Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

xp_sp3 possible mbr infection?


  • This topic is locked This topic is locked
14 replies to this topic

#1 Riemenschneid

Riemenschneid

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 24 March 2014 - 06:50 PM

At suggestion of GM, sending 2 DDS logs (1 zipped) and aswMBR log.

 

xp_sp3 32-bit boots aok, or seems to, but I'm seeing what looks like anomalies when I scan with antirootkit (ark) apps.  first, novirusthanks ark, and it didn't report a rootkikt but it does report:
>Warning: Master Boot Record (MBR) appears to be modified and could be the result of an infection!<
 
so I ran some other arks, (gmer, sophos...) and they appear to give normal reports. But then I ran aswMBR (which is in the windows download area at bleeping), and it says 2, what seem to me to be, incompatible statements:
1) Disk 0 MBR read successfully
and
2) Disk 0 MBR scan  |  Disk 0 Windows VISTA default MBR code
 
Why would it report VISTA default MBR code on xp_sp3 system.  VISTA never touched this hardware (although this Dell was a used hardware from Tiger, and dates back to 2010, so conceivable it could have had VISTA on it once upon a time. My notes from Feb 2010 say that I installed xp from scratch and I assume I wiped the hdd before xp installation)
 
The locked service in the aswMBR log says AntiLog32 and refers to Zemana AntiLogger Free, and ZALfree also refers to KeyCrypt32.dll.  
 
I've delayed running Recovery Console /fixmbr or combofix, because I haven't had time to make an image of hdd for backup, and since I'm booting ok, does not seem urgent unless it really is deep mbr malware.
 
thanks /rs
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 25 March 2014 - 09:51 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Riemenschneid

Riemenschneid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 25 March 2014 - 12:37 PM

Your English reads aok!  the tdsskiller log follows below as text.  It found nothing.  I also  ran mbar yesterday and it found nothing so I'm thinking that NVT_ark free app "warning" noted  above is false+ (nvt support has not responded to me) and perhaps the aswMBR reference to mbr  VISTA code is "anomaly"  Posting tdsskiller log, but inclined to take no further action unless you  strongly convince me something is really amiss.
PS I had blocked wan internet access before I started this scan, but I had the current tdsskiller  version.
 
 
 
11:49:01.0468 0x119c  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
11:49:10.0484 0x119c  ============================================================
11:49:10.0484 0x119c  Current date / time: 2014/03/25 11:49:10.0484
11:49:10.0484 0x119c  SystemInfo:
11:49:10.0484 0x119c  
11:49:10.0484 0x119c  OS Version: 5.1.2600 ServicePack: 3.0
11:49:10.0484 0x119c  Product type: Workstation
11:49:10.0484 0x119c  ComputerName: user2_XP
11:49:10.0484 0x119c  UserName: user2
11:49:10.0484 0x119c  Windows directory: C:\WINDOWS
11:49:10.0484 0x119c  System windows directory: C:\WINDOWS
11:49:10.0484 0x119c  Processor architecture: Intel x86
11:49:10.0484 0x119c  Number of processors: 2
11:49:10.0484 0x119c  Page size: 0x1000
11:49:10.0484 0x119c  Boot type: Normal boot
11:49:10.0484 0x119c  ============================================================
11:49:13.0734 0x119c  KLMD registered as C:\WINDOWS\system32\drivers\04998640.sys
11:49:14.0578 0x119c  System UUID: {F130E42B-875C-CB77-819D-81B392500F1D}
11:49:16.0765 0x119c  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize:  0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags  0x00000054
11:49:16.0781 0x119c  ============================================================
11:49:16.0781 0x119c  \Device\Harddisk0\DR0:
11:49:16.0781 0x119c  MBR partitions:
11:49:16.0781 0x119c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum  0x9501800
11:49:16.0781 0x119c  ============================================================
11:49:16.0812 0x119c  C: <-> \Device\Harddisk0\DR0\Partition1
11:49:16.0828 0x119c  ============================================================
11:49:16.0828 0x119c  Initialize success
11:49:16.0828 0x119c  ============================================================
11:49:26.0125 0x17c0  ============================================================
11:49:26.0125 0x17c0  Scan started
11:49:26.0125 0x17c0  Mode: Manual; 
11:49:26.0125 0x17c0  ============================================================
11:49:26.0125 0x17c0  KSN ping started
11:50:46.0453 0x17c0  KSN ping finished: false
11:50:46.0968 0x17c0  ================ Scan system memory ========================
11:50:46.0984 0x17c0  System memory - ok
11:50:46.0984 0x17c0  ================ Scan services =============================
11:50:47.0156 0x17c0  [ ED7BC428D411F386C5CD7818C67E5AFB,  DFE65C0BD35E85187312611E824A4925CA725D1D036A01BE44A5886437B00D9D ] a2acc           C:\PROGRAM  FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
11:50:47.0156 0x17c0  a2acc - ok
11:50:48.0796 0x17c0  [ 133E9D8945F8ADAA60101902DB7467B3,  110941D28A68D59DBA18F4A6C4C4D44577C4F06202E2AC0E605BD7EBD3EA5446 ] a2AntiMalware   C:\Program  Files\Emsisoft Anti-Malware\a2service.exe
11:50:48.0890 0x17c0  a2AntiMalware - ok
11:50:48.0953 0x17c0  [ B0CC0B50441372157F31C4C023D43A3E,  A0FCC03588C06E42D3B8465AC7D0F7A909E8CABEEE3C82B3CBD68F150D7692EE ] A2DDA           C:\Program  Files\Emsisoft Anti-Malware\a2ddax86.sys
11:50:48.0953 0x17c0  A2DDA - ok
11:50:48.0984 0x17c0  [ 720AEB9F18D76BE49DE86C8B25A9FC38,  37DB8919AD8A3508BC967F6CCB1D54BFE1F98BAE781A0503025DFBB318357A45 ] a2injectiondriver C:\Program  Files\Emsisoft Anti-Malware\a2dix86.sys
11:50:49.0000 0x17c0  a2injectiondriver - ok
11:50:49.0031 0x17c0  [ 8DEA3FE12A6686573F16A06AD95D7AB9,  7C3ED19440088F7EE28F8A527DDABDAFD8C5321002B2847907F4669CEE010F72 ] a2util          C:\Program  Files\Emsisoft Anti-Malware\a2util32.sys
11:50:49.0031 0x17c0  a2util - ok
11:50:49.0343 0x17c0  Abiosdsk - ok
11:50:49.0359 0x17c0  abp480n5 - ok
11:50:49.0437 0x17c0  [ ADC420616C501B45D26C0FD3EF1E54E4,  29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program  Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
11:50:49.0453 0x17c0  ACDaemon - ok
11:50:49.0562 0x17c0  [ 8FD99680A539792A30E97944FDAECF17,  594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI             C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:50:49.0562 0x17c0  ACPI - ok
11:50:49.0593 0x17c0  [ 9859C0F6936E723E4892D7141B1327D5,  5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC           C:\WINDOWS\system32\drivers\ACPIEC.sys
11:50:49.0593 0x17c0  ACPIEC - ok
11:50:49.0593 0x17c0  adpu160m - ok
11:50:49.0687 0x17c0  [ 8BED39E3C35D6A489438B8141717A557,  1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec              C:\WINDOWS\system32\drivers\aec.sys
11:50:49.0703 0x17c0  aec - ok
11:50:49.0796 0x17c0  [ 1E44BC1E83D8FD2305F8D452DB109CF9,  CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD              C:\WINDOWS\System32\drivers\afd.sys
11:50:49.0796 0x17c0  AFD - ok
11:50:49.0796 0x17c0  Aha154x - ok
11:50:49.0812 0x17c0  aic78u2 - ok
11:50:49.0828 0x17c0  aic78xx - ok
11:50:49.0875 0x17c0  [ A9A3DAA780CA6C9671A19D52456705B4,  67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter          C:\WINDOWS\system32\alrsvc.dll
11:50:49.0875 0x17c0  Alerter - ok
11:50:49.0937 0x17c0  [ 8C515081584A38AA007909CD02020B3D,  A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG              C:\WINDOWS\System32\alg.exe
11:50:49.0937 0x17c0  ALG - ok
11:50:49.0937 0x17c0  AliIde - ok
11:50:49.0953 0x17c0  amsint - ok
11:50:49.0953 0x17c0  AntiLog32 - ok
11:50:50.0031 0x17c0  [ D8849F77C0B66226335A59D26CB4EDC6,  4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt          C:\WINDOWS\System32\appmgmts.dll
11:50:50.0031 0x17c0  AppMgmt - ok
11:50:50.0046 0x17c0  asc - ok
11:50:50.0046 0x17c0  asc3350p - ok
11:50:50.0046 0x17c0  asc3550 - ok
11:50:50.0140 0x17c0  [ 0E5E4957549056E2BF2C49F4F6B601AD,  F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state     C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:50:50.0156 0x17c0  aspnet_state - ok
11:50:50.0203 0x17c0  [ B153AFFAC761E7F5FCFA822B9C4E97BC,  7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac         C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:50:50.0203 0x17c0  AsyncMac - ok
11:50:50.0265 0x17c0  [ 9F3A2F5AA6875C72BF062C712CFA2674,  B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi            C:\WINDOWS\system32\DRIVERS\atapi.sys
11:50:50.0265 0x17c0  atapi - ok
11:50:50.0281 0x17c0  Atdisk - ok
11:50:50.0312 0x17c0  [ 9916C1225104BA14794209CFA8012159,  5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc          C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:50:50.0312 0x17c0  Atmarpc - ok
11:50:50.0343 0x17c0  [ DEF7A7882BEC100FE0B2CE2549188F9D,  462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv         C:\WINDOWS\System32\audiosrv.dll
11:50:50.0359 0x17c0  AudioSrv - ok
11:50:50.0359 0x17c0  [ D9F724AA26C010A217C97606B160ED68,  329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub          C:\WINDOWS\system32\DRIVERS\audstub.sys
11:50:50.0359 0x17c0  audstub - ok
11:50:50.0421 0x17c0  [ 3A3A82FFD268BCFB7AE6A48CECF00AD9,  16F076B9816E28541C58FE9695EB883211C284AA025E9F49B19E7DD4E6BDA94D ] b57w2k           C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:50:50.0437 0x17c0  b57w2k - ok
11:50:50.0500 0x17c0  [ DA1F27D85E0D1525F6621372E7B685E9,  5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep             C:\WINDOWS\system32\Drivers\beep.sys
11:50:50.0500 0x17c0  Beep - ok
11:50:50.0703 0x17c0  [ 574738F61FCA2935F5265DC4E5691314,  3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS             C:\WINDOWS\System32\qmgr.dll
11:50:50.0718 0x17c0  BITS - ok
11:50:50.0781 0x17c0  [ B5E7E35D3B977CEE00A1472386608AA9,  BB59FFE01B6F288BD61328D0A61A429BF1B51D4BAF544119BD1FD25C6F301FC5 ] BrnFileLock      C:\WINDOWS\system32\DRIVERS\BrnFilelock.sys
11:50:50.0781 0x17c0  BrnFileLock - ok
11:50:51.0093 0x17c0  [ F78EE605C3A2651AB437BBB69F7CD678,  B9A86428C87F0C3DF47DFFCEFBCAE11193DE48B582F7322404AB908434E20E39 ] BRN_APPGUARD_SERVICE C:\Program  Files\Blue Ridge Networks\AppGuard\AppGuardAgent.exe
11:50:51.0109 0x17c0  BRN_APPGUARD_SERVICE - ok
11:50:51.0187 0x17c0  [ CFD4E51402DA9838B5A04AE680AF54A0,  5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser          C:\WINDOWS\System32\browser.dll
11:50:51.0187 0x17c0  Browser - ok
11:50:51.0250 0x17c0  [ 90A673FC8E12A79AFBED2576F6A7AAF9,  BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k          C:\WINDOWS\system32\drivers\cbidf2k.sys
11:50:51.0250 0x17c0  cbidf2k - ok
11:50:51.0250 0x17c0  cd20xrnt - ok
11:50:51.0265 0x17c0  [ C1B486A7658353D33A10CC15211A873B,  AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio          C:\WINDOWS\system32\drivers\Cdaudio.sys
11:50:51.0265 0x17c0  Cdaudio - ok
11:50:51.0343 0x17c0  [ C885B02847F5D2FD45A24E219ED93B32,  B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs             C:\WINDOWS\system32\drivers\Cdfs.sys
11:50:51.0343 0x17c0  Cdfs - ok
11:50:51.0406 0x17c0  [ 4B0A100EAF5C49EF3CCA8C641431EACC,  88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom            C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:50:51.0406 0x17c0  Cdrom - ok
11:50:51.0421 0x17c0  cerc6 - ok
11:50:51.0421 0x17c0  Changer - ok
11:50:51.0484 0x17c0  [ 1CFE720EB8D93A7158A4EBC3AB178BDE,  65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc            C:\WINDOWS\system32\cisvc.exe
11:50:51.0484 0x17c0  CiSvc - ok
11:50:51.0546 0x17c0  [ DBC8CDAFC84E96E894C3BAAED9B30F47,  A25CDF4BBF8227878D3CBB8E74904A43751EC4E98DFEBFE4CBD3953890A170F9 ] cleanhlp        C:\Program  Files\Emsisoft Anti-Malware\cleanhlp32.sys
11:50:51.0546 0x17c0  cleanhlp - ok
11:50:51.0578 0x17c0  [ 34CBE729F38138217F9C80212A2A0C82,  A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv          C:\WINDOWS\system32\clipsrv.exe
11:50:51.0578 0x17c0  ClipSrv - ok
11:50:51.0625 0x17c0  [ D87ACAED61E417BBA546CED5E7E36D9C,  14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:50:51.0640 0x17c0  clr_optimization_v2.0.50727_32 - ok
11:50:51.0812 0x17c0  [ C5A75EB48E2344ABDC162BDA79E16841,  6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:50:51.0812 0x17c0  clr_optimization_v4.0.30319_32 - ok
11:50:51.0828 0x17c0  [ 0F6C187D38D98F8DF904589A5F94D411,  DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt           C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:50:51.0828 0x17c0  CmBatt - ok
11:50:51.0843 0x17c0  CmdIde - ok
11:50:51.0843 0x17c0  [ 6E4C9F21F0FAE8940661144F41B13203,  731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt         C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:50:51.0859 0x17c0  Compbatt - ok
11:50:51.0859 0x17c0  COMSysApp - ok
11:50:51.0875 0x17c0  Cpqarray - ok
11:50:51.0906 0x17c0  [ 3D4E199942E29207970E04315D02AD3B,  0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc         C:\WINDOWS\System32\cryptsvc.dll
11:50:51.0906 0x17c0  CryptSvc - ok
11:50:51.0984 0x17c0  [ 89CA27ED0EBD13FB0FF00DDCD5B48C39,  533C497E3832B4B9165E66C4C1C18859B6FB3C934104948186170C47A04A2252 ] CSN5PDTS82       C:\WINDOWS\system32\Drivers\CSN5PDTS82.sys
11:50:51.0984 0x17c0  CSN5PDTS82 - ok
11:50:51.0984 0x17c0  CSN5PDTS82x64 - ok
11:50:52.0000 0x17c0  dac2w2k - ok
11:50:52.0000 0x17c0  dac960nt - ok
11:50:52.0203 0x17c0  [ 6B27A5C03DFB94B4245739065431322C,  6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch       C:\WINDOWS\system32\rpcss.dll
11:50:52.0218 0x17c0  DcomLaunch - ok
11:50:52.0312 0x17c0  [ 5E38D7684A49CACFB752B046357E0589,  F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp             C:\WINDOWS\System32\dhcpcsvc.dll
11:50:52.0312 0x17c0  Dhcp - ok
11:50:52.0359 0x17c0  [ 044452051F3E02E7963599FC8F4F3E25,  584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk             C:\WINDOWS\system32\DRIVERS\disk.sys
11:50:52.0359 0x17c0  Disk - ok
11:50:52.0359 0x17c0  dmadmin - ok
11:50:52.0687 0x17c0  [ D992FE1274BDE0F84AD826ACAE022A41,  C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot           C:\WINDOWS\system32\drivers\dmboot.sys
11:50:52.0718 0x17c0  dmboot - ok
11:50:52.0781 0x17c0  [ 7C824CF7BBDE77D95C08005717A95F6F,  A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio             C:\WINDOWS\system32\drivers\dmio.sys
11:50:52.0796 0x17c0  dmio - ok
11:50:52.0796 0x17c0  [ E9317282A63CA4D188C0DF5E09C6AC5F,  D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload           C:\WINDOWS\system32\drivers\dmload.sys
11:50:52.0812 0x17c0  dmload - ok
11:50:52.0828 0x17c0  [ 57EDEC2E5F59F0335E92F35184BC8631,  61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver         C:\WINDOWS\System32\dmserver.dll
11:50:52.0828 0x17c0  dmserver - ok
11:50:52.0875 0x17c0  [ 8A208DFCF89792A484E76C40E5F50B45,  4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic           C:\WINDOWS\system32\drivers\DMusic.sys
11:50:52.0890 0x17c0  DMusic - ok
11:50:52.0937 0x17c0  [ 5F7E24FA9EAB896051FFB87F840730D2,  356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache         C:\WINDOWS\System32\dnsrslvr.dll
11:50:52.0937 0x17c0  Dnscache - ok
11:50:53.0000 0x17c0  [ 0F0F6E687E5E15579EF4DA8DD6945814,  5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc          C:\WINDOWS\System32\dot3svc.dll
11:50:53.0015 0x17c0  Dot3svc - ok
11:50:53.0015 0x17c0  dpti2o - ok
11:50:53.0843 0x17c0  [ 49B2C034D77F9F73C80AC55E795CCB6E,  EC3B3AF80FA86222E63ABA646C3452C7AD1B9462A1A18D059F5F7EC18C37D97C ] DragonUpdater   C:\Program  Files\Comodo\Dragon\dragon_updater.exe
11:50:53.0890 0x17c0  DragonUpdater - ok
11:50:53.0937 0x17c0  [ 8F5FCFF8E8848AFAC920905FBD9D33C8,  C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud          C:\WINDOWS\system32\drivers\drmkaud.sys
11:50:53.0937 0x17c0  drmkaud - ok
11:50:54.0000 0x17c0  [ 2187855A7703ADEF0CEF9EE4285182CC,  8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost          C:\WINDOWS\System32\eapsvc.dll
11:50:54.0000 0x17c0  EapHost - ok
11:50:54.0546 0x17c0  [ 721AC341255C45A340D154341AD3A20C,  35563D6822B579BD88C86636C11BCE101A3C12D2A52495B67E3082BE043285E5 ] ERPx86Svc       C:\Program  Files\NoVirusThanks\EXE Radar Pro\ERPx86Svc.exe
11:50:54.0578 0x17c0  ERPx86Svc - ok
11:50:54.0609 0x17c0  [ BC93B4A066477954555966D77FEC9ECB,  27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc            C:\WINDOWS\System32\ersvc.dll
11:50:54.0609 0x17c0  ERSvc - ok
11:50:54.0671 0x17c0  [ 09E959301575E8E153B1DEACCACFC99E,  764B19342305C1C2FB0160D5340D1BADBB2CA2F4EA76778CC01677575B47471D ] ESProtectionDriver C:\Program  Files\Malwarebytes Anti-Exploit\mbae.sys
11:50:54.0671 0x17c0  ESProtectionDriver - ok
11:50:54.0765 0x17c0  [ 65DF52F5B8B6E9BBD183505225C37315,  59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog         C:\WINDOWS\system32\services.exe
11:50:54.0765 0x17c0  Eventlog - ok
11:50:54.0921 0x17c0  [ D4991D98F2DB73C60D042F1AEF79EFAE,  58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem      C:\WINDOWS\system32\es.dll
11:50:54.0921 0x17c0  EventSystem - ok
11:50:55.0000 0x17c0  [ 3EF58F2EAE3AECAB45D682152DB2F67D,  61A0904D27572B1129B17CE073AEBF30E26398D8B9BD8279458D1A4363555467 ] exFat            C:\WINDOWS\system32\drivers\exFat.sys
11:50:55.0000 0x17c0  exFat - ok
11:50:55.0109 0x17c0  [ 38D332A6D56AF32635675F132548343E,  E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat          C:\WINDOWS\system32\drivers\Fastfat.sys
11:50:55.0109 0x17c0  Fastfat - ok
11:50:55.0203 0x17c0  [ 99BC0B50F511924348BE19C7C7313BBF,  A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility  C:\WINDOWS\System32\shsvcs.dll
11:50:55.0218 0x17c0  FastUserSwitchingCompatibility - ok
11:50:55.0234 0x17c0  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81,  8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc              C:\WINDOWS\system32\DRIVERS\fdc.sys
11:50:55.0234 0x17c0  Fdc - ok
11:50:55.0265 0x17c0  [ D45926117EB9FA946A6AF572FBE1CAA3,  4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips             C:\WINDOWS\system32\drivers\Fips.sys
11:50:55.0265 0x17c0  Fips - ok
11:50:55.0281 0x17c0  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0,  69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk         C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:50:55.0281 0x17c0  Flpydisk - ok
11:50:55.0343 0x17c0  [ B2CF4B0786F8212CB92ED2B50C6DB6B0,  280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr           C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:50:55.0343 0x17c0  FltMgr - ok
11:50:55.0437 0x17c0  [ 8BA7C024070F2B7FDD98ED8A4BA41789,  47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0  c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:50:55.0437 0x17c0  FontCache3.0.0.0 - ok
11:50:55.0453 0x17c0  [ C865B83411D7347627A4BEEC22543FB1,  40F2232892CABF192903DA148ABD359F6FC0C5A21AC0B61EDC011C7CC4AA54BF ] Fs_Rec           C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:50:55.0453 0x17c0  Fs_Rec - ok
11:50:55.0515 0x17c0  [ 6AC26732762483366C3969C9E4D2259D,  FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk           C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:50:55.0531 0x17c0  Ftdisk - ok
11:50:55.0671 0x17c0  [ 2973B4EB7BE10A0D491B2037DCAAE88F,  17219885FF89EFD3538C7D780179060E3255B1E0D7BA5DF01AEA737123C07B59 ] Garmin Core Update Service  C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
11:50:55.0671 0x17c0  Garmin Core Update Service - ok
11:50:55.0687 0x17c0  giveio - ok
11:50:55.0734 0x17c0  [ 0A02C63C8B144BD8C86B103DEE7C86A2,  7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc              C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:50:55.0750 0x17c0  Gpc - ok
11:50:55.0781 0x17c0  [ 6003BC70F1A8307262BD3C941BDA0B7E,  E820EB4B7099687831A67D37F6004A58968D3B89BF7F964848191455E4DA3AF0 ] grmnusb          C:\WINDOWS\system32\drivers\grmnusb.sys
11:50:55.0796 0x17c0  grmnusb - ok
11:50:55.0906 0x17c0  [ F02A533F517EB38333CB12A9E8963773,  1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program  Files\Google\Update\GoogleUpdate.exe
11:50:55.0906 0x17c0  gupdate - ok
11:50:55.0953 0x17c0  [ F02A533F517EB38333CB12A9E8963773,  1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program  Files\Google\Update\GoogleUpdate.exe
11:50:55.0968 0x17c0  gupdatem - ok
11:50:56.0031 0x17c0  [ 573C7D0A32852B48F3058CFD8026F511,  BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus         C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:50:56.0046 0x17c0  HDAudBus - ok
11:50:56.0109 0x17c0  [ 4FCCA060DFE0C51A09DD5C3843888BCD,  D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc          C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:50:56.0109 0x17c0  helpsvc - ok
11:50:56.0156 0x17c0  [ DEB04DA35CC871B6D309B77E1443C796,  F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ          C:\WINDOWS\System32\hidserv.dll
11:50:56.0156 0x17c0  HidServ - ok
11:50:56.0187 0x17c0  [ CCF82C5EC8A7326C3066DE870C06DAF1,  93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb           C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:50:56.0187 0x17c0  HidUsb - ok
11:50:56.0234 0x17c0  [ 8878BD685E490239777BFE51320B88E9,  C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc           C:\WINDOWS\System32\kmsvc.dll
11:50:56.0234 0x17c0  hkmsvc - ok
11:50:56.0250 0x17c0  hpn - ok
11:50:56.0390 0x17c0  [ F80A415EF82CD06FFAF0D971528EAD38,  524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP             C:\WINDOWS\system32\Drivers\HTTP.sys
11:50:56.0390 0x17c0  HTTP - ok
11:50:56.0453 0x17c0  [ 6100A808600F44D999CEBDEF8841C7A3,  61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter       C:\WINDOWS\System32\w3ssl.dll
11:50:56.0453 0x17c0  HTTPFilter - ok
11:50:56.0468 0x17c0  i2omgmt - ok
11:50:56.0468 0x17c0  i2omp - ok
11:50:56.0531 0x17c0  [ 4A0B06AA8943C1E332520F7440C0AA30,  DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt         C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:50:56.0546 0x17c0  i8042prt - ok
11:50:56.0984 0x17c0  [ 0F0194C4B635C10C3F785E4FEE52D641,  A450D84AF1E2ECC59046B7DFAEF04AD0E70043A57BB2C954E4D8596D59979B48 ] ialm             C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:50:57.0015 0x17c0  ialm - ok
11:50:57.0750 0x17c0  [ C2842ECA72FD97243DF41BDB42ADA7F7,  FF4CC7A22FB020CB54FE9606CF04589F8D3B50ADF00A0D78D71DC704B32009D7 ] IceDragonUpdater C:\Program  Files\Comodo\IceDragon\icedragon_updater.exe
11:50:57.0796 0x17c0  IceDragonUpdater - ok
11:50:58.0171 0x17c0  [ C01AC32DC5C03076CFB852CB5DA5229C,  A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc            c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:50:58.0203 0x17c0  idsvc - ok
11:50:58.0265 0x17c0  [ 083A052659F5310DD8B6A6CB05EDCF8E,  48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi            C:\WINDOWS\system32\DRIVERS\imapi.sys
11:50:58.0281 0x17c0  Imapi - ok
11:50:58.0359 0x17c0  [ 30DEAF54A9755BB8546168CFE8A6B5E1,  3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService     C:\WINDOWS\system32\imapi.exe
11:50:58.0375 0x17c0  ImapiService - ok
11:50:58.0390 0x17c0  ini910u - ok
11:50:58.0390 0x17c0  IntelIde - ok
11:50:58.0421 0x17c0  [ 8C953733D8F36EB2133F5BB58808B66B,  555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm         C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:50:58.0421 0x17c0  intelppm - ok
11:50:58.0484 0x17c0  [ 3BB22519A194418D5FEC05D800A19AD0,  F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw            C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:50:58.0484 0x17c0  Ip6Fw - ok
11:50:58.0515 0x17c0  [ 731F22BA402EE4B62748ADAF6363C182,  5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver   C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:50:58.0515 0x17c0  IpFilterDriver - ok
11:50:58.0531 0x17c0  [ B87AB476DCF76E72010632B5550955F5,  E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp           C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:50:58.0531 0x17c0  IpInIp - ok
11:50:58.0609 0x17c0  [ CC748EA12C6EFFDE940EE98098BF96BB,  AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat            C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:50:58.0625 0x17c0  IpNat - ok
11:50:58.0656 0x17c0  [ 23C74D75E36E7158768DD63D92789A91,  394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec            C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:50:58.0671 0x17c0  IPSec - ok
11:50:58.0671 0x17c0  [ C93C9FF7B04D772627A3646D89F7BF89,  805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM           C:\WINDOWS\system32\DRIVERS\irenum.sys
11:50:58.0687 0x17c0  IRENUM - ok
11:50:58.0718 0x17c0  [ 05A299EC56E52649B1CF2FC52D20F2D7,  2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp           C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:50:58.0718 0x17c0  isapnp - ok
11:50:58.0953 0x17c0  [ B9436A665A8621073A12338B16D7BFD4,  1F1CB4758768BF7B7DDB27BF9DA944D869B561ABF7EC39CEC059044E10C1EA88 ] JavaQuickStarterService  C:\Program Files\Java\jre7\bin\jqs.exe
11:50:58.0953 0x17c0  JavaQuickStarterService - ok
11:50:59.0000 0x17c0  [ 463C1EC80CD17420A542B7F36A36F128,  E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass         C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:50:59.0000 0x17c0  Kbdclass - ok
11:50:59.0015 0x17c0  [ 9EF487A186DEA361AA06913A75B3FA99,  B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid           C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:50:59.0015 0x17c0  kbdhid - ok
11:50:59.0062 0x17c0  [ F00871B1EA762CFFEC491B019A1CD531,  D686882D36CDCB7ABEF2A78D555AB59D4A199DA4627C7C7389A8FA6E714607B2 ] keycrypt         C:\WINDOWS\system32\DRIVERS\KeyCrypt32.sys
11:50:59.0062 0x17c0  keycrypt - ok
11:50:59.0140 0x17c0  [ 692BCF44383D056AED41B045A323D378,  1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer           C:\WINDOWS\system32\drivers\kmixer.sys
11:50:59.0140 0x17c0  kmixer - ok
11:50:59.0156 0x17c0  KMW_KBD - ok
11:50:59.0187 0x17c0  [ 54F442C5C59754B72CA091801C37ADE4,  4A255022ED319C06B56DA37DD4E7D6C3A533282DA3C727C97AECBEB797F20355 ] KMW_SYS          C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
11:50:59.0203 0x17c0  KMW_SYS - ok
11:50:59.0234 0x17c0  [ 3EC34B550B9AA26BB953074312E27C2E,  37EF2BAF5CFEDACBA7E29D4A04EDB90FEE74DC658FB5C58605960E48B3BC351D ] KMW_USB          C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
11:50:59.0234 0x17c0  KMW_USB - ok
11:50:59.0312 0x17c0  [ 278B53C210E81F743BAA64A8D7D70FD4,  6029E838D1573BC036D8F7848E5E4671360617CD138C0E8D5F159A848E5D2782 ] KProcessHacker2 C:\Program  Files\Process Hacker 2\kprocesshacker.sys
11:50:59.0312 0x17c0  KProcessHacker2 - ok
11:50:59.0359 0x17c0  [ B467646C54CC746128904E1654C750C1,  3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD           C:\WINDOWS\system32\drivers\KSecDD.sys
11:50:59.0375 0x17c0  KSecDD - ok
11:50:59.0437 0x17c0  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527,  0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer     C:\WINDOWS\System32\srvsvc.dll
11:50:59.0453 0x17c0  LanmanServer - ok
11:50:59.0562 0x17c0  [ A8888A5327621856C0CEC4E385F69309,  B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation  C:\WINDOWS\System32\wkssvc.dll
11:50:59.0578 0x17c0  lanmanworkstation - ok
11:50:59.0578 0x17c0  lbrtfdc - ok
11:50:59.0640 0x17c0  [ BAE60E7DF29313470D6F18FE2550F53E,  BD6A72A1E42E5DA1CDE7A46BAF5FAEACC5BB43641A897C11F55C777703F09A9C ] libusb0          C:\WINDOWS\system32\DRIVERS\libusb0.sys
11:50:59.0640 0x17c0  libusb0 - ok
11:50:59.0687 0x17c0  [ A7DB739AE99A796D91580147E919CC59,  EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts          C:\WINDOWS\System32\lmhsvc.dll
11:50:59.0687 0x17c0  LmHosts - ok
11:50:59.0843 0x17c0  [ D8DE00217540D63BE254D74B84F2177D,  7D55322B15BB619D4863275BD926B983037FDC1D9564B54557DA86DEEE930B9A ] MbaeSvc         C:\Program  Files\Malwarebytes Anti-Exploit\mbae-svc.exe
11:50:59.0859 0x17c0  MbaeSvc - ok
11:50:59.0921 0x17c0  [ 7FDB26D09B136D02562D19E7BDBEAD17,  2A19ABC22A51A269D4CB8E551386A781BB968B8251B35A8B9E5715036234293B ] mbamchameleon    C:\WINDOWS\system32\drivers\mbamchameleon.sys
11:50:59.0937 0x17c0  mbamchameleon - ok
11:50:59.0968 0x17c0  [ 4470E3C1E0C3378E4CAB137893C12C3A,  CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector    C:\WINDOWS\system32\drivers\mbam.sys
11:50:59.0968 0x17c0  MBAMProtector - ok
11:51:00.0171 0x17c0  [ 65085456FD9A74D7F1A999520C299ECB,  EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program  Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:51:00.0187 0x17c0  MBAMScheduler - ok
11:51:00.0484 0x17c0  [ E0D7732F2D2E24B2DB3F67B6750295B8,  AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program  Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:51:00.0500 0x17c0  MBAMService - ok
11:51:00.0515 0x17c0  MEMSWEEP2 - ok
11:51:00.0578 0x17c0  [ 986B1FF5814366D71E0AC5755C88F2D3,  E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger        C:\WINDOWS\System32\msgsvc.dll
11:51:00.0578 0x17c0  Messenger - ok
11:51:00.0718 0x17c0  [ 123271BD5237AB991DC5C21FDF8835EB,  004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit  Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:51:00.0734 0x17c0  Microsoft Office Groove Audit Service - ok
11:51:00.0781 0x17c0  [ 4AE068242760A1FB6E1A44BF4E16AFA6,  1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd            C:\WINDOWS\system32\drivers\mnmdd.sys
11:51:00.0781 0x17c0  mnmdd - ok
11:51:00.0828 0x17c0  [ D18F1F0C101D06A1C1ADF26EED16FCDD,  BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc          C:\WINDOWS\system32\mnmsrvc.exe
11:51:00.0828 0x17c0  mnmsrvc - ok
11:51:00.0875 0x17c0  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1,  B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem            C:\WINDOWS\system32\drivers\Modem.sys
11:51:00.0875 0x17c0  Modem - ok
11:51:00.0921 0x17c0  [ 35C9E97194C8CFB8430125F8DBC34D04,  0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass         C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:51:00.0937 0x17c0  Mouclass - ok
11:51:00.0937 0x17c0  [ B1C303E17FB9D46E87A98E4BA6769685,  161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid           C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:51:00.0953 0x17c0  mouhid - ok
11:51:00.0984 0x17c0  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD,  2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr         C:\WINDOWS\system32\drivers\MountMgr.sys
11:51:00.0984 0x17c0  MountMgr - ok
11:51:01.0093 0x17c0  [ 7EDBBB9351A38C6BB0FE98CFD44DB430,  FF77429D7FF3429AD15FD29B4F0F1CF1DA66F69651BCA9525889EDD47AB0306D ] MozillaMaintenance C:\Program  Files\Mozilla Maintenance Service\maintenanceservice.exe
11:51:01.0093 0x17c0  MozillaMaintenance - ok
11:51:01.0093 0x17c0  mraid35x - ok
11:51:01.0187 0x17c0  [ 11D42BB6206F33FBB3BA0288D3EF81BD,  76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV           C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:51:01.0187 0x17c0  MRxDAV - ok
11:51:01.0390 0x17c0  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0,  DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb           C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:51:01.0406 0x17c0  MRxSmb - ok
11:51:01.0437 0x17c0  [ A137F1470499A205ABBB9AAFB3B6F2B1,  FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC            C:\WINDOWS\system32\msdtc.exe
11:51:01.0453 0x17c0  MSDTC - ok
11:51:01.0484 0x17c0  [ C941EA2454BA8350021D774DAF0F1027,  C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs             C:\WINDOWS\system32\drivers\Msfs.sys
11:51:01.0484 0x17c0  Msfs - ok
11:51:01.0500 0x17c0  MSIServer - ok
11:51:01.0531 0x17c0  [ AF5F4F3F14A8EA2C26DE30F7A1E17136,  AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios         C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:51:01.0531 0x17c0  mssmbios - ok
11:51:01.0593 0x17c0  [ DE6A75F5C270E756C5508D94B6CF68F5,  FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup              C:\WINDOWS\system32\drivers\Mup.sys
11:51:01.0609 0x17c0  Mup - ok
11:51:01.0750 0x17c0  [ 0102140028FAD045756796E1C685D695,  5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent         C:\WINDOWS\System32\qagentrt.dll
11:51:01.0765 0x17c0  napagent - ok
11:51:01.0843 0x17c0  [ 1DF7F42665C94B825322FAE71721130D,  FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS             C:\WINDOWS\system32\drivers\NDIS.sys
11:51:01.0843 0x17c0  NDIS - ok
11:51:01.0890 0x17c0  [ 0109C4F3850DFBAB279542515386AE22,  4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi         C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:51:01.0890 0x17c0  NdisTapi - ok
11:51:01.0906 0x17c0  [ F927A4434C5028758A842943EF1A3849,  B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio          C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:51:01.0906 0x17c0  Ndisuio - ok
11:51:01.0953 0x17c0  [ EDC1531A49C80614B2CFDA43CA8659AB,  494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan          C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:51:01.0953 0x17c0  NdisWan - ok
11:51:02.0000 0x17c0  [ 2F597BB467E05B1FE3830EABD821B8E0,  141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy          C:\WINDOWS\system32\drivers\NDProxy.sys
11:51:02.0000 0x17c0  NDProxy - ok
11:51:02.0031 0x17c0  [ 5D81CF9A2F1A3A756B66CF684911CDF0,  7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS          C:\WINDOWS\system32\DRIVERS\netbios.sys
11:51:02.0031 0x17c0  NetBIOS - ok
11:51:02.0109 0x17c0  [ 74B2B2F5BEA5E9A3DC021D685551BD3D,  7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT            C:\WINDOWS\system32\DRIVERS\netbt.sys
11:51:02.0125 0x17c0  NetBT - ok
11:51:02.0218 0x17c0  [ B857BA82860D7FF85AE29B095645563B,  86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE           C:\WINDOWS\system32\netdde.exe
11:51:02.0218 0x17c0  NetDDE - ok
11:51:02.0265 0x17c0  [ B857BA82860D7FF85AE29B095645563B,  86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm       C:\WINDOWS\system32\netdde.exe
11:51:02.0281 0x17c0  NetDDEdsdm - ok
11:51:02.0328 0x17c0  [ BF2466B3E18E970D8A976FB95FC1CA85,  F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon         C:\WINDOWS\system32\lsass.exe
11:51:02.0343 0x17c0  Netlogon - ok
11:51:02.0421 0x17c0  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE,  4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman           C:\WINDOWS\System32\netman.dll
11:51:02.0437 0x17c0  Netman - ok
11:51:02.0531 0x17c0  [ D34612C5D02D026535B3095D620626AE,  1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing  c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:51:02.0531 0x17c0  NetTcpPortSharing - ok
11:51:02.0671 0x17c0  [ 943337D786A56729263071623BBB9DE5,  B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla              C:\WINDOWS\System32\mswsock.dll
11:51:02.0687 0x17c0  Nla - ok
11:51:02.0703 0x17c0  [ 3182D64AE053D6FB034F44B6DEF8034A,  4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs             C:\WINDOWS\system32\drivers\Npfs.sys
11:51:02.0703 0x17c0  Npfs - ok
11:51:02.0921 0x17c0  [ 78A08DD6A8D65E697C18E1DB01C5CDCA,  E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs             C:\WINDOWS\system32\drivers\Ntfs.sys
11:51:02.0937 0x17c0  Ntfs - ok
11:51:02.0953 0x17c0  [ BF2466B3E18E970D8A976FB95FC1CA85,  F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp          C:\WINDOWS\system32\lsass.exe
11:51:02.0968 0x17c0  NtLmSsp - ok
11:51:03.0140 0x17c0  [ 156F64A3345BD23C600655FB4D10BC08,  9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc          C:\WINDOWS\system32\ntmssvc.dll
11:51:03.0171 0x17c0  NtmsSvc - ok
11:51:03.0234 0x17c0  [ CF7E041663119E09D2E118521ADA9300,  0BDDEDA787CCBE34D515945717AF972143A3684F6D37F87B639D6A5371F381CC ] NuidFltr         C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
11:51:03.0234 0x17c0  NuidFltr - ok
11:51:03.0265 0x17c0  [ 73C1E1F395918BC2C6DD67AF7591A3AD,  B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null             C:\WINDOWS\system32\drivers\Null.sys
11:51:03.0265 0x17c0  Null - ok
11:51:03.0328 0x17c0  [ 33ED48C9D3D47CEE74DF84FB97AFC119,  0F3A6E8CDB8A6EA10D478944350AE483D0B29D76800FC17ACF81857BACE6C70A ] nvterp           C:\WINDOWS\system32\drivers\nvterp.sys
11:51:03.0343 0x17c0  nvterp - ok
11:51:03.0343 0x17c0  nvtInjDrv - ok
11:51:03.0359 0x17c0  [ B305F3FAD35083837EF46A0BBCE2FC57,  9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt         C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:51:03.0359 0x17c0  NwlnkFlt - ok
11:51:03.0390 0x17c0  [ C99B3415198D1AAB7227F2C88FD664B9,  DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd         C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:51:03.0390 0x17c0  NwlnkFwd - ok
11:51:03.0718 0x17c0  [ 3BBBC02D84AC98AF93F2F4D00EC347F0,  18D806BFBE2711BD9C221B5DFF54626FEBA273DF70D07549DD9A881EA5384A16 ] O&O CleverCache C:\Program  Files\OO Software\CleverCache\ooccag.exe
11:51:03.0734 0x17c0  O&O CleverCache - ok
11:51:03.0968 0x17c0  [ 785F487A64950F3CB8E9F16253BA3B7B,  02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program  Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:51:03.0968 0x17c0  odserv - ok
11:51:04.0750 0x17c0  [ 4C1A72D56BCB58A623A39A3E27045CAE,  5D22F730A2E2FDD4AE2D0C2BB50575FEE964E6C2FE934569D8954B7DA94936D5 ] OODefragAgent   C:\Program  Files\OO Software\Defrag\oodag.exe
11:51:04.0796 0x17c0  OODefragAgent - ok
11:51:04.0906 0x17c0  [ 5A432A042DAE460ABE7199B758E8606C,  6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program  Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:51:04.0906 0x17c0  ose - ok
11:51:05.0000 0x17c0  [ 5575FAF8F97CE5E713D108C2A58D7C7C,  96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport          C:\WINDOWS\system32\DRIVERS\parport.sys
11:51:05.0000 0x17c0  Parport - ok
11:51:05.0046 0x17c0  [ BEB3BA25197665D82EC7065B724171C6,  7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr          C:\WINDOWS\system32\drivers\PartMgr.sys
11:51:05.0046 0x17c0  PartMgr - ok
11:51:05.0093 0x17c0  [ 70E98B3FD8E963A6A46A2E6247E0BEA1,  6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm           C:\WINDOWS\system32\drivers\ParVdm.sys
11:51:05.0093 0x17c0  ParVdm - ok
11:51:05.0125 0x17c0  [ A219903CCF74233761D92BEF471A07B1,  D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI              C:\WINDOWS\system32\DRIVERS\pci.sys
11:51:05.0125 0x17c0  PCI - ok
11:51:05.0140 0x17c0  PCIDump - ok
11:51:05.0171 0x17c0  [ CCF5F451BB1A5A2A522A76E670000FF0,  D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde           C:\WINDOWS\system32\DRIVERS\pciide.sys
11:51:05.0171 0x17c0  PCIIde - ok
11:51:05.0250 0x17c0  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1,  0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia           C:\WINDOWS\system32\drivers\Pcmcia.sys
11:51:05.0265 0x17c0  Pcmcia - ok
11:51:05.0265 0x17c0  PDCOMP - ok
11:51:05.0281 0x17c0  PDFRAME - ok
11:51:05.0828 0x17c0  [ 94AF20778D50BC32C03C43E4B0C778F0,  7ED0F361E51AAEF6DCDE7869DEE1E4051D26B02883E37735F292F129724BC474 ] PDMx86Svc       C:\Program  Files\NoVirusThanks\PE Dropper Monitor\PDMx86Svc.exe
11:51:05.0859 0x17c0  PDMx86Svc - ok
11:51:05.0875 0x17c0  PDRELI - ok
11:51:05.0890 0x17c0  PDRFRAME - ok
11:51:05.0906 0x17c0  perc2 - ok
11:51:05.0906 0x17c0  perc2hib - ok
11:51:06.0171 0x17c0  [ B8C3C66D19104E23D6D05A391747F23F,  2CB879FE65989608706306D8E7224F7C0F668E30886BDBC8B5CFB452807222D6 ] PFNet           C:\Program  Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
11:51:06.0187 0x17c0  PFNet - ok
11:51:06.0234 0x17c0  [ 65DF52F5B8B6E9BBD183505225C37315,  59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay         C:\WINDOWS\system32\services.exe
11:51:06.0250 0x17c0  PlugPlay - ok
11:51:06.0296 0x17c0  [ 896D916DE06F5502D301E8C4DC442AE8,  7B5C5FA075BA680B990A0A78A690CF2DE04EF7EB1457781E38D0EE4A95CEFDCA ] Point32          C:\WINDOWS\system32\DRIVERS\point32.sys
11:51:06.0296 0x17c0  Point32 - ok
11:51:06.0312 0x17c0  [ BF2466B3E18E970D8A976FB95FC1CA85,  F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent      C:\WINDOWS\system32\lsass.exe
11:51:06.0328 0x17c0  PolicyAgent - ok
11:51:06.0406 0x17c0  PORTMON - ok
11:51:06.0468 0x17c0  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99,  C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport     C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:51:06.0468 0x17c0  PptpMiniport - ok
11:51:06.0500 0x17c0  [ BF2466B3E18E970D8A976FB95FC1CA85,  F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage  C:\WINDOWS\system32\lsass.exe
11:51:06.0500 0x17c0  ProtectedStorage - ok
11:51:06.0531 0x17c0  ProtectorDriver - ok
11:51:06.0578 0x17c0  [ 09298EC810B07E5D582CB3A3F9255424,  35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched           C:\WINDOWS\system32\DRIVERS\psched.sys
11:51:06.0578 0x17c0  PSched - ok
11:51:06.0625 0x17c0  [ D24DFD16A1E2A76034DF5AA18125C35D,  BB1F2BB3EB69DE742AA8ED33DCB572888BC473182E0F7DA860CB57903C9924A6 ] PSI              C:\WINDOWS\system32\DRIVERS\psi_mf.sys
11:51:06.0625 0x17c0  PSI - ok
11:51:06.0640 0x17c0  [ 80D317BD1C3DBC5D4FE7B1678C60CADD,  DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink          C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:51:06.0640 0x17c0  Ptilink - ok
11:51:06.0734 0x17c0  [ 944F9CA807FE9E1095FA894D5A7B018A,  DEED05B04BEDE886FEF71EF470C4CF68355511D2092CDEEA8E2A8F1289E551A2 ] pwipf6           C:\WINDOWS\system32\DRIVERS\pwipf6.sys
11:51:06.0750 0x17c0  pwipf6 - ok
11:51:06.0765 0x17c0  ql1080 - ok
11:51:06.0796 0x17c0  Ql10wnt - ok
11:51:06.0812 0x17c0  ql12160 - ok
11:51:06.0828 0x17c0  ql1240 - ok
11:51:06.0843 0x17c0  ql1280 - ok
11:51:06.0875 0x17c0  [ FE0D99D6F31E4FAD8159F690D68DED9C,  998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd           C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:51:06.0875 0x17c0  RasAcd - ok
11:51:06.0953 0x17c0  [ AD188BE7BDF94E8DF4CA0A55C00A5073,  C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto          C:\WINDOWS\System32\rasauto.dll
11:51:06.0968 0x17c0  RasAuto - ok
11:51:07.0000 0x17c0  [ 11B4A627BC9614B885C4969BFA5FF8A6,  EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp          C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:51:07.0000 0x17c0  Rasl2tp - ok
11:51:07.0093 0x17c0  [ 76A9A3CBEADD68CC57CDA5E1D7448235,  4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan           C:\WINDOWS\System32\rasmans.dll
11:51:07.0109 0x17c0  RasMan - ok
11:51:07.0140 0x17c0  [ 5BC962F2654137C9909C3D4603587DEE,  A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe         C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:51:07.0140 0x17c0  RasPppoe - ok
11:51:07.0156 0x17c0  [ FDBB1D60066FCFBB7452FD8F9829B242,  10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti           C:\WINDOWS\system32\DRIVERS\raspti.sys
11:51:07.0156 0x17c0  Raspti - ok
11:51:07.0250 0x17c0  [ 7AD224AD1A1437FE28D89CF22B17780A,  6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss            C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:51:07.0265 0x17c0  Rdbss - ok
11:51:07.0265 0x17c0  [ 4912D5B403614CE99C28420F75353332,  975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD           C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:51:07.0281 0x17c0  RDPCDD - ok
11:51:07.0375 0x17c0  [ 15CABD0F7C00C47C70124907916AF3F1,  66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr            C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:51:07.0390 0x17c0  rdpdr - ok
11:51:07.0484 0x17c0  [ 43AF5212BD8FB5BA6EED9754358BD8F7,  AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD            C:\WINDOWS\system32\drivers\RDPWD.sys
11:51:07.0484 0x17c0  RDPWD - ok
11:51:07.0578 0x17c0  [ 3C37BF86641BDA977C3BF8A840F3B7FA,  AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr        C:\WINDOWS\system32\sessmgr.exe
11:51:07.0593 0x17c0  RDSessMgr - ok
11:51:07.0640 0x17c0  [ F828DD7E1419B6653894A8F97A0094C5,  E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook          C:\WINDOWS\system32\DRIVERS\redbook.sys
11:51:07.0640 0x17c0  redbook - ok
11:51:07.0718 0x17c0  [ 7E699FF5F59B5D9DE5390E3C34C67CF5,  3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess     C:\WINDOWS\System32\mprdim.dll
11:51:07.0718 0x17c0  RemoteAccess - ok
11:51:07.0781 0x17c0  [ 5B19B557B0C188210A56A6B699D90B8F,  0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry   C:\WINDOWS\system32\regsvc.dll
11:51:07.0796 0x17c0  RemoteRegistry - ok
11:51:07.0843 0x17c0  [ 8B5B8A11306190C6963D3473F052D3C8,  BEBCCA8109C742447C862907B7A3924548303AC720E3FB16563F24DF3238F82B ] Revoflt          C:\WINDOWS\system32\DRIVERS\revoflt.sys
11:51:07.0859 0x17c0  Revoflt - ok
11:51:07.0859 0x17c0  RkPavproc1 - ok
11:51:07.0921 0x17c0  [ AAED593F84AFA419BBAE8572AF87CF6A,  CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator       C:\WINDOWS\system32\locator.exe
11:51:07.0937 0x17c0  RpcLocator - ok
11:51:08.0109 0x17c0  [ 6B27A5C03DFB94B4245739065431322C,  6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs            C:\WINDOWS\system32\rpcss.dll
11:51:08.0125 0x17c0  RpcSs - ok
11:51:08.0187 0x17c0  [ 471B3F9741D762ABE75E9DEEA4787E47,  D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP             C:\WINDOWS\system32\rsvp.exe
11:51:08.0203 0x17c0  RSVP - ok
11:51:08.0218 0x17c0  sagentservice - ok
11:51:08.0250 0x17c0  [ BF2466B3E18E970D8A976FB95FC1CA85,  F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs            C:\WINDOWS\system32\lsass.exe
11:51:08.0250 0x17c0  SamSs - ok
11:51:08.0359 0x17c0  [ D952F04F46365802DCA6591DAF92ED54,  4F32364B31F6FBB0CBD48A6643EE0D8DBA9603AB46993A49A854A869F904BBBF ] SbieDrv         C:\Program  Files\Sandboxie\SbieDrv.sys
11:51:08.0375 0x17c0  SbieDrv - ok
11:51:08.0437 0x17c0  [ BAA52B6DBBA27BC0E7D772A638511C3C,  E1C86FA1CF53946CDEA8FE1C23CC3CDF2BBE39D760538B8CBCA54487D16F619F ] SbieSvc         C:\Program  Files\Sandboxie\SbieSvc.exe
11:51:08.0437 0x17c0  SbieSvc - ok
11:51:08.0515 0x17c0  [ C1AE5D1F53285D79A0B73A62AF20734F,  B3690E063F3C4D8545CD8A3576E78938BC9BC607365B3D91BB5C490C20CC9B85 ] SBRE             C:\WINDOWS\system32\drivers\SBREdrv.sys
11:51:08.0531 0x17c0  SBRE - ok
11:51:08.0687 0x17c0  [ 86D007E7A654B9A71D1D7D856B104353,  7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr         C:\WINDOWS\System32\SCardSvr.exe
11:51:08.0703 0x17c0  SCardSvr - ok
11:51:08.0890 0x17c0  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA,  0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule         C:\WINDOWS\system32\schedsvc.dll
11:51:08.0906 0x17c0  Schedule - ok
11:51:08.0984 0x17c0  [ 90A3935D05B494A5A39D37E71F09A677,  F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv           C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:51:08.0984 0x17c0  Secdrv - ok
11:51:09.0062 0x17c0  [ CBE612E2BB6A10E3563336191EDA1250,  C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon         C:\WINDOWS\System32\seclogon.dll
11:51:09.0062 0x17c0  seclogon - ok
11:51:09.0406 0x17c0  [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8,  E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] senfilt          C:\WINDOWS\system32\drivers\senfilt.sys
11:51:09.0421 0x17c0  senfilt - ok
11:51:09.0515 0x17c0  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0,  7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS             C:\WINDOWS\system32\sens.dll
11:51:09.0531 0x17c0  SENS - ok
11:51:09.0546 0x17c0  [ 0F29512CCD6BEAD730039FB4BD2C85CE,  4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] Serenum          C:\WINDOWS\system32\DRIVERS\serenum.sys
11:51:09.0546 0x17c0  Serenum - ok
11:51:09.0593 0x17c0  [ CCA207A8896D4C6A0C9CE29A4AE411A7,  5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial           C:\WINDOWS\system32\DRIVERS\serial.sys
11:51:09.0593 0x17c0  Serial - ok
11:51:09.0671 0x17c0  [ 8E6B8C671615D126FDC553D1E2DE5562,  CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy          C:\WINDOWS\system32\drivers\Sfloppy.sys
11:51:09.0687 0x17c0  Sfloppy - ok
11:51:09.0859 0x17c0  [ A43F36201F68C96DA6CB7B1B0B788C60,  1A07DEC79FB981476D4A11694946DAF86B6D50A1DA2FDE855162041D5DAB38AA ] SharedAccess     C:\WINDOWS\System32\ipnathlp.dll
11:51:09.0875 0x17c0  SharedAccess - ok
11:51:09.0937 0x17c0  [ 99BC0B50F511924348BE19C7C7313BBF,  A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection  C:\WINDOWS\System32\shsvcs.dll
11:51:09.0953 0x17c0  ShellHWDetection - ok
11:51:10.0015 0x17c0  [ C16173316918A1360DC22947C4FF6352,  9ABEA840494E880654E8979B582E2FD70CF8BDEBF526A678555AB5E94375B5FB ] silabenm         C:\WINDOWS\system32\DRIVERS\silabenm.sys
11:51:10.0015 0x17c0  silabenm - ok
11:51:10.0078 0x17c0  [ 093C31EC727ECBCBE38992FC69657594,  224AE5B3DF05DDD65EC529BA562D51EF0099738530F0FA1032401A3C2DAE5420 ] silabser         C:\WINDOWS\system32\DRIVERS\silabser.sys
11:51:10.0078 0x17c0  silabser - ok
11:51:10.0093 0x17c0  Simbad - ok
11:51:10.0109 0x17c0  [ BC9C2EF22EE0320C079E3FF9B4D29951,  BBEE3CB683B798B5259DCCB9064C7613BD7A188DC891C43275C2D68CA512E810 ] SIUSBXP          C:\WINDOWS\system32\drivers\SiUSBXp.sys
11:51:10.0125 0x17c0  SIUSBXP - ok
11:51:10.0281 0x17c0  [ C6D9959E493682F872A639B6EC1B4A08,  5B6D3FD23A44422F8B3972CF47BF16B5015DC0CCF7EF59FADAFEEF1AEE32958B ] smwdm            C:\WINDOWS\system32\drivers\smwdm.sys
11:51:10.0281 0x17c0  smwdm - ok
11:51:10.0296 0x17c0  Sparrow - ok
11:51:10.0375 0x17c0  [ DC8D2952FB6FFBAEC67BD1B93A34DF11,  0BD1523A68900B80ED1BCCB967643525CCA55D4FF4622D0128913690E6BB619E ] speedfan         C:\WINDOWS\system32\speedfan.sys
11:51:10.0390 0x17c0  speedfan - ok
11:51:10.0406 0x17c0  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F,  DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter         C:\WINDOWS\system32\drivers\splitter.sys
11:51:10.0421 0x17c0  splitter - ok
11:51:10.0484 0x17c0  [ 60784F891563FB1B767F70117FC2428F,  E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler          C:\WINDOWS\system32\spoolsv.exe
11:51:10.0484 0x17c0  Spooler - ok
11:51:10.0546 0x17c0  [ 76BB022C2FB6902FD5BDD4F78FC13A5D,  6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr               C:\WINDOWS\system32\DRIVERS\sr.sys
11:51:10.0546 0x17c0  sr - ok
11:51:10.0640 0x17c0  [ 3805DF0AC4296A34BA4BF93B346CC378,  B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice        C:\WINDOWS\system32\srsvc.dll
11:51:10.0656 0x17c0  srservice - ok
11:51:10.0828 0x17c0  [ 47DDFC2F003F7F9F0592C6874962A2E7,  17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv              C:\WINDOWS\system32\DRIVERS\srv.sys
11:51:10.0828 0x17c0  Srv - ok
11:51:10.0906 0x17c0  [ 0A5679B3714EDAB99E357057EE88FCA6,  01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV          C:\WINDOWS\System32\ssdpsrv.dll
11:51:10.0921 0x17c0  SSDPSRV - ok
11:51:11.0078 0x17c0  [ 8BAD69CBAC032D4BBACFCE0306174C30,  2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc           C:\WINDOWS\system32\wiaservc.dll
11:51:11.0093 0x17c0  stisvc - ok
11:51:11.0125 0x17c0  [ 3941D127AEF12E93ADDF6FE6EE027E0F,  EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum           C:\WINDOWS\system32\DRIVERS\swenum.sys
11:51:11.0125 0x17c0  swenum - ok
11:51:11.0140 0x17c0  SwiPEInjDrv - ok
11:51:11.0203 0x17c0  [ 8CE882BCC6CF8A62F2B2323D95CB3D01,  B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi           C:\WINDOWS\system32\drivers\swmidi.sys
11:51:11.0218 0x17c0  swmidi - ok
11:51:11.0218 0x17c0  SwPrv - ok
11:51:11.0234 0x17c0  symc810 - ok
11:51:11.0250 0x17c0  symc8xx - ok
11:51:11.0265 0x17c0  sym_hi - ok
11:51:11.0281 0x17c0  sym_u3 - ok
11:51:11.0312 0x17c0  [ 8B83F3ED0F1688B4958F77CD6D2BF290,  546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio         C:\WINDOWS\system32\drivers\sysaudio.sys
11:51:11.0312 0x17c0  sysaudio - ok
11:51:11.0406 0x17c0  [ C7ABBC59B43274B1109DF6B24D617051,  4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog        C:\WINDOWS\system32\smlogsvc.exe
11:51:11.0406 0x17c0  SysmonLog - ok
11:51:11.0484 0x17c0  [ 432D9D823C4C26B6070C41BAD4404CE4,  741B41F7467D312AF4CC733EA31F647FBCD06985CBB6A14117E8A87A6F7B06F5 ] tap0901          C:\WINDOWS\system32\DRIVERS\tap0901.sys
11:51:11.0484 0x17c0  tap0901 - ok
11:51:11.0593 0x17c0  [ 3CB78C17BB664637787C9A1C98F79C38,  F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv          C:\WINDOWS\System32\tapisrv.dll
11:51:11.0609 0x17c0  TapiSrv - ok
11:51:11.0796 0x17c0  [ 9AEFA14BD6B182D61E3119FA5F436D3D,  EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip            C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:51:11.0796 0x17c0  Tcpip - ok
11:51:11.0859 0x17c0  [ 6471A66807F5E104E4885F5B67349397,  F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE           C:\WINDOWS\system32\drivers\TDPIPE.sys
11:51:11.0875 0x17c0  TDPIPE - ok
11:51:11.0890 0x17c0  [ C56B6D0402371CF3700EB322EF3AAF61,  7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP            C:\WINDOWS\system32\drivers\TDTCP.sys
11:51:11.0890 0x17c0  TDTCP - ok
11:51:11.0921 0x17c0  [ 88155247177638048422893737429D9E,  B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD           C:\WINDOWS\system32\DRIVERS\termdd.sys
11:51:11.0921 0x17c0  TermDD - ok
11:51:12.0062 0x17c0  [ FF3477C03BE7201C294C35F684B3479F,  D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService      C:\WINDOWS\System32\termsrv.dll
11:51:12.0078 0x17c0  TermService - ok
11:51:12.0156 0x17c0  [ 99BC0B50F511924348BE19C7C7313BBF,  A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes           C:\WINDOWS\System32\shsvcs.dll
11:51:12.0156 0x17c0  Themes - ok
11:51:12.0218 0x17c0  [ DB7205804759FF62C34E3EFD8A4CC76A,  13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr          C:\WINDOWS\system32\tlntsvr.exe
11:51:12.0234 0x17c0  TlntSvr - ok
11:51:12.0359 0x17c0  [ F620772888B6E3EDEF5C3E71E3D447F0,  67CFC8E94ACCA0B31E7D2062D587C1BD37911F95A02C8CCB1B4A3E0EBDADC8B0 ] TomTomHOMEService C:\Program  Files\TomTom HOME 2\TomTomHOMEService.exe
11:51:12.0359 0x17c0  TomTomHOMEService - ok
11:51:12.0375 0x17c0  TosIde - ok
11:51:12.0453 0x17c0  [ 55BCA12F7F523D35CA3CB833C725F54E,  849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks           C:\WINDOWS\system32\trkwks.dll
11:51:12.0468 0x17c0  TrkWks - ok
11:51:12.0593 0x17c0  [ ED5E4CE36C54F55E7698642E94D32EC7,  07BD324083D1784F8F716C528D530003369E6D87EFC7B79BCAA1767F80DA4FDC ] truecrypt        C:\WINDOWS\system32\drivers\truecrypt.sys
11:51:12.0609 0x17c0  truecrypt - ok
11:51:12.0656 0x17c0  [ 5787B80C2E3C5E2F56C2A233D91FA2C9,  3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs             C:\WINDOWS\system32\drivers\Udfs.sys
11:51:12.0656 0x17c0  Udfs - ok
11:51:12.0671 0x17c0  ultra - ok
11:51:12.0843 0x17c0  [ 402DDC88356B1BAC0EE3DD1580C76A31,  32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update           C:\WINDOWS\system32\DRIVERS\update.sys
11:51:12.0859 0x17c0  Update - ok
11:51:12.0968 0x17c0  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91,  7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost         C:\WINDOWS\System32\upnphost.dll
11:51:12.0984 0x17c0  upnphost - ok
11:51:13.0000 0x17c0  [ 05365FB38FCA1E98F7A566AAAF5D1815,  16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS              C:\WINDOWS\System32\ups.exe
11:51:13.0015 0x17c0  UPS - ok
11:51:13.0062 0x17c0  [ 1B611611C28D2DF25BC057D79C6F13FC,  B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp          C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:51:13.0078 0x17c0  usbccgp - ok
11:51:13.0109 0x17c0  [ 4BAC8DF07F1D8434FC640E677A62204E,  76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci          C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:51:13.0109 0x17c0  usbehci - ok
11:51:13.0156 0x17c0  [ 1AB3CDDE553B6E064D2E754EFE20285C,  A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub           C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:51:13.0156 0x17c0  usbhub - ok
11:51:13.0203 0x17c0  [ A717C8721046828520C9EDF31288FC00,  1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint         C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:51:13.0218 0x17c0  usbprint - ok
11:51:13.0265 0x17c0  [ F8EDE2B6928970DCE3D5614C27D9E7F6,  6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan          C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:51:13.0281 0x17c0  usbscan - ok
11:51:13.0296 0x17c0  [ A32426D9B14A089EAA1D922E0C5801A9,  ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR          C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:51:13.0296 0x17c0  USBSTOR - ok
11:51:13.0343 0x17c0  [ 26496F9DEE2D787FC3E61AD54821FFE6,  8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci          C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:51:13.0343 0x17c0  usbuhci - ok
11:51:13.0375 0x17c0  [ 0D3A8FAFCEACD8B7625CD549757A7DF1,  B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave          C:\WINDOWS\System32\drivers\vga.sys
11:51:13.0375 0x17c0  VgaSave - ok
11:51:13.0390 0x17c0  ViaIde - ok
11:51:13.0421 0x17c0  [ 4C8FCB5CC53AAB716D810740FE59D025,  010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap          C:\WINDOWS\system32\drivers\VolSnap.sys
11:51:13.0421 0x17c0  VolSnap - ok
11:51:13.0687 0x17c0  [ 5EA22CB6B100212837A97F281EDB3C47,  CEE872580971FF1BE4341B1BA633318FA50D269A8469BD4E7FBF35AF528E5A65 ] vpnagent        C:\Program  Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
11:51:13.0703 0x17c0  vpnagent - ok
11:51:13.0718 0x17c0  [ E1F2333A88EC4A5C8EA6BE357323B72D,  E1B8D734E36620647BFF2C7EF8984B8460D0A55519ABA18E409C4A0BE6820C56 ] vpnva            C:\WINDOWS\system32\DRIVERS\vpnva.sys
11:51:13.0718 0x17c0  vpnva - ok
11:51:13.0843 0x17c0  [ 7A9DB3A67C333BF0BD42E42B8596854B,  D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS              C:\WINDOWS\System32\vssvc.exe
11:51:13.0859 0x17c0  VSS - ok
11:51:13.0953 0x17c0  [ 54AF4B1D5459500EF0937F6D33B1914F,  FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time          C:\WINDOWS\system32\w32time.dll
11:51:13.0968 0x17c0  w32time - ok
11:51:14.0031 0x17c0  [ E20B95BAEDB550F32DD489265C1DA1F6,  5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp           C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:51:14.0046 0x17c0  Wanarp - ok
11:51:14.0078 0x17c0  [ D6EFAF429FD30C5DF613D220E344CCE7,  807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM          C:\WINDOWS\system32\DRIVERS\wdcsam.sys
11:51:14.0078 0x17c0  WDC_SAM - ok
11:51:14.0218 0x17c0  [ DBBAB783009FBDF69B222641BB7831AE,  44521F9419567EA254E4A3530AF5FF0C2872B4BE9C527ABE39805E179CDE8FF4 ] WDDMService     C:\Program  Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
11:51:14.0234 0x17c0  WDDMService - ok
11:51:14.0437 0x17c0  [ D918617B46457B9AC28027722E30F647,  407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000         C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:51:14.0437 0x17c0  Wdf01000 - ok
11:51:14.0890 0x17c0  [ A787A567B3470C91C487ECE90CF7509C,  FC76F77B7493E525AA7CDEA9011052A813DDF104E3314757D830129352593CB0 ] WDFME           C:\Program  Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
11:51:14.0906 0x17c0  WDFME - ok
11:51:14.0921 0x17c0  WDICA - ok
11:51:15.0015 0x17c0  [ 6768ACF64B18196494413695F0C3A00F,  3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud           C:\WINDOWS\system32\drivers\wdmaud.sys
11:51:15.0015 0x17c0  wdmaud - ok
11:51:15.0218 0x17c0  [ B30940E39D5B3218958DBD2EA3D13BCB,  01096A9D3995EEE86E6B154E9BE620DDEFA3F3E0E3365A63F8771735F193CE14 ] WDSC            C:\Program  Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
11:51:15.0234 0x17c0  WDSC - ok
11:51:15.0312 0x17c0  [ 77A354E28153AD2D5E120A5A8687BC06,  8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient        C:\WINDOWS\System32\webclnt.dll
11:51:15.0312 0x17c0  WebClient - ok
11:51:15.0484 0x17c0  [ 2D0E4ED081963804CCC196A0929275B5,  E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt          C:\WINDOWS\system32\wbem\WMIsvc.dll
11:51:15.0484 0x17c0  winmgmt - ok
11:51:15.0593 0x17c0  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8,  98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN         C:\WINDOWS\system32\MsPMSNSv.dll
11:51:15.0593 0x17c0  WmdmPmSN - ok
11:51:15.0828 0x17c0  [ E76F8807070ED04E7408A86D6D3A6137,  BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi              C:\WINDOWS\System32\advapi32.dll
11:51:15.0843 0x17c0  Wmi - ok
11:51:15.0875 0x17c0  [ C42584FD66CE9E17403AEBCA199F7BDB,  E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi          C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:51:15.0875 0x17c0  WmiAcpi - ok
11:51:15.0968 0x17c0  [ E0673F1106E62A68D2257E376079F821,  12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv         C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:51:15.0968 0x17c0  WmiApSrv - ok
11:51:16.0406 0x17c0  [ 15673BD0B86150CB8E27766059C72A9B,  56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:51:16.0437 0x17c0  WPFFontCache_v0400 - ok
11:51:16.0468 0x17c0  [ 6ABE6E225ADB5A751622A9CC3BC19CE8,  4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL          C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:51:16.0468 0x17c0  WS2IFSL - ok
11:51:16.0546 0x17c0  [ 7C278E6408D1DCE642230C0585A854D5,  DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc           C:\WINDOWS\system32\wscsvc.dll
11:51:16.0562 0x17c0  wscsvc - ok
11:51:16.0578 0x17c0  [ 35321FB577CDC98CE3EB3A3EB9E4610A,  C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv         C:\WINDOWS\system32\wuauserv.dll
11:51:16.0593 0x17c0  wuauserv - ok
11:51:16.0656 0x17c0  [ F15FEAFFFBB3644CCC80C5DA584E6311,  79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf           C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:51:16.0656 0x17c0  WudfPf - ok
11:51:16.0703 0x17c0  [ 28B524262BCE6DE1F7EF9F510BA3985B,  AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd           C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:51:16.0703 0x17c0  WudfRd - ok
11:51:16.0750 0x17c0  [ 05231C04253C5BC30B26CBAAE680ED89,  5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc          C:\WINDOWS\System32\WUDFSvc.dll
11:51:16.0765 0x17c0  WudfSvc - ok
11:51:16.0968 0x17c0  [ 81DC3F549F44B1C1FFF022DEC9ECF30B,  3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC           C:\WINDOWS\System32\wzcsvc.dll
11:51:16.0984 0x17c0  WZCSVC - ok
11:51:17.0062 0x17c0  [ 295D21F14C335B53CB8154E5B1F892B9,  9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov          C:\WINDOWS\System32\xmlprov.dll
11:51:17.0078 0x17c0  xmlprov - ok
11:51:17.0109 0x17c0  ================ Scan global ===============================
11:51:17.0156 0x17c0  [ 42F1F4C0AFB08410E5F02D4B13EBB623,  924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
11:51:17.0312 0x17c0  [ 69AE2B2E6968C316536E5B10B9702E63,  D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:51:17.0437 0x17c0  [ 69AE2B2E6968C316536E5B10B9702E63,  D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
11:51:17.0500 0x17c0  [ 65DF52F5B8B6E9BBD183505225C37315,  59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ]  C:\WINDOWS\system32\services.exe
11:51:17.0500 0x17c0  [ Global ] - ok
11:51:17.0500 0x17c0  ================ Scan MBR ==================================
11:51:17.0515 0x17c0  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
11:51:18.0078 0x17c0  \Device\Harddisk0\DR0 - ok
11:51:18.0078 0x17c0  ================ Scan VBR ==================================
11:51:18.0078 0x17c0  [ EFD80DF9E18F828503F33EB6FF570D82 ] \Device\Harddisk0\DR0\Partition1
11:51:18.0093 0x17c0  \Device\Harddisk0\DR0\Partition1 - ok
11:51:18.0093 0x17c0  Waiting for KSN requests completion. In queue: 214
11:51:19.0093 0x17c0  Waiting for KSN requests completion. In queue: 214
11:51:20.0093 0x17c0  Waiting for KSN requests completion. In queue: 183
11:51:21.0093 0x17c0  Waiting for KSN requests completion. In queue: 183
11:51:22.0093 0x17c0  Waiting for KSN requests completion. In queue: 156
11:51:23.0093 0x17c0  Waiting for KSN requests completion. In queue: 156
11:51:24.0093 0x17c0  Waiting for KSN requests completion. In queue: 124
11:51:25.0093 0x17c0  Waiting for KSN requests completion. In queue: 124
11:51:26.0093 0x17c0  Waiting for KSN requests completion. In queue: 124
11:51:27.0093 0x17c0  Waiting for KSN requests completion. In queue: 124
11:51:28.0093 0x17c0  Waiting for KSN requests completion. In queue: 97
11:51:29.0093 0x17c0  Waiting for KSN requests completion. In queue: 97
11:51:30.0093 0x17c0  Waiting for KSN requests completion. In queue: 97
11:51:31.0093 0x17c0  Waiting for KSN requests completion. In queue: 97
11:51:32.0093 0x17c0  Waiting for KSN requests completion. In queue: 70
11:51:33.0093 0x17c0  Waiting for KSN requests completion. In queue: 70
11:51:34.0093 0x17c0  Waiting for KSN requests completion. In queue: 43
11:51:35.0093 0x17c0  Waiting for KSN requests completion. In queue: 43
11:51:36.0093 0x17c0  Waiting for KSN requests completion. In queue: 16
11:51:37.0093 0x17c0  Waiting for KSN requests completion. In queue: 16
11:51:38.0093 0x17c0  Waiting for KSN requests completion. In queue: 16
11:51:39.0093 0x17c0  Waiting for KSN requests completion. In queue: 16
11:51:40.0218 0x17c0  AV detected via SS1: Emsisoft Anti-Malware, 7, enabled, updated
11:51:40.0234 0x17c0  FW detected via SS1: Privatefirewall, 7.0, enabled
11:52:00.0234 0x17c0  ============================================================
11:52:00.0234 0x17c0  Scan finished
11:52:00.0234 0x17c0  ============================================================
11:52:00.0234 0x168c  Detected object count: 0
11:52:00.0234 0x168c  Actual detected object count: 0
11:53:45.0500 0x0598  Deinitialize success


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 26 March 2014 - 03:54 AM

This tool compared the MD5 hash of your boot sector code with the standard for your installed os.

There was nothing harmful found. Rootkit scanners often provides so caleld false positives.

 

Let´s see if any file on your computer is suspicious:

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Riemenschneid

Riemenschneid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 27 March 2014 - 07:38 PM

below *** is the eset online scan log.  it found 3, really 2, potential and 1 of 2 is false +.
apt.exe is File Description= Advanced Process Termination by 
CompanyName= DiamondCS version 4.20 circa 2007
Md5=  b609dc3c0a388cd2515f93fa121013ba
diamondcs used to have the best trojan detection app, and app called process guard, but they ceased some years ago.
this app gets a bad score at virustotal because of its ability to kill running processes, but it only runs when I want it to, does not go online.  I rarely use it.
as for the bundled toolbar in speccy setup v1.24, I'm sure I never let toolbar install, and I can delete it, don't need that file. 
and that file scans ok in eam, mbam & hmp and interesting at virustotal it gets 1 hit /51 and only "detection" is eset:
ESET-NOD32 9597 Win32/Bundled.Toolbar.Google.D
I wiped it.
 
***
C:\Documents and Settings\..\My Documents\tp_DL\tp_ccleaner\tp_speccy\spsetup124.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Program Files\quick_utilities_c\apt.exe Win32/APT potentially unsafe application
C:\quick_utilities\apt.exe Win32/APT potentially unsafe application


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 28 March 2014 - 04:48 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Riemenschneid

Riemenschneid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 28 March 2014 - 08:42 AM

one question (comment) before I run adwcleaner. I ran v3.021 the other day and it found

***** [ Registry ] *****
Key Found : HKCU\Software\caphyon
 
but then almost immediately saw updated version 3.022 and scanned with it and it did not find the above key as malware. that could mean that newest version was correcting false + ??  Any idea? (obviously I did not clean with v3.021 -- the detection is not found with 3.022)  I will run 3.022 again.
 
I have never run JRT but will later today or weekend, and I have run securitycheck in the distant past, so I'll get a copy and run that too. 


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 28 March 2014 - 09:19 AM

AdwCleaner is no malware removal tool - it just detects and removes traces of potentially unwanted toolbars and other crap.

If a line is not detected within newer version, the tool´s autor might have identified it as a false positive and therefore removed it from being detected.

 

No worries! :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Riemenschneid

Riemenschneid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 28 March 2014 - 06:05 PM

yes thanks for adwcleaner answer, I tracked down that key and it referred to backup software distributed with Western Digital external hdd.

so the newer version 3.022 got it right by not detecting it.

here comes jrt log next did not find much, a few entries related to firefox, my wife's browser, I mostly use Dragon in SBIE.

will run securitycheck a little later... I have a good idea what's running and what's up to date security_wise...

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by **** on Fri 03/28/2014 at 16:43:17.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Documents and Settings\olga\Applicati
on Data\mozilla\firefox\profiles\5y7ledxm.default\prefs.js
 
user_pref("extensions.TrafficLightSettings.an", "1");
user_pref("extensions.TrafficLightSettings.date", "1 January 2014");
user_pref("extensions.TrafficLightSettings.firstTime", "3");
user_pref("extensions.TrafficLightSettings.ls_social", "1");
user_pref("extensions.TrafficLightSettings.ph_sign", "/*************************
***************************************************************\r\n*************
***************
Emptied folder: C:\Documents and Settings\olga\Application Data\mozilla\firefox\
profiles\5y7ledxm.default\minidumps [4 files]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/28/2014 at 17:17:08.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 Riemenschneid

Riemenschneid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 30 March 2014 - 11:56 PM

I ran securitycheck at your request, report below.  I also ran roguekiller (seems like good app) and it reported same as aswMBR re Vista MBR Code, and scan reported OK!  I just asked them about Vista MBR Code on XP, no reply yet.

 

Results of screen317's Security Check version 0.99.81  
 Windows XP Service Pack 3 x86 (UAC is enabled)  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Emsisoft Anti-Malware   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 WinPatrol 
 Out of date HijackThis  installed! 
 SpywareBlaster 5.0    
 NoVirusThanks Anti-Rootkit (Free Edition) v1.2 
 Sophos Anti-Rootkit 1.5.20   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 HijackThis 1.99.1    
 CCleaner     
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.44  
 Adobe Reader XI  
 Mozilla Firefox (28.0) 
 Mozilla Thunderbird (24.4.0) 
 Google Chrome 29.0.1547.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe is disabled! 
 Privatefirewall 6.1 pfsvc.exe  
 NoVirusThanks EXE Radar Pro ERPx86Svc.exe  
 NoVirusThanks PE Dropper Monitor PDMx86Svc.exe  
 NoVirusThanks PE Dropper Monitor PDM.exe  
 NoVirusThanks EXE Radar Pro EXERadar.exe  
 Emsisoft Anti-Malware a2service.exe   
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 emsisoft anti-malware a2guard.exe   
 Malwarebytes Anti-Exploit mbae.exe   
 Privacyware Privatefirewall 7.0 PFGUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 1% 
````````````````````End of Log`````````````````````` 


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 31 March 2014 - 03:12 AM

Your system is clean! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Riemenschneid

Riemenschneid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 31 March 2014 - 11:47 PM

>>Your system is clean! :) <<
 
Perhaps, but no one has explained to me why both aswMBR and roguekiller report that XP's MBR scans as "Vista MBR Code" as well as NVT_ark warning that my MBR may have a modification caused by an infection.  running security scans was good, but it seems unlikely that 3 independent scanners see an issue with my MBR, ie, that is merely a false+ glitch.  In addition, roguekiller reports 2 hooks as unknown.  all other hooks are known hooked by privatefirewall or appguard.
[Inline] SSDT[199] : NtRequestPort @ 0x805E6B17 -> HOOKED (Unknown @ 0xAA0E9480)
[Inline] SSDT[200] : NtRequestWaitReplyPort @ 0x8057D153 -> HOOKED (Unknown @ 0xAA0E9520)
 
So I have an anomaly with MBR and 2 unknown hooks.  I might be clean, but not understanding these items does not equal clean for me.  as to MBR, roguekiller reports
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD080HJ/P +++++
--- User ---
[MBR] 9e5a3338fd49a29539ca0823af185ed8
[BSP] 3ebac4f80b728b9bb0d90ddabdeeaaf2 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76291 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
So far no reply from roguekiller support re this.
 
 


#13 Riemenschneid

Riemenschneid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 01 April 2014 - 12:05 AM

reply2  / >>In any case please download delfix to your desktop.<<

 

...and delfix is NOT available at Bleeping to download?  And virustotal reports it with 4 malware hits out of 51 scanners.  I'm pretty sure I cleaned up after myself as I ran above security scans.



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 01 April 2014 - 03:09 AM

OK, then let´s check your MBR copy again:

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

When finished, check this MBR.dat with VirusTotal and provide the link.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:39 PM

Posted 09 April 2014 - 03:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users