629 0x06ac  ============================================================
10:49:02.0629 0x06ac  \Device\Harddisk0\DR0:
10:49:02.0629 0x06ac  MBR partitions:
10:49:02.0629 0x06ac  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7BA37C7
10:49:02.0629 0x06ac  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x7BA76C7, BlocksNum 0x1765137
10:49:02.0629 0x06ac  \Device\Harddisk1\DR1:
10:49:02.0645 0x06ac  MBR partitions:
10:49:02.0645 0x06ac  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
10:49:02.0645 0x06ac  \Device\Harddisk2\DR6:
10:49:02.0645 0x06ac  MBR partitions:
10:49:02.0645 0x06ac  \Device\Harddisk2\DR6\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3727A1
10:49:02.0645 0x06ac  ============================================================
10:49:02.0645 0x06ac  C: <-> \Device\Harddisk0\DR0\Partition1
10:49:02.0692 0x06ac  D: <-> \Device\Harddisk1\DR1\Partition1
10:49:02.0707 0x06ac  E: <-> \Device\Harddisk0\DR0\Partition2
10:49:02.0707 0x06ac  ============================================================
10:49:02.0707 0x06ac  Initialize success
10:49:02.0707 0x06ac  ============================================================
10:49:23.0067 0x02a0  ============================================================
10:49:23.0067 0x02a0  Scan started
10:49:23.0067 0x02a0  Mode: Manual; TDLFS;
10:49:23.0067 0x02a0  ============================================================
10:49:23.0067 0x02a0  KSN ping started
10:49:47.0098 0x02a0  KSN ping finished: true
10:49:47.0426 0x02a0  ================ Scan system memory ========================
10:49:47.0426 0x02a0  System memory - ok
10:49:47.0426 0x02a0  ================ Scan services =============================
10:49:47.0645 0x02a0  [ D2142FEE659D97B2B05820F21594BFE2, 7F148907A6A5C898FD7DCB5F34E119C1CA070BE119D53B2A5BFAA067D3AB1B54 ] 5U870CAP_VID_1262&PID_25FD C:\WINDOWS\system32\Drivers\5U870CAP.sys
10:49:47.0660 0x02a0  5U870CAP_VID_1262&PID_25FD - ok
10:49:47.0910 0x02a0  [ C07D5197410AAB28D0D93F943F59656D, 482164BA2B57C7026A7DF3213E0AC59B752A898D9B880BC0629F9CADD05D2894 ] 6to4            C:\WINDOWS\System32\6to4svc.dll
10:49:47.0910 0x02a0  6to4 - ok
10:49:47.0926 0x02a0  Abiosdsk - ok
10:49:47.0973 0x02a0  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:49:47.0973 0x02a0  abp480n5 - ok
10:49:48.0035 0x02a0  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:49:48.0035 0x02a0  ACPI - ok
10:49:48.0051 0x02a0  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:49:48.0051 0x02a0  ACPIEC - ok
10:49:48.0176 0x02a0  [ 746742588C07DB53731143229E2EE450, EB38EB49E104DA83ECA0C5F6A7157ADAEDB0CE72CE4659DBCF24AFC773CE1B3B ] AddFiltr        C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
10:49:48.0301 0x02a0  AddFiltr - ok
10:49:48.0379 0x02a0  [ 177FF6608B48638D4066726F3A3F8444, D0D7B7EAEFDF30210CE4D31E9C7AB349CEB862A452D5925E698B60204AAE8A49 ] AdobeActiveFileMonitor5.0 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
10:49:48.0442 0x02a0  AdobeActiveFileMonitor5.0 - ok
10:49:48.0535 0x02a0  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:49:48.0551 0x02a0  AdobeFlashPlayerUpdateSvc - ok
10:49:48.0582 0x02a0  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:49:48.0598 0x02a0  adpu160m - ok
10:49:48.0629 0x02a0  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:49:48.0629 0x02a0  aec - ok
10:49:48.0676 0x02a0  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:49:48.0692 0x02a0  AFD - ok
10:49:48.0739 0x02a0  [ C685CC27A2E637F0DCB5A45E67CC6F74, 59AA0EBB158887790A243017D9D60B633302E49A0D4AE394A81EB79CC8E5774B ] AFS2K           C:\WINDOWS\system32\drivers\AFS2K.sys
10:49:48.0785 0x02a0  AFS2K - ok
10:49:48.0848 0x02a0  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
10:49:48.0848 0x02a0  agp440 - ok
10:49:48.0879 0x02a0  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:49:48.0879 0x02a0  agpCPQ - ok
10:49:48.0926 0x02a0  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:49:48.0926 0x02a0  Aha154x - ok
10:49:48.0942 0x02a0  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:49:48.0942 0x02a0  aic78u2 - ok
10:49:49.0004 0x02a0  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:49:49.0004 0x02a0  aic78xx - ok
10:49:49.0035 0x02a0  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:49:49.0035 0x02a0  Alerter - ok
10:49:49.0067 0x02a0  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
10:49:49.0067 0x02a0  ALG - ok
10:49:49.0082 0x02a0  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
10:49:49.0082 0x02a0  AliIde - ok
10:49:49.0114 0x02a0  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:49:49.0114 0x02a0  alim1541 - ok
10:49:49.0129 0x02a0  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:49:49.0129 0x02a0  amdagp - ok
10:49:49.0145 0x02a0  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
10:49:49.0145 0x02a0  amsint - ok
10:49:49.0239 0x02a0  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
10:49:49.0239 0x02a0  AppMgmt - ok
10:49:49.0285 0x02a0  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:49:49.0301 0x02a0  Arp1394 - ok
10:49:49.0317 0x02a0  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
10:49:49.0332 0x02a0  asc - ok
10:49:49.0348 0x02a0  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:49:49.0348 0x02a0  asc3350p - ok
10:49:49.0395 0x02a0  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:49:49.0395 0x02a0  asc3550 - ok
10:49:49.0457 0x02a0  [ D880831279ED91F9A4190A2DB9539EA9, EAF7D48E026C99EE9C4BC838A3004966517F948051B39DA5B5072F6DE81165AB ] ASCTRM          C:\WINDOWS\system32\drivers\ASCTRM.sys
10:49:49.0535 0x02a0  ASCTRM - ok
10:49:49.0692 0x02a0  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:49:49.0707 0x02a0  aspnet_state - ok
10:49:49.0723 0x02a0  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:49:49.0723 0x02a0  AsyncMac - ok
10:49:49.0770 0x02a0  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
10:49:49.0770 0x02a0  atapi - ok
10:49:49.0770 0x02a0  Atdisk - ok
10:49:49.0801 0x02a0  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:49:49.0817 0x02a0  Atmarpc - ok
10:49:49.0864 0x02a0  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:49:49.0864 0x02a0  AudioSrv - ok
10:49:49.0910 0x02a0  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:49:49.0910 0x02a0  audstub - ok
10:49:49.0942 0x02a0  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:49:49.0942 0x02a0  Beep - ok
10:49:50.0004 0x02a0  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
10:49:50.0035 0x02a0  BITS - ok
10:49:50.0098 0x02a0  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
10:49:50.0098 0x02a0  Browser - ok
10:49:50.0129 0x02a0  [ 4272BAB9291D26DA5AC913BC79C3CE85, D237660433483B4C78E633D97C5C994BE0F2972888CF6E5DB2FDA0E86E1471F4 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
10:49:50.0145 0x02a0  BTWUSB - ok
10:49:50.0239 0x02a0  catchme - ok
10:49:50.0270 0x02a0  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:49:50.0270 0x02a0  cbidf - ok
10:49:50.0270 0x02a0  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:49:50.0270 0x02a0  cbidf2k - ok
10:49:50.0332 0x02a0  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:49:50.0332 0x02a0  CCDECODE - ok
10:49:50.0348 0x02a0  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:49:50.0348 0x02a0  cd20xrnt - ok
10:49:50.0364 0x02a0  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:49:50.0364 0x02a0  Cdaudio - ok
10:49:50.0395 0x02a0  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:49:50.0410 0x02a0  Cdfs - ok
10:49:50.0442 0x02a0  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:49:50.0442 0x02a0  Cdrom - ok
10:49:50.0442 0x02a0  Changer - ok
10:49:50.0504 0x02a0  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
10:49:50.0504 0x02a0  CiSvc - ok
10:49:50.0551 0x02a0  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:49:50.0551 0x02a0  ClipSrv - ok
10:49:50.0629 0x02a0  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:49:50.0629 0x02a0  clr_optimization_v2.0.50727_32 - ok
10:49:50.0723 0x02a0  CLTNetCnService - ok
10:49:50.0739 0x02a0  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:49:50.0739 0x02a0  CmBatt - ok
10:49:50.0785 0x02a0  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:49:50.0785 0x02a0  CmdIde - ok
10:49:50.0832 0x02a0  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:49:50.0832 0x02a0  Compbatt - ok
10:49:50.0848 0x02a0  COMSysApp - ok
10:49:50.0864 0x02a0  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:49:50.0864 0x02a0  Cpqarray - ok
10:49:50.0895 0x02a0  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:49:50.0895 0x02a0  CryptSvc - ok
10:49:50.0942 0x02a0  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:49:50.0942 0x02a0  dac2w2k - ok
10:49:50.0973 0x02a0  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:49:50.0973 0x02a0  dac960nt - ok
10:49:51.0067 0x02a0  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:49:51.0082 0x02a0  DcomLaunch - ok
10:49:51.0129 0x02a0  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:49:51.0145 0x02a0  Dhcp - ok
10:49:51.0160 0x02a0  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:49:51.0160 0x02a0  Disk - ok
10:49:51.0160 0x02a0  dlcc_device - ok
10:49:51.0176 0x02a0  dmadmin - ok
10:49:51.0270 0x02a0  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:49:51.0301 0x02a0  dmboot - ok
10:49:51.0317 0x02a0  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:49:51.0332 0x02a0  dmio - ok
10:49:51.0332 0x02a0  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:49:51.0332 0x02a0  dmload - ok
10:49:51.0395 0x02a0  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:49:51.0395 0x02a0  dmserver - ok
10:49:51.0410 0x02a0  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:49:51.0410 0x02a0  DMusic - ok
10:49:51.0473 0x02a0  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:49:51.0473 0x02a0  Dnscache - ok
10:49:51.0567 0x02a0  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:49:51.0567 0x02a0  Dot3svc - ok
10:49:51.0582 0x02a0  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:49:51.0582 0x02a0  dpti2o - ok
10:49:51.0598 0x02a0  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:49:51.0598 0x02a0  drmkaud - ok
10:49:51.0660 0x02a0  [ F239EC59B4A30266A4A7B081A5DEE0FC, 002D685174A2FCDDF89AE275DF5705D4ADB848F3D250EFA9893A49625777D800 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
10:49:51.0676 0x02a0  e1express - ok
10:49:51.0707 0x02a0  [ B5CB3084046146FD2587D8C9B219FEB4, 8233F47FDD9DB112CEEB62EED755648E3B35032DFABAD2DCD3F6C6952D0D7D42 ] eabfiltr        C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
10:49:51.0707 0x02a0  eabfiltr - ok
10:49:51.0739 0x02a0  [ 231F4547AE1E4B3E60ECA66C3A96D218, FE13CB79024F3C1DFBD26AC4DE8AB2A00FF36D5805C7EF300B7AF2D24B3A2B92 ] eabusb          C:\WINDOWS\system32\DRIVERS\eabusb.sys
10:49:51.0739 0x02a0  eabusb - ok
10:49:51.0754 0x02a0  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
10:49:51.0754 0x02a0  EapHost - ok
10:49:51.0770 0x02a0  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:49:51.0770 0x02a0  ERSvc - ok
10:49:51.0817 0x02a0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
10:49:51.0817 0x02a0  Eventlog - ok
10:49:51.0879 0x02a0  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
10:49:51.0879 0x02a0  EventSystem - ok
10:49:51.0926 0x02a0  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:49:51.0942 0x02a0  Fastfat - ok
10:49:51.0973 0x02a0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:49:51.0989 0x02a0  FastUserSwitchingCompatibility - ok
10:49:52.0004 0x02a0  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
10:49:52.0004 0x02a0  Fdc - ok
10:49:52.0020 0x02a0  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:49:52.0035 0x02a0  Fips - ok
10:49:52.0051 0x02a0  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
10:49:52.0051 0x02a0  Flpydisk - ok
10:49:52.0067 0x02a0  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
10:49:52.0082 0x02a0  FltMgr - ok
10:49:52.0145 0x02a0  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:49:52.0145 0x02a0  FontCache3.0.0.0 - ok
10:49:52.0192 0x02a0  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:49:52.0192 0x02a0  Fs_Rec - ok
10:49:52.0207 0x02a0  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:49:52.0207 0x02a0  Ftdisk - ok
10:49:52.0223 0x02a0  gariuocj - ok
10:49:52.0239 0x02a0  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:49:52.0239 0x02a0  Gpc - ok
10:49:52.0332 0x02a0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
10:49:52.0332 0x02a0  gupdate - ok
10:49:52.0348 0x02a0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:49:52.0348 0x02a0  gupdatem - ok
10:49:52.0395 0x02a0  [ 4D4D97671C63C3AF869B3518E6054204, 2163373A69DDF2A6E63B20003B1D6E5ECC775D8D6A426BE81CEDE9A5A79E872E ] HBtnKey         C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
10:49:52.0395 0x02a0  HBtnKey - ok
10:49:52.0457 0x02a0  [ 2A6E9A118DA2DD0439551A7EB3A8F65E, 5FE172FAFC7A20166FADE865A2AE39AC05671FD146F07EB254EA70476F762716 ] HdAudAddService C:\WINDOWS\system32\drivers\CHDAud.sys
10:49:52.0473 0x02a0  HdAudAddService - ok
10:49:52.0504 0x02a0  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:49:52.0520 0x02a0  HDAudBus - ok
10:49:52.0614 0x02a0  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:49:52.0614 0x02a0  helpsvc - ok
10:49:52.0629 0x02a0  HidServ - ok
10:49:52.0676 0x02a0  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:49:52.0676 0x02a0  HidUsb - ok
10:49:52.0692 0x02a0  HitmanPro37CrusaderBoot - ok
10:49:52.0754 0x02a0  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
10:49:52.0770 0x02a0  hkmsvc - ok
10:49:52.0785 0x02a0  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
10:49:52.0785 0x02a0  hpn - ok
10:49:52.0832 0x02a0  [ 04C1DCBB226C6AE647B794833CE3CEB6, 7C89908766962169FA877D1A78C3628EDBAE2B25A3BBEE6DBB1D19C272A428D0 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
10:49:52.0832 0x02a0  hpqwmiex - ok
10:49:52.0895 0x02a0  [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:49:52.0895 0x02a0  HPZid412 - ok
10:49:52.0957 0x02a0  [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:49:52.0957 0x02a0  HPZipr12 - ok
10:49:53.0004 0x02a0  [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:49:53.0004 0x02a0  HPZius12 - ok
10:49:53.0067 0x02a0  [ 448C0FD272FE1B80046F4767DB21EB8D, 5A1A48F1DDBA00670453749C124B7CE592DF2333B440EB6593B25A3AC72B1221 ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
10:49:53.0067 0x02a0  HSFHWAZL - ok
10:49:53.0176 0x02a0  [ 2715A27DE9C17BDBAF6D6C79989A7B12, D7C2A25F9762F68AB2877F5A3F3179202C506A8888F71132446308B4B54E36C1 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
10:49:53.0223 0x02a0  HSF_DPV - ok
10:49:53.0285 0x02a0  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:49:53.0301 0x02a0  HTTP - ok
10:49:53.0317 0x02a0  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:49:53.0332 0x02a0  HTTPFilter - ok
10:49:53.0348 0x02a0  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
10:49:53.0348 0x02a0  i2omgmt - ok
10:49:53.0395 0x02a0  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:49:53.0395 0x02a0  i2omp - ok
10:49:53.0426 0x02a0  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:49:53.0426 0x02a0  i8042prt - ok
10:49:53.0551 0x02a0  [ 309C4D86D989FB1FCF64BD30DC81C51B, 90412120B005D5178E27EFD09D52005BE6CE1965E5CBB59612EAD02C5896A8A7 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
10:49:53.0582 0x02a0  iaStor - ok
10:49:53.0692 0x02a0  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:49:53.0692 0x02a0  IDriverT - ok
10:49:53.0817 0x02a0  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:49:53.0848 0x02a0  idsvc - ok
10:49:53.0864 0x02a0  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:49:53.0864 0x02a0  Imapi - ok
10:49:53.0926 0x02a0  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:49:53.0942 0x02a0  ImapiService - ok
10:49:54.0004 0x02a0  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:49:54.0004 0x02a0  ini910u - ok
10:49:54.0020 0x02a0  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
10:49:54.0020 0x02a0  IntelIde - ok
10:49:54.0067 0x02a0  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:49:54.0067 0x02a0  intelppm - ok
10:49:54.0082 0x02a0  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
10:49:54.0098 0x02a0  Ip6Fw - ok
10:49:54.0129 0x02a0  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:49:54.0129 0x02a0  IpFilterDriver - ok
10:49:54.0176 0x02a0  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:49:54.0176 0x02a0  IpInIp - ok
10:49:54.0223 0x02a0  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:49:54.0223 0x02a0  IpNat - ok
10:49:54.0254 0x02a0  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:49:54.0254 0x02a0  IPSec - ok
10:49:54.0285 0x02a0  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:49:54.0285 0x02a0  IRENUM - ok
10:49:54.0317 0x02a0  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:49:54.0317 0x02a0  isapnp - ok
10:49:54.0442 0x02a0  [ 999DB5F88C8E145CCA9D471E33227143, EA7392EE61A5117B04FA3E3CD0FA5605D733013A35A77079B0B91E22B210BA04 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:49:54.0442 0x02a0  JavaQuickStarterService - ok
10:49:54.0473 0x02a0  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:49:54.0473 0x02a0  Kbdclass - ok
10:49:54.0489 0x02a0  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:49:54.0489 0x02a0  kbdhid - ok
10:49:54.0520 0x02a0  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:49:54.0535 0x02a0  kmixer - ok
10:49:54.0567 0x02a0  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:49:54.0567 0x02a0  KSecDD - ok
10:49:54.0614 0x02a0  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
10:49:54.0614 0x02a0  lanmanserver - ok
10:49:54.0692 0x02a0  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:49:54.0692 0x02a0  lanmanworkstation - ok
10:49:54.0707 0x02a0  lbrtfdc - ok
10:49:54.0770 0x02a0  [ 86E8BCAA91FC2ACFACD99CF2BF9F1F47, 4A7B5C5FEA515E113D8031AC132004F58723B9EC1651376731EC831F87734D06 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
10:49:55.0379 0x02a0  LightScribeService - ok
10:49:55.0410 0x02a0  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:49:55.0410 0x02a0  LmHosts - ok
10:49:55.0457 0x02a0  [ 7FDB26D09B136D02562D19E7BDBEAD17, 2A19ABC22A51A269D4CB8E551386A781BB968B8251B35A8B9E5715036234293B ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
10:49:55.0551 0x02a0  mbamchameleon - ok
10:49:55.0629 0x02a0  [ DF0A511F38F16016BF658FCA0090CB87, 6D2F6360A4E1D369607F2F394B4A8C6EE8EEE9FA46A67394769E9C0044529B6C ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe
10:49:55.0629 0x02a0  McrdSvc - ok
10:49:55.0645 0x02a0  [ 74F4372AF97A587ECEC527EC34955712, E83873382E84E596562E8A4E9726015B79C17D2276738A57CA7E6FDCE6BA8A6D ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:49:55.0645 0x02a0  mdmxsdk - ok
10:49:55.0676 0x02a0  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:49:55.0676 0x02a0  Messenger - ok
10:49:55.0723 0x02a0  [ B7521F69C0A9B29D356157229376FB21, A77C89BDC181038DD0F9A8AC0F7164B10EF9C54B0C57D8BAB8BC27932EBF890B ] MHN             C:\WINDOWS\System32\mhn.dll
10:49:55.0723 0x02a0  MHN - ok
10:49:55.0770 0x02a0  [ 7F2F1D2815A6449D346FCCCBC569FBD6, 1C5A321CE95CE4D9AA2CB5A00E9B7E711521A6BBB25D36F7F49A397C361585C6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys
10:49:55.0770 0x02a0  MHNDRV - ok
10:49:55.0801 0x02a0  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:49:55.0801 0x02a0  mnmdd - ok
10:49:55.0864 0x02a0  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
10:49:55.0864 0x02a0  mnmsrvc - ok
10:49:55.0895 0x02a0  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:49:55.0910 0x02a0  Modem - ok
10:49:55.0910 0x02a0  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:49:55.0926 0x02a0  Mouclass - ok
10:49:55.0973 0x02a0  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:49:55.0989 0x02a0  mouhid - ok
10:49:56.0020 0x02a0  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:49:56.0020 0x02a0  MountMgr - ok
10:49:56.0051 0x02a0  [ CF105EE42E3F71E648CEBB3F666E1CF0, 1839F989ED4D954A586CB8C327F8728C020537E617FB743F457ECEFCCFA4B6C4 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:49:56.0067 0x02a0  MpFilter - ok
10:49:56.0176 0x02a0  [ 06D4F934E09C359B0EFBFB3146F1D910, 484F57CD6F8757137F3B3491B8AC8ECF6C6385A666CD1671833DDD9E962AAB4A ] MpKsl69863bc2   C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0271D312-F55D-4BCB-9B9C-809D5E377812}\MpKsl69863bc2.sys
10:49:56.0176 0x02a0  MpKsl69863bc2 - ok
10:49:56.0223 0x02a0  [ EEE50BF24CAEEDB515A8F3B22756D3BB, 8A647730B65AEDB822B498ECC214DA78C14DF548B7FC68CC5F6C732EAB6F54A4 ] MQAC            C:\WINDOWS\system32\drivers\mqac.sys
10:49:56.0223 0x02a0  MQAC - ok
10:49:56.0301 0x02a0  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:49:56.0301 0x02a0  mraid35x - ok
10:49:56.0348 0x02a0  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:49:56.0364 0x02a0  MRxDAV - ok
10:49:56.0410 0x02a0  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:49:56.0426 0x02a0  MRxSmb - ok
10:49:56.0473 0x02a0  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
10:49:56.0473 0x02a0  MSDTC - ok
10:49:56.0489 0x02a0  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:49:56.0489 0x02a0  Msfs - ok
10:49:56.0504 0x02a0  MSIServer - ok
10:49:56.0520 0x02a0  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:49:56.0520 0x02a0  MSKSSRV - ok
10:49:56.0614 0x02a0  [ C1F19D2BACBEE9AB64D9AE69E9859AC0, 11F55350EF5219B132A1E04C8BF8A521089F62D7207D40F7F3C6E8B6E04090A1 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
10:49:56.0614 0x02a0  MsMpSvc - ok
10:49:56.0629 0x02a0  [ E9B5F354AE80325283FD5C1C05217B01, 387E01D40CE3A32CCABFB8F34057B2B5159F3C2BDFB97F43EA85EEC337FA3DC1 ] MSMQ            C:\WINDOWS\system32\mqsvc.exe
10:49:56.0629 0x02a0  MSMQ - ok
10:49:56.0660 0x02a0  [ 10E6B9022B0A5C9C41E2DA6AEAE5D404, 9B3CC7DA125DE036D530A8E465BB12C5CC8E220035FFD5CB687980B07132F826 ] MSMQTriggers    C:\WINDOWS\system32\mqtgsvc.exe
10:49:56.0660 0x02a0  MSMQTriggers - ok
10:49:56.0692 0x02a0  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:49:56.0692 0x02a0  MSPCLOCK - ok
10:49:56.0739 0x02a0  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:49:56.0754 0x02a0  MSPQM - ok
10:49:56.0770 0x02a0  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:49:56.0785 0x02a0  mssmbios - ok
10:49:56.0832 0x02a0  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
10:49:56.0832 0x02a0  MSTEE - ok
10:49:56.0895 0x02a0  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:49:56.0910 0x02a0  Mup - ok
10:49:56.0957 0x02a0  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:49:56.0957 0x02a0  NABTSFEC - ok
10:49:57.0035 0x02a0  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
10:49:57.0051 0x02a0  napagent - ok
10:49:57.0160 0x02a0  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:49:57.0160 0x02a0  NDIS - ok
10:49:57.0192 0x02a0  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:49:57.0192 0x02a0  NdisIP - ok
10:49:57.0223 0x02a0  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:49:57.0239 0x02a0  NdisTapi - ok
10:49:57.0254 0x02a0  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:49:57.0254 0x02a0  Ndisuio - ok
10:49:57.0285 0x02a0  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:49:57.0285 0x02a0  NdisWan - ok
10:49:57.0317 0x02a0  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:49:57.0317 0x02a0  NDProxy - ok
10:49:57.0332 0x02a0  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:49:57.0332 0x02a0  NetBIOS - ok
10:49:57.0364 0x02a0  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:49:57.0379 0x02a0  NetBT - ok
10:49:57.0442 0x02a0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:49:57.0442 0x02a0  NetDDE - ok
10:49:57.0457 0x02a0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:49:57.0457 0x02a0  NetDDEdsdm - ok
10:49:57.0489 0x02a0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:49:57.0489 0x02a0  Netlogon - ok
10:49:57.0520 0x02a0  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
10:49:57.0535 0x02a0  Netman - ok
10:49:57.0582 0x02a0  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:49:57.0598 0x02a0  NetTcpPortSharing - ok
10:49:57.0614 0x02a0  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:49:57.0614 0x02a0  NIC1394 - ok
10:49:57.0676 0x02a0  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
10:49:57.0692 0x02a0  Nla - ok
10:49:57.0707 0x02a0  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:49:57.0707 0x02a0  Npfs - ok
10:49:57.0754 0x02a0  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:49:57.0785 0x02a0  Ntfs - ok
10:49:57.0801 0x02a0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
10:49:57.0801 0x02a0  NtLmSsp - ok
10:49:57.0926 0x02a0  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:49:57.0942 0x02a0  NtmsSvc - ok
10:49:57.0989 0x02a0  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:49:57.0989 0x02a0  Null - ok
10:49:58.0317 0x02a0  [ 59E5D945934EC2E7EAA22AF81813DABF, FF62031CF9FB0DE2E2E6944EEE8C24731C18D0E4C20493B5B65CABCE75A358E4 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:49:58.0410 0x02a0  nv - ok
10:49:58.0457 0x02a0  [ 6D88C26BF33D2B8404F01CECBDD47D3A, 0EF160ABE0F395F24715775884C84A7A4509AB8413DAF4FADD4C57602EFFA3F9 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
10:49:58.0457 0x02a0  NVSvc - ok
10:49:58.0489 0x02a0  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:49:58.0489 0x02a0  NwlnkFlt - ok
10:49:58.0520 0x02a0  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:49:58.0520 0x02a0  NwlnkFwd - ok
10:49:58.0676 0x02a0  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:49:58.0676 0x02a0  odserv - ok
10:49:58.0739 0x02a0  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:49:58.0739 0x02a0  ohci1394 - ok
10:49:58.0785 0x02a0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:49:58.0785 0x02a0  ose - ok
10:49:58.0832 0x02a0  [ 937A02981F11B2CE96B1D493C95AED2B, C619E1B6593E4BF740E631CC5A886C8E10D8796145C0A38417F9C599C2F54191 ] p2pgasvc        C:\WINDOWS\system32\p2pgasvc.dll
10:49:58.0832 0x02a0  p2pgasvc - ok
10:49:58.0942 0x02a0  [ 4A1035CB8F0D57BE41873B5183D96CF4, D6F53EEEA56C724BF3F7DABC2DD7E1E995B07BE32CB0AF0F77EB6651B741F050 ] p2pimsvc        C:\WINDOWS\system32\p2psvc.dll
10:49:58.0957 0x02a0  p2pimsvc - ok
10:49:58.0989 0x02a0  [ 4A1035CB8F0D57BE41873B5183D96CF4, D6F53EEEA56C724BF3F7DABC2DD7E1E995B07BE32CB0AF0F77EB6651B741F050 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
10:49:59.0004 0x02a0  p2psvc - ok
10:49:59.0051 0x02a0  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
10:49:59.0051 0x02a0  Parport - ok
10:49:59.0051 0x02a0  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:49:59.0067 0x02a0  PartMgr - ok
10:49:59.0098 0x02a0  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:49:59.0098 0x02a0  ParVdm - ok
10:49:59.0098 0x02a0  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:49:59.0114 0x02a0  PCI - ok
10:49:59.0114 0x02a0  PCIDump - ok
10:49:59.0114 0x02a0  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
10:49:59.0129 0x02a0  PCIIde - ok
10:49:59.0145 0x02a0  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:49:59.0160 0x02a0  Pcmcia - ok
10:49:59.0160 0x02a0  PDCOMP - ok
10:49:59.0160 0x02a0  PDFRAME - ok
10:49:59.0176 0x02a0  PDRELI - ok
10:49:59.0176 0x02a0  PDRFRAME - ok
10:49:59.0207 0x02a0  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
10:49:59.0207 0x02a0  perc2 - ok
10:49:59.0223 0x02a0  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:49:59.0223 0x02a0  perc2hib - ok
10:49:59.0239 0x02a0  PEVSystemStart - ok
10:49:59.0285 0x02a0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
10:49:59.0285 0x02a0  PlugPlay - ok
10:49:59.0348 0x02a0  [ D31F88C5F19EEFA366A415D6BC5F2ABC, ED998680048286454B92AF0E5917B2BC79A3ADA2632A1DB21D478B0597167F5C ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
10:49:59.0348 0x02a0  Pml Driver HPZ12 - ok
10:49:59.0364 0x02a0  [ 4A1035CB8F0D57BE41873B5183D96CF4, D6F53EEEA56C724BF3F7DABC2DD7E1E995B07BE32CB0AF0F77EB6651B741F050 ] PNRPSvc         C:\WINDOWS\system32\p2psvc.dll
10:49:59.0379 0x02a0  PNRPSvc - ok
10:49:59.0395 0x02a0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
10:49:59.0395 0x02a0  PolicyAgent - ok
10:49:59.0442 0x02a0  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:49:59.0442 0x02a0  PptpMiniport - ok
10:49:59.0442 0x02a0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:49:59.0457 0x02a0  ProtectedStorage - ok
10:49:59.0457 0x02a0  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:49:59.0457 0x02a0  PSched - ok
10:49:59.0520 0x02a0  [ ECD01774CDF331304F3CCB6F3A58ECE0, CEBB95510DC70CD4EE59A49F33D6874215E32EFF5E454097495E4969DFCC18B7 ] PTDUBus         C:\WINDOWS\system32\DRIVERS\PTDUBus.sys
10:49:59.0520 0x02a0  PTDUBus - ok
10:49:59.0551 0x02a0  [ 0A78B7B548549139DE7AE500F6003A21, 6793F9FD619AA10191594CFBE462015273975653FC0EC9CB0D96837926B95793 ] PTDUMdm         C:\WINDOWS\system32\DRIVERS\PTDUMdm.sys
10:49:59.0551 0x02a0  PTDUMdm - ok
10:49:59.0582 0x02a0  [ B12C6736D3F10004FCF748984431EE7F, 921240E778547581A4D4CC7B546B5A738E1F8C8088BE97801C00355A447A3659 ] PTDUVsp         C:\WINDOWS\system32\DRIVERS\PTDUVsp.sys
10:49:59.0582 0x02a0  PTDUVsp - ok
10:49:59.0598 0x02a0  [ 166E6E959B8DACCAB77F662908958885, A841EAE799DA5224B34AE1CE98708ED24F1B4612F788763BC3656B3768A0B076 ] PTDUWWAN        C:\WINDOWS\system32\DRIVERS\PTDUWWAN.sys
10:49:59.0598 0x02a0  PTDUWWAN - ok
10:49:59.0614 0x02a0  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:49:59.0629 0x02a0  Ptilink - ok
10:49:59.0629 0x02a0  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:49:59.0629 0x02a0  ql1080 - ok
10:49:59.0660 0x02a0  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:49:59.0660 0x02a0  Ql10wnt - ok
10:49:59.0676 0x02a0  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:49:59.0676 0x02a0  ql12160 - ok
10:49:59.0707 0x02a0  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:49:59.0707 0x02a0  ql1240 - ok
10:49:59.0723 0x02a0  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:49:59.0723 0x02a0  ql1280 - ok
10:49:59.0754 0x02a0  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:49:59.0754 0x02a0  RasAcd - ok
10:49:59.0785 0x02a0  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:49:59.0801 0x02a0  RasAuto - ok
10:49:59.0848 0x02a0  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:49:59.0864 0x02a0  Rasl2tp - ok
10:49:59.0910 0x02a0  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:49:59.0910 0x02a0  RasMan - ok
10:49:59.0926 0x02a0  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:49:59.0926 0x02a0  RasPppoe - ok
10:49:59.0942 0x02a0  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:49:59.0942 0x02a0  Raspti - ok
10:49:59.0957 0x02a0  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:49:59.0973 0x02a0  Rdbss - ok
10:49:59.0989 0x02a0  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:49:59.0989 0x02a0  RDPCDD - ok
10:50:00.0020 0x02a0  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:50:00.0020 0x02a0  rdpdr - ok
10:50:00.0098 0x02a0  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:50:00.0098 0x02a0  RDPWD - ok
10:50:00.0160 0x02a0  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:50:00.0160 0x02a0  RDSessMgr - ok
10:50:00.0176 0x02a0  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:50:00.0176 0x02a0  redbook - ok
10:50:00.0223 0x02a0  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:50:00.0223 0x02a0  RemoteAccess - ok
10:50:00.0270 0x02a0  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
10:50:00.0270 0x02a0  RemoteRegistry - ok
10:50:00.0317 0x02a0  [ 7A6648B61661B1421FFAB762E391E33F, D1CDEE8C53EF3D6E72DB4C1D9DD351BFE9804BB0BE1419245B4ABE16679FC5A2 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
10:50:00.0332 0x02a0  rimmptsk - ok
10:50:00.0332 0x02a0  [ D0A35B7670AA3558EAAB483F64446496, F70976D0214D3D52CCCE552EBC93548A39458B1F8C2D9D1257C4892BF85393E3 ] rimsptsk        C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
10:50:00.0332 0x02a0  rimsptsk - ok
10:50:00.0348 0x02a0  [ 3AC17802740C3A4764DC9750E92E6233, E71D2B1096756BEF2CC67BD167753499CE98FB147D2DD2B2F907A656912A5EE7 ] rismxdp         C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
10:50:00.0364 0x02a0  rismxdp - ok
10:50:00.0410 0x02a0  [ 96F7A9A7BF0C9C0440A967440065D33C, E3B0A0337BE05E48C7BD9E6D5A08173F1E5FAAC89526DAC3D87D21D1B55D524E ] RMCAST          C:\WINDOWS\system32\drivers\RMCast.sys
10:50:00.0426 0x02a0  RMCAST - ok
10:50:00.0442 0x02a0  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:50:00.0457 0x02a0  RpcLocator - ok
10:50:00.0504 0x02a0  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
10:50:00.0504 0x02a0  RpcSs - ok
10:50:00.0567 0x02a0  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:50:00.0567 0x02a0  RSVP - ok
10:50:00.0629 0x02a0  [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:50:00.0629 0x02a0  rtl8139 - ok
10:50:00.0660 0x02a0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:50:00.0660 0x02a0  SamSs - ok
10:50:00.0723 0x02a0  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:50:00.0739 0x02a0  SCardSvr - ok
10:50:00.0785 0x02a0  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:50:00.0785 0x02a0  Schedule - ok
10:50:00.0848 0x02a0  [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
10:50:00.0848 0x02a0  sdbus - ok
10:50:00.0989 0x02a0  [ 206387AB881E93A1A6EB89966C8651F1, 3BF9DFF3E70F0787F7F94BE5B9717DFADD9E13AB8154FAE295CEAC834F0835E5 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
10:50:01.0129 0x02a0  SDScannerService - ok
10:50:01.0254 0x02a0  [ A529CFE32565C0B145578FFB2B32C9A5, 4B1596CBDDA74D510707FD475AAB3A89B1203E0B95ECAE3756CAA56555F9F66D ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:50:01.0317 0x02a0  SDUpdateService - ok
10:50:01.0364 0x02a0  [ CB63BDB77BB86549FC3303C2F11EDC18, 1C96C082B9CE08C8F3C088D5DE68BA8783E6F6A837A88E2654BC4CBCF7B81846 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:50:01.0364 0x02a0  SDWSCService - ok
10:50:01.0410 0x02a0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:50:01.0410 0x02a0  Secdrv - ok
10:50:01.0426 0x02a0  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:50:01.0426 0x02a0  seclogon - ok
10:50:01.0457 0x02a0  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
10:50:01.0457 0x02a0  SENS - ok
10:50:01.0489 0x02a0  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
10:50:01.0504 0x02a0  Serial - ok
10:50:01.0520 0x02a0  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
10:50:01.0520 0x02a0  Sfloppy - ok
10:50:01.0598 0x02a0  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:50:01.0598 0x02a0  SharedAccess - ok
10:50:01.0629 0x02a0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:50:01.0645 0x02a0  ShellHWDetection - ok
10:50:01.0660 0x02a0  Simbad - ok
10:50:01.0692 0x02a0  [ 32933B07FC16D9F778BEE12545FA1B1A, 73CCDD4EBA90138820624FFEFC629EFA3B15FF395D9F31CC4C4678713ECB1F23 ] SimpTcp         C:\WINDOWS\system32\tcpsvcs.exe
10:50:01.0692 0x02a0  SimpTcp - ok
10:50:01.0723 0x02a0  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:50:01.0723 0x02a0  sisagp - ok
10:50:01.0754 0x02a0  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:50:01.0754 0x02a0  SLIP - ok
10:50:01.0801 0x02a0  [ FAC7B89330E20713950925050C91CD04, DEC86E3B5AB5D54FAA20FF88C946C23AAFCAFB886657315147AEE2CB139210F3 ] SNP2UVC         C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
10:50:01.0801 0x02a0  SNP2UVC - ok
10:50:01.0848 0x02a0  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:50:01.0864 0x02a0  Sparrow - ok
10:50:01.0879 0x02a0  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:50:01.0879 0x02a0  splitter - ok
10:50:01.0926 0x02a0  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:50:01.0926 0x02a0  Spooler - ok
10:50:01.0957 0x02a0  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:50:01.0957 0x02a0  sr - ok
10:50:02.0020 0x02a0  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
10:50:02.0020 0x02a0  srservice - ok
10:50:02.0098 0x02a0  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:50:02.0098 0x02a0  Srv - ok
10:50:02.0114 0x02a0  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:50:02.0114 0x02a0  SSDPSRV - ok
10:50:02.0301 0x02a0  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:50:02.0317 0x02a0  stisvc - ok
10:50:02.0364 0x02a0  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:50:02.0364 0x02a0  streamip - ok
10:50:02.0395 0x02a0  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:50:02.0395 0x02a0  swenum - ok
10:50:02.0426 0x02a0  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:50:02.0426 0x02a0  swmidi - ok
10:50:02.0442 0x02a0  SwPrv - ok
10:50:02.0614 0x02a0  [ FA2F6A8849219B16460BF44F9D1F3AA7, 540ED111A4F49A082CBB882A8C8BBBF487890F13DF6951F0BFD36D970484A25A ] Symantec Core LC C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
10:50:02.0676 0x02a0  Symantec Core LC - ok
10:50:02.0707 0x02a0  [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
10:50:02.0707 0x02a0  symc810 - ok
10:50:02.0723 0x02a0  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:50:02.0739 0x02a0  symc8xx - ok
10:50:02.0770 0x02a0  [ B226F8A4D780ACDF76145B58BB791D5B, 6E8304956E9FD827A2FCAB0CB9D200500E8E71CE79C9909684666DD548D3FD31 ] symlcbrd        C:\WINDOWS\system32\drivers\symlcbrd.sys
10:50:02.0770 0x02a0  symlcbrd - ok
10:50:02.0801 0x02a0  [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:50:02.0801 0x02a0  sym_hi - ok
10:50:02.0848 0x02a0  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:50:02.0848 0x02a0  sym_u3 - ok
10:50:02.0926 0x02a0  [ 369D0626687A968182A9DB40FE8A0905, EFED3E9E97204D7423969A18AAB6F2DA03FFFE2E6573AE80F79ABFA76EB7CA3C ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:50:02.0926 0x02a0  SynTP - ok
10:50:02.0973 0x02a0  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:50:02.0973 0x02a0  sysaudio - ok
10:50:03.0051 0x02a0  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
10:50:03.0051 0x02a0  SysmonLog - ok
10:50:03.0098 0x02a0  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:50:03.0114 0x02a0  TapiSrv - ok
10:50:03.0176 0x02a0  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:50:03.0192 0x02a0  Tcpip - ok
10:50:03.0223 0x02a0  [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7, D084EFE07AC200672A1CE7BB8AE736612B3E353271188D26E29EC973E26E1F5F ] Tcpip6          C:\WINDOWS\system32\DRIVERS\tcpip6.sys
10:50:03.0239 0x02a0  Tcpip6 - ok
10:50:03.0270 0x02a0  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:50:03.0270 0x02a0  TDPIPE - ok
10:50:03.0285 0x02a0  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
10:50:03.0301 0x02a0  TDTCP - ok
10:50:03.0332 0x02a0  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:50:03.0332 0x02a0  TermDD - ok
10:50:03.0379 0x02a0  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
10:50:03.0395 0x02a0  TermService - ok
10:50:03.0442 0x02a0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:50:03.0457 0x02a0  Themes - ok
10:50:03.0551 0x02a0  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
10:50:03.0551 0x02a0  TlntSvr - ok
10:50:03.0598 0x02a0  [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
10:50:03.0598 0x02a0  TosIde - ok
10:50:03.0645 0x02a0  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:50:03.0660 0x02a0  TrkWks - ok
10:50:03.0707 0x02a0  [ 8F861EDA21C05857EB8197300A92501C, 374FF9464F273610A051B9220C8D20F01FD4DD029095A7BE37244E20C5C8B5BB ] tunmp           C:\WINDOWS\system32\DRIVERS\tunmp.sys
10:50:03.0707 0x02a0  tunmp - ok
10:50:03.0739 0x02a0  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:50:03.0739 0x02a0  Udfs - ok
10:50:03.0754 0x02a0  UIUSys - ok
10:50:03.0785 0x02a0  [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
10:50:03.0785 0x02a0  ultra - ok
10:50:03.0817 0x02a0  [ 9651E5D850B6F6BD7C77C70AA06F02BF, 746B9948BD77FE332991C08959908B5E613CE4A358B00BB67B3F8AB13FFD27C8 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
10:50:03.0817 0x02a0  UMWdf - ok
10:50:03.0879 0x02a0  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:50:03.0895 0x02a0  Update - ok
10:50:03.0957 0x02a0  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:50:03.0973 0x02a0  upnphost - ok
10:50:03.0973 0x02a0  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
10:50:03.0989 0x02a0  UPS - ok
10:50:04.0035 0x02a0  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:50:04.0035 0x02a0  usbccgp - ok
10:50:04.0067 0x02a0  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:50:04.0067 0x02a0  usbehci - ok
10:50:04.0082 0x02a0  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:50:04.0098 0x02a0  usbhub - ok
10:50:04.0129 0x02a0  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:50:04.0129 0x02a0  usbprint - ok
10:50:04.0145 0x02a0  [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:50:04.0145 0x02a0  usbscan - ok
10:50:04.0176 0x02a0  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:50:04.0176 0x02a0  USBSTOR - ok
10:50:04.0192 0x02a0  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:50:04.0192 0x02a0  usbuhci - ok
10:50:04.0207 0x02a0  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
10:50:04.0207 0x02a0  VgaSave - ok
10:50:04.0254 0x02a0  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:50:04.0254 0x02a0  viaagp - ok
10:50:04.0301 0x02a0  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
10:50:04.0301 0x02a0  ViaIde - ok
10:50:04.0317 0x02a0  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
10:50:04.0317 0x02a0  VolSnap - ok
10:50:04.0442 0x02a0  [ 322AAA3B17E1FC664915350CDDE92EB8, F9F224E00FF8D2A65F7AF6E591D900DBB3326EF0AF32F3E10C9D99B69D3835D5 ] Vongo Service   C:\Program Files\Vongo\VongoService.exe
10:50:04.0504 0x02a0  Vongo Service - ok
10:50:04.0582 0x02a0  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
10:50:04.0598 0x02a0  VSS - ok
10:50:04.0645 0x02a0  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
10:50:04.0660 0x02a0  W32Time - ok
10:50:04.0817 0x02a0  [ C79918A5BD269035F3A34D157401B9DF, B63AC2F0A2B8437BB6B67E5F623B0A2586AFEED78CDF97D1C7F41A8D91B4DB21 ] w39n51          C:\WINDOWS\system32\DRIVERS\w39n51.sys
10:50:04.0879 0x02a0  w39n51 - ok
10:50:04.0926 0x02a0  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:50:04.0926 0x02a0  Wanarp - ok
10:50:04.0926 0x02a0  wanatw - ok
10:50:04.0942 0x02a0  WDICA - ok
10:50:04.0957 0x02a0  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:50:04.0957 0x02a0  wdmaud - ok
10:50:04.0989 0x02a0  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:50:04.0989 0x02a0  WebClient - ok
10:50:05.0067 0x02a0  [ 7FE372B1AB60736CC67E8EB6F1FB1F5B, 04D5B0B2328B35501BD909BD55A9954ACCCA42A7E718785406E6417B1CF8B82B ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:50:05.0098 0x02a0  winachsf - ok
10:50:05.0207 0x02a0  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:50:05.0207 0x02a0  winmgmt - ok
10:50:05.0348 0x02a0  [ CD99C9FEAE87C1963273F6B150251E33, 8EADA8A4156F23A861EE2180145485C073A0DDEBD924452CAFFC65188577A1D1 ] WMConnectCDS    C:\Program Files\Windows Media Connect 2\wmccds.exe
10:50:05.0379 0x02a0  WMConnectCDS - ok
10:50:05.0410 0x02a0  [ B9715B9C18BC6C8F4B66733D208CC9F7, 1F1298810AB5BA0B669091481ECC6D545B4ADBB2D80C8EFB257439E3818A9A84 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
10:50:05.0410 0x02a0  WmdmPmSN - ok
10:50:05.0504 0x02a0  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
10:50:05.0535 0x02a0  Wmi - ok
10:50:05.0582 0x02a0  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:50:05.0582 0x02a0  WmiAcpi - ok
10:50:05.0614 0x02a0  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:50:05.0629 0x02a0  WmiApSrv - ok
10:50:05.0676 0x02a0  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:50:05.0676 0x02a0  WS2IFSL - ok
10:50:05.0723 0x02a0  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:50:05.0723 0x02a0  wscsvc - ok
10:50:05.0754 0x02a0  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:50:05.0754 0x02a0  WSTCODEC - ok
10:50:05.0801 0x02a0  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:50:05.0801 0x02a0  wuauserv - ok
10:50:05.0895 0x02a0  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:50:05.0910 0x02a0  WZCSVC - ok
10:50:05.0957 0x02a0  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
10:50:05.0957 0x02a0  xmlprov - ok
10:50:05.0989 0x02a0  ================ Scan global ===============================
10:50:06.0035 0x02a0  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
10:50:06.0067 0x02a0  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
10:50:06.0114 0x02a0  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
10:50:06.0145 0x02a0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
10:50:06.0160 0x02a0  [ Global ] - ok
10:50:06.0160 0x02a0  ================ Scan MBR ==================================
10:50:06.0192 0x02a0  [ 665277635DC8BA83DEAE12EADEDB75A0 ] \Device\Harddisk0\DR0
10:50:06.0660 0x02a0  \Device\Harddisk0\DR0 - ok
10:50:06.0660 0x02a0  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
10:50:07.0176 0x02a0  \Device\Harddisk1\DR1 - ok
10:50:07.0192 0x02a0  [ 6EF3B35686BE2662BD1FA10B31BE15BD ] \Device\Harddisk2\DR6
10:50:07.0317 0x02a0  \Device\Harddisk2\DR6 - detected TDSS File System ( 1 )
10:50:07.0317 0x02a0  \Device\Harddisk2\DR6 ( TDSS File System ) - warning
10:50:20.0676 0x02a0  ================ Scan VBR ==================================
10:50:20.0692 0x02a0  [ 6BE5182C6F25EA288C0F3500D8AB0AAA ] \Device\Harddisk0\DR0\Partition1
10:50:20.0707 0x02a0  \Device\Harddisk0\DR0\Partition1 - ok
10:50:20.0723 0x02a0  [ A9D84056E31F68C1F6D859A33A5CB50A ] \Device\Harddisk0\DR0\Partition2
10:50:20.0723 0x02a0  \Device\Harddisk0\DR0\Partition2 - ok
10:50:20.0739 0x02a0  [ E577B8FDBD8B620110BCEE5DC37274B6 ] \Device\Harddisk1\DR1\Partition1
10:50:20.0739 0x02a0  \Device\Harddisk1\DR1\Partition1 - ok
10:50:20.0754 0x02a0  [ 8FE32895BC49BAEEA44755B35C39F4AB ] \Device\Harddisk2\DR6\Partition1
10:50:20.0754 0x02a0  \Device\Harddisk2\DR6\Partition1 - ok
10:50:20.0801 0x02a0  AV detected via SS1: Norton AntiVirus, 18.7.1.3, disabled, outofdate
10:50:20.0801 0x02a0  AV detected via SS1: Microsoft Security Essentials, 4.2.0223.0, enabled, updated
10:50:20.0801 0x02a0  Win FW state via NFM: enabled
10:50:33.0926 0x02a0  ============================================================
10:50:33.0926 0x02a0  Scan finished
10:50:33.0926 0x02a0  ============================================================
10:50:33.0926 0x0420  Detected object count: 1
10:50:33.0926 0x0420  Actual detected object count: 1
10:51:55.0223 0x0420  \Device\Harddisk2\DR6 ( TDSS File System ) - skipped by user
10:51:55.0223 0x0420  \Device\Harddisk2\DR6 ( TDSS File System ) - User select action: Skip
10:52:05.0364 0x070c  Deinitialize success

END OF TDSSKILLER LOG
BEGIN ADWCLEANER LOG

# AdwCleaner v3.015 - Report created 15/12/2013 at 11:41:21
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : boss - PC139223223129
# Running from : C:\Documents and Settings\boss\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v31.0.1650.63

[ File : C:\Documents and Settings\Larry Hamm\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\boss\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3575 octets] - [15/12/2013 11:01:27]
AdwCleaner[R1].txt - [1327 octets] - [15/12/2013 11:39:34]
AdwCleaner[S0].txt - [3704 octets] - [15/12/2013 11:05:27]
AdwCleaner[S1].txt - [1252 octets] - [15/12/2013 11:41:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1312 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by boss on Sun 12/15/2013 at 11:22:46.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/15/2013 at 11:27:13.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Farbar Service Scanner Version: 05-12-2013
Ran by boss (administrator) on 15-12-2013 at 11:29:53
Running from "C:\Documents and Settings\boss\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) Tcpip6(9)
0x0A0000000400000001000000020000000300000005000000060000000700000009000000080000000A000000
IpSec Tag value is correct.

**** End of log ****



#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:59 PM

Posted 15 December 2013 - 12:11 PM

10:50:33.0926 0x0420  Detected object count: 1
10:50:33.0926 0x0420  Actual detected object count: 1
10:51:55.0223 0x0420  \Device\Harddisk2\DR6 ( TDSS File System ) - skipped by user
10:51:55.0223 0x0420  \Device\Harddisk2\DR6 ( TDSS File System ) - User select action: Skip
10:52:05.0364 0x070c  Deinitialize success


Per the above, Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#5 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:07:59 PM

Posted 15 December 2013 - 12:51 PM

http://www.bleepingcomputer.com/forums/t/517547/xp-infection-and-some-new-behaviors/



#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:59 PM

Posted 15 December 2013 - 01:32 PM

Reference: http://www.bleepingcomputer.com/forums/topic442626.html/page__p__2597265#entry2597265

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users