Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVC & DLLHost High memory usage, IE slow & freezes, Wave volume lowers 2-5 mins


  • This topic is locked This topic is locked
27 replies to this topic

#1 Sacred Nymphaea

Sacred Nymphaea

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:14 AM

Posted 26 July 2014 - 05:14 PM

Hello :)  So I have a few issues....

 

1. Computer running slow and lagging a lot

2. SVC Host high memory usage

3. DLLHost high memory usage

4. MBAM stops multiple sources from entering through it's firewall 3-5 times every hour

5. Wave volume lowers automatically every 2-5 minutes

6. Internet Explorer freezes regularly and lags often to the point that it needs to be shut down

7. Can not have more then one instance of Internet Explorer running nor multiple tabs.

 

So I have tried following the instructions in the other forum on how to speed the internet up and your computer, but I belive I only made things worse.

 

I have run Mbam, Norton, Eset, Roguekiller and a few other antivirus/maleware detectors. They found a few viruses. Eset repeatedly would send up a notification stating SVCHost.exe was a trojan.... however when I scanned it would never detect more then that. I would quarantine and then it would come back a little later. I am still having issues so I am assuming there are still some left. Any assistance would be great. 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by mmmm at 16:12:55 on 2014-07-26
#Option Extended Search is enabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.510.41 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
mStart Page = google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_13_0_0_214_ActiveX.exe -update activex
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [UserFaultCheck] c:\windows\system32\dumprep 0 -u
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146094258312
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 24.217.0.5 24.178.162.3 24.247.15.53
TCP: Interfaces\{045B8A79-B6A1-445C-A95C-55B84C3BE94A} : DHCPNameServer = 24.217.0.5 24.217.0.55 24.217.1.162
TCP: Interfaces\{B784E613-94BD-4976-B670-217637DE28AD} : DHCPNameServer = 24.217.0.5 24.178.162.3 24.247.15.53
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 60 ================
.
2014-07-26 21:12:31 -------- d-sh--w- c:\documents and settings\mmmm\IECompatCache
2014-07-15 23:18:20 -------- d-----w- C:\1295e09038cb3d089e3d36
2014-07-15 23:16:55 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-15 23:16:55 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-15 23:16:55 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-12 17:52:09 -------- d-----w- c:\documents and settings\mmmm\local settings\application data\NPE
2014-07-07 23:32:48 -------- d-----w- c:\documents and settings\mmmm\local settings\application data\ESET
2014-06-16 01:02:45 -------- d-----w- c:\program files\ESET
2014-06-16 00:57:33 -------- d-----w- C:\TDSSKiller_Quarantine
2014-06-12 01:04:58 -------- d-----w- C:\ComboFix
2014-06-11 23:24:16 -------- d-----w- c:\documents and settings\all users\application data\SparkTrust
2014-06-06 02:57:40 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-06 02:53:07 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-06-06 02:53:05 -------- d-----w- C:\Documents
2014-06-06 02:52:57 -------- d-----w- c:\documents and settings\all users\application data\RogueKiller
2014-06-06 02:43:46 -------- d-----w- C:\AdwCleaner
2014-06-05 03:06:12 -------- d-----w- c:\documents and settings\all users\application data\Licenses
2014-06-05 02:27:06 -------- d-----w- c:\documents and settings\mmmm\local settings\application data\PTPdrive
2014-06-05 02:06:19 -------- d-----w- c:\documents and settings\mmmm\application data\ElevatedDiagnostics
2014-06-05 01:40:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2014-06-05 01:40:36 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find6M  ====================
.
2014-07-26 17:42:39 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-06-05 02:03:32 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-05 02:03:28 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-01 03:46:48 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-04-01 03:46:48 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:59:22 11113472 ----a-w- c:\windows\system32\ieframe(2).dll
2014-03-06 00:46:54 385024 ------w- c:\windows\system32\html.iec
2014-03-04 01:27:24 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-04 01:27:17 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-02-26 01:59:05 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet(4).dll
2014-02-24 11:46:25 1216000 ----a-w- c:\windows\system32\urlmon(4).dll
2014-02-24 11:46:19 105984 ----a-w- c:\windows\system32\url(4).dll
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
.
============= FINISH: 16:26:31.51 ===============
 

Attached Files


Edited by Sacred Nymphaea, 26 July 2014 - 06:09 PM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 AM

Posted 31 July 2014 - 10:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===


Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM

Let me know what problem persists.

#3 Sacred Nymphaea

Sacred Nymphaea
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:14 AM

Posted 01 August 2014 - 06:52 PM

Hello Nasdaq!

 

Thank you for assisting me.

 

So I disabled my anti-virus program, as you requested and then ran combofix....

 

It never asked to install windows recovery console. It extracts and then backs-up my registery using erunt. It also tried to create a restore point. I am not sure if it was sucessful.

 

It began it's scan... at 6:30am this morning and looks like it still has not finished. I have been gone all day and just let it run. This seems like an extremely long time for it to need to run. Much longer then the 10 minutes it claims that it usually takes. 

 

Is there anything you would like me to do .... or should I just leave it be until it finishes?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 AM

Posted 02 August 2014 - 07:38 AM

Close the process in the Task Manager.

Restart the computer normally.

Run ComboFix one more time. Let it run no more than 1 hour.

Close the process again if not finished.

===

If you do not have a ComboFix log to post, run this tool.



Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.

OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.
===

#5 Sacred Nymphaea

Sacred Nymphaea
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:14 AM

Posted 04 August 2014 - 06:24 PM

Combo Fix

ComboFix 14-07-31.02 - mmmm 08/02/2014   3:40.5.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.510.202 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-02 to 2014-08-02  )))))))))))))))))))))))))))))))
.
.
2014-08-01 02:38 . 2014-08-01 02:38 -------- d-----w- c:\windows\system32\wbem\Repository
2014-08-01 02:37 . 2014-08-01 02:37 -------- d-----w- C:\736f1b369c4a373204988363
2014-08-01 02:36 . 2014-08-01 02:36 -------- d-----w- C:\1295e09038cb3d089e3d36
2014-08-01 02:31 . 2014-08-01 02:36 -------- d-----w- C:\32788R22FWJFW(2)
2014-07-29 01:48 . 2014-07-29 01:48 -------- d-----w- c:\program files\Tweaking.com
2014-07-29 01:48 . 2014-07-29 01:48 -------- d-----w- C:\EEK
2014-07-28 02:42 . 2014-07-28 02:43 35904 ----a-w- c:\windows\system32\drivers\ive96qrk.sys
2014-07-28 02:28 . 2014-07-28 02:28 -------- d-----w- c:\program files\NT Registry Optimizer
2014-07-26 21:12 . 2014-07-26 21:12 -------- d-sh--w- c:\documents and settings\mmmm\IECompatCache
2014-07-15 23:16 . 2014-07-15 23:17 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-15 23:16 . 2014-05-12 12:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-15 23:16 . 2014-05-12 12:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-12 17:52 . 2014-07-12 18:45 -------- d-----w- c:\documents and settings\mmmm\Local Settings\Application Data\NPE
2014-07-10 23:55 . 2014-07-10 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2014-07-07 23:32 . 2014-07-07 23:32 -------- d-----w- c:\documents and settings\mmmm\Local Settings\Application Data\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-29 21:27 . 2014-01-20 13:55 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-06-10 01:24 . 2014-06-06 02:53 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-06-05 02:03 . 2013-03-31 19:40 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-05 02:03 . 2013-03-31 19:40 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[-] 2008-04-13 18:40 . 29CCBE8684D7DCBC533C3796798F0C87 . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\downloads\EmsisoftEmergencyKit\Run\a2ddax86.sys [7/28/2014 8:48 PM 22056]
R1 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [3/27/2010 7:38 AM 84224]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [11/20/2010 12:09 PM 22312]
R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [6/14/2011 10:41 PM 140848]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 9:15 AM 172192]
S3 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe [10/11/2005 12:51 PM 49152]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [10/11/2005 12:41 PM 140416]
S3 cleanhlp;cleanhlp;c:\downloads\EmsisoftEmergencyKit\Run\cleanhlp32.sys [7/28/2014 8:48 PM 50200]
S3 DokanMounter;DokanMounter;c:\program files\PTPdrive\dokan_mounter.exe [3/27/2010 11:04 AM 20992]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/12/2014 11:36 AM 109872]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2/5/2010 8:21 PM 18560]
S3 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/14/2011 10:38 PM 821080]
S3 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [7/9/2010 12:40 PM 65856]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/14/2011 10:39 PM 30368]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/14/2011 10:39 PM 16080]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/14/2011 10:39 PM 239472]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-18 01:35 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-31 02:04]
.
2014-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:29]
.
2014-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 19:29]
.
2014-08-01 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
2014-07-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
2014-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1584477892-1262171638-3864462318-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2014-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1584477892-1262171638-3864462318-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2014-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1584477892-1262171638-3864462318-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2014-07-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1584477892-1262171638-3864462318-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2014-07-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1584477892-1262171638-3864462318-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2014-07-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1584477892-1262171638-3864462318-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
2014-08-01 c:\windows\Tasks\User_Feed_Synchronization-{55E747E0-6B05-4979-BA03-0209C53EE3E2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 24.217.0.5 24.178.162.3 24.247.15.53
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
SafeBoot-52463626.sys
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
AddRemove-Eusing Free Registry Cleaner - c:\progra~1\EUSING~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-02 05:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(49980)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-08-02  06:31:51
ComboFix-quarantined-files.txt  2014-08-02 11:30
ComboFix2.txt  2014-06-12 02:44
ComboFix3.txt  2014-06-10 11:39
ComboFix4.txt  2010-02-09 08:03
.
Pre-Run: 34,684,637,184 bytes free
Post-Run: 34,537,410,560 bytes free
.
- - End Of File - - 71D45C721A4F14CDD47133E3A92C31EA
B16A2359F4962B0C622D81A1C1F4B703
 

 

 

Farbar

 

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:2-08-2014
Ran by mmmm (administrator) on JOE on 04-08-2014 18:17:50
Running from C:\downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

 

 

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1584477892-1262171638-3864462318-1010\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.)
HKU\S-1-5-21-1584477892-1262171638-3864462318-1010\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-04-06] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
SearchScopes: HKCU - DefaultScope {F3FCDCF8-EEBE-43A8-AE76-24DC07C946C1} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {F3FCDCF8-EEBE-43A8-AE76-24DC07C946C1} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=668083&p={searchTerms}
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146094258312
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 24.217.0.5 24.178.162.3 24.247.15.53

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-28]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR StartupUrls: "hxxp://www.google.com/"

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Belkin 54g Wireless USB Network Adapter Service; C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [49152 2004-03-29] () [File not signed]
S3 DokanMounter; C:\Program Files\PTPdrive\dokan_mounter.exe [20992 2010-03-27] () [File not signed]
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
S3 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [821080 2011-06-01] (IObit)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation) [File not signed]
S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed]
S3 usprserv; C:\WINDOWS\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
S3 ACDaemon; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\DOWNLOADS\EMSISOFTEMERGENCYKIT\RUN\a2ddax86.sys [22056 2014-07-28] (Emsisoft GmbH)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation)
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] () [File not signed]
S3 bkn50USB; C:\WINDOWS\System32\DRIVERS\rt2500usb.sys [140416 2004-07-16] (Ralink Technology Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cleanhlp; C:\downloads\EmsisoftEmergencyKit\Run\cleanhlp32.sys [50200 2014-07-28] (Emsisoft GmbH)
R1 Dokan; C:\WINDOWS\system32\drivers\dokan.sys [84224 2010-03-27] (Windows ® Win 7 DDK provider) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [87488 2004-12-01] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions) [File not signed]
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-07-11] (Symantec Corporation)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-07-11] (Symantec Corporation)
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [239472 2011-04-27] ()
S3 FlyUsb; C:\WINDOWS\System32\DRIVERS\FlyUsb.sys [18560 2009-11-10] (LeapFrog)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
S3 GTNDIS5; C:\WINDOWS\system32\GTNDIS5.SYS [15872 2003-09-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 PfFilter; C:\Program Files\IObit\Protected Folder\pffilter.sys [140848 2011-03-16] (IObit Information Technology)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [30368 2011-03-23] (IObit.com)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions) [File not signed]
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [16080 2011-03-23] (IObit.com)
S3 catchme; \??\C:\DOCUME~1\mmmm\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S4 sptd; System32\Drivers\sptd.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 18:17 - 2014-08-04 18:17 - 00000000 ____D () C:\FRST
2014-08-02 06:33 - 2014-08-03 18:12 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-02 06:33 - 2014-08-02 06:33 - 00000000 ____D () C:\Documents and Settings\Nymphaea\Local Settings\temp
2014-08-02 06:33 - 2014-08-02 06:33 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-02 06:33 - 2014-08-02 06:33 - 00000000 ____D () C:\Documents and Settings\Joe Young\Local Settings\temp
2014-08-02 06:33 - 2014-08-02 06:33 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-08-02 06:33 - 2014-08-02 06:33 - 00000000 ____D () C:\Documents and Settings\Chance\Local Settings\temp
2014-08-02 06:33 - 2014-08-02 06:33 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-02 06:32 - 2014-08-02 06:32 - 00012673 _____ () C:\ComboFix.txt
2014-07-31 21:37 - 2014-07-31 21:37 - 00000000 ____D () C:\736f1b369c4a373204988363
2014-07-31 21:36 - 2014-07-31 21:36 - 00000000 ____D () C:\1295e09038cb3d089e3d36
2014-07-31 21:35 - 2014-07-31 21:37 - 00000000 ____D () C:\ComboFix(2)
2014-07-31 21:31 - 2014-07-31 21:36 - 00000000 ____D () C:\32788R22FWJFW(2)
2014-07-28 21:14 - 2014-07-28 21:14 - 00001812 _____ () C:\Documents and Settings\mmmm\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-07-28 21:11 - 2014-07-28 21:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-07-28 20:48 - 2014-07-28 20:48 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-07-28 20:48 - 2014-07-28 20:48 - 00000000 ____D () C:\EEK
2014-07-28 20:48 - 2014-07-28 20:48 - 00000000 ____D () C:\Documents and Settings\mmmm\Application Data\WinRAR
2014-07-28 10:47 - 2014-07-28 10:48 - 00065536 _____ () C:\WINDOWS\Minidump\Mini072814-01.dmp
2014-07-28 10:47 - 2014-07-28 10:47 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-27 21:42 - 2014-07-27 21:43 - 00035904 _____ (VirusBlokAda Ltd.) C:\WINDOWS\system32\Drivers\ive96qrk.sys
2014-07-27 21:32 - 2014-07-27 21:32 - 00000000 ____H () C:\Documents and Settings\NetworkService\NTUSER.tmp.LOG
2014-07-27 21:32 - 2014-07-27 21:32 - 00000000 ____H () C:\Documents and Settings\mmmm\ntuser.tmp.LOG
2014-07-27 21:32 - 2014-07-27 21:32 - 00000000 ____H () C:\Documents and Settings\LocalService\ntuser.tmp.LOG
2014-07-27 21:28 - 2014-07-27 21:28 - 00000695 _____ () C:\Documents and Settings\mmmm\Desktop\NTREGOPT.lnk
2014-07-27 21:28 - 2014-07-27 21:28 - 00000000 ____D () C:\Program Files\NT Registry Optimizer
2014-07-27 21:28 - 2014-07-27 21:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\NT Registry Optimizer
2014-07-27 21:16 - 2014-07-27 21:18 - 00033091 _____ () C:\Documents and Settings\mmmm\Desktop\Result.txt
2014-07-27 21:07 - 2014-07-27 21:07 - 00001870 _____ () C:\sc-cleaner.txt
2014-07-26 16:33 - 2014-07-26 16:36 - 00009596 _____ () C:\Documents and Settings\mmmm\Desktop\dds.txt
2014-07-26 16:33 - 2014-07-26 16:35 - 00014457 _____ () C:\Documents and Settings\mmmm\Desktop\attach.txt
2014-07-26 16:12 - 2014-07-26 16:12 - 00000000 __SHD () C:\Documents and Settings\mmmm\IECompatCache
2014-07-17 20:20 - 2014-07-17 20:20 - 00010318 _____ () C:\Documents and Settings\mmmm\My Documents\dds.txt
2014-07-15 18:17 - 2014-07-15 18:17 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-15 18:17 - 2014-07-15 18:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 18:16 - 2014-07-15 18:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 18:16 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-15 18:16 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-12 12:52 - 2014-07-12 13:45 - 00000000 ____D () C:\Documents and Settings\mmmm\Local Settings\Application Data\NPE
2014-07-10 18:55 - 2014-07-10 18:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ESET
2014-07-07 18:32 - 2014-07-07 18:32 - 00000000 ____D () C:\Documents and Settings\mmmm\Local Settings\Application Data\ESET

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-04 18:20 - 2011-06-13 21:13 - 00000428 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{55E747E0-6B05-4979-BA03-0209C53EE3E2}.job
2014-08-04 18:18 - 2010-10-27 18:11 - 00000000 ____D () C:\Documents and Settings\mmmm\Local Settings\temp
2014-08-04 18:17 - 2014-08-04 18:17 - 00000000 ____D () C:\FRST
2014-08-04 18:14 - 2004-08-10 13:02 - 02014607 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 18:13 - 2014-06-03 22:16 - 00063042 _____ () C:\WINDOWS\setupapi.log
2014-08-04 18:12 - 2014-06-03 20:28 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-04 18:11 - 2014-06-03 20:24 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-08-04 18:11 - 2014-03-23 11:14 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-04 18:11 - 2013-06-25 19:30 - 00000280 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1584477892-1262171638-3864462318-1008.job
2014-08-04 18:11 - 2013-05-17 08:49 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1584477892-1262171638-3864462318-1006.job
2014-08-04 18:11 - 2012-07-18 18:02 - 00000284 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1584477892-1262171638-3864462318-1009.job
2014-08-04 18:11 - 2004-08-10 12:51 - 00013770 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-04 18:10 - 2004-08-10 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-04 18:09 - 2004-08-10 13:08 - 00032568 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-04 18:07 - 2010-10-27 18:11 - 00000178 ___SH () C:\Documents and Settings\mmmm\ntuser.ini
2014-08-04 13:39 - 2011-06-11 19:04 - 00000292 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1584477892-1262171638-3864462318-1009.job
2014-08-03 18:12 - 2014-08-02 06:33 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-02 06:34 - 2010-02-09 02:38 - 00000000 ____D () C:\Qoobox
2014-08-02 06:33 - 2014-08-02 06:33 - 00000000 ____D () C:\Documents and Settings\Nymphaea\Local Settings\temp
2014-08-02 06:33 - 2014-08-02 06:33 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-08-02 06:33 - 2014-08-02 06:33 - 00000000 ____D () C:\Documents and Settings\Joe Young\Local Settings\temp
2014-08-02 06:33 - 2014-08-02 06:33 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-08-02 06:33 - 2014-08-02 06:33 - 00000000 ____D () C:\Documents and Settings\Chance\Local Settings\temp
2014-08-02 06:33 - 2014-08-02 06:33 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-02 06:32 - 2014-08-02 06:32 - 00012673 _____ () C:\ComboFix.txt
2014-08-02 05:44 - 2004-08-10 12:51 - 00000246 _____ () C:\WINDOWS\system.ini
2014-07-31 21:38 - 2010-10-27 18:11 - 00000000 ____D () C:\Documents and Settings\mmmm
2014-07-31 21:38 - 2009-12-29 15:28 - 00000000 ____D () C:\Documents and Settings\Chance
2014-07-31 21:38 - 2009-12-24 23:10 - 00000000 ____D () C:\Documents and Settings\Nymphaea
2014-07-31 21:38 - 2005-12-12 22:35 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-07-31 21:38 - 2005-10-10 15:33 - 00000000 ____D () C:\Documents and Settings\Joe Young
2014-07-31 21:38 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2014-07-31 21:37 - 2014-07-31 21:37 - 00000000 ____D () C:\736f1b369c4a373204988363
2014-07-31 21:37 - 2014-07-31 21:35 - 00000000 ____D () C:\ComboFix(2)
2014-07-31 21:36 - 2014-07-31 21:36 - 00000000 ____D () C:\1295e09038cb3d089e3d36
2014-07-31 21:36 - 2014-07-31 21:31 - 00000000 ____D () C:\32788R22FWJFW(2)
2014-07-31 21:25 - 2010-10-27 18:14 - 00000000 ____D () C:\Documents and Settings\mmmm\Local Settings\Application Data\Google
2014-07-29 19:41 - 2012-06-17 18:22 - 00000294 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1584477892-1262171638-3864462318-1006.job
2014-07-29 19:30 - 2012-12-05 21:14 - 00000288 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1584477892-1262171638-3864462318-1008.job
2014-07-29 16:27 - 2014-01-20 08:55 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-07-28 21:14 - 2014-07-28 21:14 - 00001812 _____ () C:\Documents and Settings\mmmm\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-07-28 21:11 - 2014-07-28 21:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-07-28 20:48 - 2014-07-28 20:48 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-07-28 20:48 - 2014-07-28 20:48 - 00000000 ____D () C:\EEK
2014-07-28 20:48 - 2014-07-28 20:48 - 00000000 ____D () C:\Documents and Settings\mmmm\Application Data\WinRAR
2014-07-28 10:48 - 2014-07-28 10:47 - 00065536 _____ () C:\WINDOWS\Minidump\Mini072814-01.dmp
2014-07-28 10:47 - 2014-07-28 10:47 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-28 10:47 - 2005-10-07 01:52 - 186236928 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-27 21:43 - 2014-07-27 21:42 - 00035904 _____ (VirusBlokAda Ltd.) C:\WINDOWS\system32\Drivers\ive96qrk.sys
2014-07-27 21:32 - 2014-07-27 21:32 - 00000000 ____H () C:\Documents and Settings\NetworkService\NTUSER.tmp.LOG
2014-07-27 21:32 - 2014-07-27 21:32 - 00000000 ____H () C:\Documents and Settings\mmmm\ntuser.tmp.LOG
2014-07-27 21:32 - 2014-07-27 21:32 - 00000000 ____H () C:\Documents and Settings\LocalService\ntuser.tmp.LOG
2014-07-27 21:32 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-07-27 21:32 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-07-27 21:28 - 2014-07-27 21:28 - 00000695 _____ () C:\Documents and Settings\mmmm\Desktop\NTREGOPT.lnk
2014-07-27 21:28 - 2014-07-27 21:28 - 00000000 ____D () C:\Program Files\NT Registry Optimizer
2014-07-27 21:28 - 2014-07-27 21:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\NT Registry Optimizer
2014-07-27 21:18 - 2014-07-27 21:16 - 00033091 _____ () C:\Documents and Settings\mmmm\Desktop\Result.txt
2014-07-27 21:07 - 2014-07-27 21:07 - 00001870 _____ () C:\sc-cleaner.txt
2014-07-26 16:36 - 2014-07-26 16:33 - 00009596 _____ () C:\Documents and Settings\mmmm\Desktop\dds.txt
2014-07-26 16:35 - 2014-07-26 16:33 - 00014457 _____ () C:\Documents and Settings\mmmm\Desktop\attach.txt
2014-07-26 16:12 - 2014-07-26 16:12 - 00000000 __SHD () C:\Documents and Settings\mmmm\IECompatCache
2014-07-24 20:15 - 2005-10-07 08:47 - 06291456 _____ () C:\WINDOWS\system32\config\SYSTEM.bak
2014-07-24 20:14 - 2014-06-01 22:30 - 00434176 _____ () C:\Documents and Settings\LocalService\ntuser.bak
2014-07-24 20:14 - 2005-10-07 08:52 - 53067776 _____ () C:\WINDOWS\system32\config\SOFTWARE.bak
2014-07-24 20:14 - 2004-08-10 20:08 - 00434176 _____ () C:\Documents and Settings\NetworkService\NTUSER.bak
2014-07-24 20:14 - 2004-08-10 07:57 - 00069632 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-07-24 20:14 - 2004-08-10 07:57 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-07-24 20:14 - 2004-08-10 07:56 - 00507904 _____ () C:\WINDOWS\system32\config\DEFAULT.bak
2014-07-24 20:13 - 2010-10-27 18:11 - 04718592 _____ () C:\Documents and Settings\mmmm\ntuser.bak
2014-07-20 22:55 - 2010-02-08 16:58 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-20 21:07 - 2004-08-10 13:08 - 00000042 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2014-07-17 20:20 - 2014-07-17 20:20 - 00010318 _____ () C:\Documents and Settings\mmmm\My Documents\dds.txt
2014-07-15 18:17 - 2014-07-15 18:17 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-15 18:17 - 2014-07-15 18:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 18:17 - 2014-07-15 18:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 18:16 - 2009-04-06 15:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-07-14 21:38 - 2010-10-27 18:13 - 00105056 _____ () C:\Documents and Settings\mmmm\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-07-14 21:21 - 2009-09-12 06:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-07-14 21:05 - 2005-10-07 02:14 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-07-12 15:59 - 2009-12-24 23:10 - 00000178 ___SH () C:\Documents and Settings\Nymphaea\ntuser.ini
2014-07-12 13:45 - 2014-07-12 12:52 - 00000000 ____D () C:\Documents and Settings\mmmm\Local Settings\Application Data\NPE
2014-07-12 13:36 - 2005-10-07 01:51 - 00000281 __RSH () C:\boot.ini
2014-07-12 13:00 - 2004-08-10 12:57 - 03699272 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-10 18:55 - 2014-07-10 18:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ESET
2014-07-10 18:34 - 2014-06-15 20:02 - 00000000 ____D () C:\Program Files\ESET
2014-07-10 18:03 - 2014-06-03 22:16 - 00000150 _____ () C:\WINDOWS\setupact.log
2014-07-10 17:46 - 2014-06-18 20:35 - 00000000 ____D () C:\Documents and Settings\mmmm\Desktop\http_91.228.166.16
2014-07-09 21:23 - 2014-01-19 04:03 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 21:16 - 2009-11-19 11:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-07-08 19:29 - 2009-12-29 15:28 - 00000178 ___SH () C:\Documents and Settings\Chance\ntuser.ini
2014-07-08 15:00 - 2014-03-23 11:14 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-07 18:32 - 2014-07-07 18:32 - 00000000 ____D () C:\Documents and Settings\mmmm\Local Settings\Application Data\ESET

Files to move or delete:
====================
C:\Documents and Settings\All Users\hash.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

Addition

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:2-08-2014
Ran by mmmm at 2014-08-04 18:20:20
Running from C:\downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7300_Help (Version: 47.0.1.000 - Hewlett-Packard) Hidden
7300Trb (Version: 47.0.1.000 - Hewlett-Packard) Hidden
7400 (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.0.19480 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Adobe® Photoshop® Album Starter Edition 3.0 (HKLM\...\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}) (Version: 3.00.000 - Adobe Systems, Inc.)
AiO_Scan (Version: 47.0.1.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Aquaria (HKLM\...\Aquaria) (Version:  - )
Belkin 54g USB Network Adapter (HKLM\...\{FF20F6D2-28E0-43FF-8A49-E69D07B12224}) (Version:  - )
BufferChm (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CalyxLoanBridge11 (HKLM\...\{192A3445-56FC-47B3-B706-17D599E3B630}) (Version: 1.1 - Calyx Software)
Copy (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CP_AtenaShokunin1Config (Version: 45.4.131.000 - Hewlett-Packard) Hidden
cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version:  - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Picture Studio v3.0 (HKLM\...\{AF06CAE4-C134-44B1-B699-14FBDB63BD37}) (Version: 3.0.0 - Jasc Software, Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3062 - Dell)
Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
DocProc (Version: 4.5.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 45.4.157.000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Fax (Version: 47.0.1.000 - Hewlett-Packard) Hidden
File Shredder 2.0 (HKLM\...\File Shredder_is1) (Version:  - WipeSoft)
GdiplusUpgrade (Version: 1.00.01 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 32.0.1700.76 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.21.145 - Google Inc.) Hidden
GTK+ Runtime 2.6.9 rev a (remove only) (HKLM\...\GTK 2.0) (Version:  - )
HP Product Assistant (Version: 2.0.0.0 - Hewlett-Packard) Hidden
HP Software Update (HKLM\...\{15EE79F4-4ED1-4267-9B0F-351009325D7D}) (Version: 3.0.5.001 - HEWLET~1|Hewlett-Packard)
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet Explorer Default Page (Version: 1.00.03 - Dell Inc.) Hidden
IObit Malware Fighter (HKLM\...\IObit Malware Fighter_is1) (Version: 1.0 - IObit)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JumpStart Artist (HKLM\...\JSARTIST) (Version:  - )
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
LiveUpdate Administration Utility (HKLM\...\LUAdmin) (Version:  - )
Macromedia Flash Player (HKLM\...\{0456ebd7-5f67-4ab6-852e-63781e3f389c}) (Version: 7.0.19.0 - Macromedia, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 45.4.158.000 - Hewlett-Packard) Hidden
McKeague Prealgebra 5e (HKLM\...\McKeague Prealgebra 5e) (Version:  - )
Media Player Classic - Home Cinema v. 1.3.1249.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version:  - ) <==== ATTENTION
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
MSN (HKLM\...\MSNINST) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
NTREGOPT 1.1j (HKLM\...\NTREGOPT_is1) (Version:  - Lars Hederer)
PanoStandAlone (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Personalized Learning Center (HKLM\...\Personalized Learning Center) (Version:  - )
PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PrintScreen (Version: 43.1.5.000 - Hewlett-Packard) Hidden
ProductContext (Version: 47.0.1.000 - Hewlett-Packard) Hidden
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.10 - ProtectDisc Software GmbH)
Protected Folder (HKLM\...\Protected Folder_is1) (Version:  - IObit)
PTPdrive (HKLM\...\PTPdrive) (Version:  - Cranking Pixels)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Qualxserve Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.11.0000 - Dell)
QuickBooks Simple Start Special Edition (HKLM\...\{14374619-0900-4056-BA06-C87C900AF9E6}) (Version:  - )
QuickProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Readme (Version: 47.0.1.000 - Hewlett-Packard) Hidden
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scan (Version: 4.5.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 4.5.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Setup (Version: 3.06.134 - Calyx Software) Hidden
SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.3 - Tweaking.com)
TypingMaster (HKLM\...\{5FE09A97-A011-45B6-9016-BB46EB048E93}) (Version: 1.00.0000 - TypingMaster)
TypingMaster Pro (HKLM\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1) (Version: 7.10 - TypingMaster Inc)
Uninstall Dual Mode Camera (HKLM\...\Dual Mode Camera_is1) (Version:  - )
Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Virtools 3D Life Player (HKLM\...\Virtools3DLifePlayer) (Version: 4.0.0.x - Virtools)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.5.0530.0 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 10 (Version: 9.00.3636 - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WordPerfect Office 12 (HKLM\...\{AF19F291-F22F-4798-9662-525305AE9E48}) (Version: 12.01 - Corel Corporation)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Zuma Deluxe RA (HKLM\...\Zuma Deluxe RA) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1584477892-1262171638-3864462318-1010_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1584477892-1262171638-3864462318-1010_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1584477892-1262171638-3864462318-1010_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1584477892-1262171638-3864462318-1010_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1584477892-1262171638-3864462318-1010_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1584477892-1262171638-3864462318-1010_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points  =========================

28-05-2014 22:22:39 System Checkpoint
29-05-2014 23:23:08 System Checkpoint
30-05-2014 23:23:32 System Checkpoint
31-05-2014 23:57:50 System Checkpoint
02-06-2014 03:30:50 System Checkpoint
04-06-2014 01:45:06 Restore Operation
04-06-2014 02:11:05 Restore Operation
04-06-2014 03:06:59 Restore Operation
04-06-2014 08:00:44 Software Distribution Service 3.0
05-06-2014 01:11:05 Removed Driver Support.
05-06-2014 01:30:01 Restore Operation
05-06-2014 08:01:37 Software Distribution Service 3.0
06-06-2014 08:50:10 System Checkpoint
07-06-2014 21:17:27 System Checkpoint
09-06-2014 06:46:17 System Checkpoint
10-06-2014 13:55:09 System Checkpoint
12-06-2014 00:19:44 Removed Google Earth
12-06-2014 08:00:53 Software Distribution Service 3.0
13-06-2014 08:05:54 System Checkpoint
14-06-2014 09:05:48 System Checkpoint
15-06-2014 10:06:51 System Checkpoint
16-06-2014 10:54:05 System Checkpoint
17-06-2014 10:55:08 System Checkpoint
18-06-2014 11:05:48 System Checkpoint
19-06-2014 11:56:45 System Checkpoint
20-06-2014 15:05:12 System Checkpoint
21-06-2014 18:38:54 System Checkpoint
22-06-2014 18:51:26 System Checkpoint
23-06-2014 19:39:34 System Checkpoint
24-06-2014 20:08:41 System Checkpoint
25-06-2014 21:08:44 System Checkpoint
26-06-2014 22:08:41 System Checkpoint
27-06-2014 23:09:48 System Checkpoint
29-06-2014 00:22:13 System Checkpoint
30-06-2014 04:05:11 System Checkpoint
01-07-2014 04:08:51 System Checkpoint
04-07-2014 03:30:02 System Checkpoint
05-07-2014 03:31:46 System Checkpoint
06-07-2014 04:31:49 System Checkpoint
07-07-2014 05:02:00 System Checkpoint
08-07-2014 07:53:00 System Checkpoint
09-07-2014 08:35:46 System Checkpoint
10-07-2014 02:00:57 Software Distribution Service 3.0
10-07-2014 23:33:21 Removed ESET NOD32 Antivirus
12-07-2014 15:10:24 System Checkpoint
12-07-2014 16:26:28 Norton 360 Registry Clean
12-07-2014 17:03:16 Norton 360 Registry Clean
12-07-2014 18:35:52 Norton_Power_Eraser_20140712133533125
16-07-2014 01:03:06 System Checkpoint
17-07-2014 03:32:48 System Checkpoint
18-07-2014 03:34:25 System Checkpoint
19-07-2014 10:10:54 System Checkpoint
20-07-2014 11:15:35 System Checkpoint
21-07-2014 12:13:18 System Checkpoint
23-07-2014 02:34:57 System Checkpoint
24-07-2014 02:52:26 System Checkpoint
25-07-2014 03:19:19 System Checkpoint
26-07-2014 03:20:34 System Checkpoint
27-07-2014 04:45:32 System Checkpoint
28-07-2014 05:19:35 System Checkpoint
29-07-2014 05:53:10 System Checkpoint
30-07-2014 06:52:08 System Checkpoint
31-07-2014 07:52:11 System Checkpoint
01-08-2014 02:34:59 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 12:51 - 2014-06-10 06:18 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1584477892-1262171638-3864462318-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1584477892-1262171638-3864462318-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1584477892-1262171638-3864462318-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1584477892-1262171638-3864462318-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1584477892-1262171638-3864462318-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1584477892-1262171638-3864462318-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{55E747E0-6B05-4979-BA03-0209C53EE3E2}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/02/2014 06:23:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/02/2014 05:44:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/02/2014 05:42:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/02/2014 03:46:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/02/2014 03:37:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [explorer.exe!ws!]

Error: (07/28/2014 09:04:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0002c601.
Processing media-specific event for [svchost.exe!ws!]

Error: (07/28/2014 08:48:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application emsisoftemergencykit.exe, version 0.0.0.0, faulting module emsisoftemergencykit.exe, version 0.0.0.0, fault address 0x000116c9.
Processing media-specific event for [emsisoftemergencykit.exe!ws!]

Error: (07/27/2014 06:16:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dllhost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x00002920.
Processing media-specific event for [dllhost.exe!ws!]

Error: (07/26/2014 07:46:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dllhost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x00002920.
Processing media-specific event for [dllhost.exe!ws!]

Error: (07/26/2014 05:53:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dllhost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0002c601.
Processing media-specific event for [dllhost.exe!ws!]

System errors:
=============
Error: (08/04/2014 06:12:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (08/02/2014 04:49:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/02/2014 04:43:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/02/2014 03:36:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/31/2014 10:01:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/31/2014 09:41:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/31/2014 04:38:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/31/2014 11:53:35 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.100.10 for the Network Card with network address 00132086E9E5 has been
denied by the DHCP server 68.114.37.12 (The DHCP Server sent a DHCPNACK message).

Error: (07/31/2014 11:52:55 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 97.86.12.240 for the Network Card with network address 00132086E9E5 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (07/31/2014 10:13:04 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.100.10 for the Network Card with network address 00132086E9E5 has been
denied by the DHCP server 68.114.37.12 (The DHCP Server sent a DHCPNACK message).

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 67%
Total physical RAM: 509.98 MB
Available physical RAM: 164.42 MB
Total Pagefile: 1378.39 MB
Available Pagefile: 1062.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:71.26 GB) (Free:32.43 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=71 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End Of Log ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 AM

Posted 05 August 2014 - 08:09 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S3 ACDaemon; No ImagePath
S3 catchme; \??\C:\DOCUME~1\mmmm\LOCALS~1\Temp\catchme.sys [X]
S4 sptd; System32\Drivers\sptd.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#7 Sacred Nymphaea

Sacred Nymphaea
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:14 AM

Posted 05 August 2014 - 06:48 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:2-08-2014
Ran by mmmm at 2014-08-05 18:47:18 Run:1
Running from C:\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
SearchScopes: HKCU - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S3 ACDaemon; No ImagePath
S3 catchme; \??\C:\DOCUME~1\mmmm\LOCALS~1\Temp\catchme.sys [X]
S4 sptd; System32\Drivers\sptd.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]

End
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}" => Key deleted successfully.
"HKCR\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}" => Key deleted successfully.
"HKCR\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
ACDaemon => Service deleted successfully.
catchme => Service deleted successfully.
sptd => Service deleted successfully.
wanatw => Service deleted successfully.

==== End of Fixlog ====



#8 Sacred Nymphaea

Sacred Nymphaea
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:14 AM

Posted 05 August 2014 - 07:00 PM

18:54:46.0562 0x0f50 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58

18:54:49.0281 0x0f50 ============================================================

18:54:49.0281 0x0f50 Current date / time: 2014/08/05 18:54:49.0281

18:54:49.0281 0x0f50 SystemInfo:

18:54:49.0281 0x0f50

18:54:49.0281 0x0f50 OS Version: 5.1.2600 ServicePack: 3.0

18:54:49.0281 0x0f50 Product type: Workstation

18:54:49.0281 0x0f50 ComputerName: JOE

18:54:49.0281 0x0f50 UserName: mmmm

18:54:49.0281 0x0f50 Windows directory: C:\WINDOWS

18:54:49.0281 0x0f50 System windows directory: C:\WINDOWS

18:54:49.0281 0x0f50 Processor architecture: Intel x86

18:54:49.0281 0x0f50 Number of processors: 1

18:54:49.0281 0x0f50 Page size: 0x1000

18:54:49.0281 0x0f50 Boot type: Normal boot

18:54:49.0281 0x0f50 ============================================================

18:54:49.0281 0x0f50 BG loaded

18:54:49.0500 0x0f50 System UUID: {F4BF7C66-3C18-2733-12DD-6EC429A2B18E}

18:54:50.0343 0x0f50 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 ( 74.51 Gb ), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044

18:54:50.0343 0x0f50 ============================================================

18:54:50.0343 0x0f50 \Device\Harddisk0\DR0:

18:54:50.0343 0x0f50 MBR partitions:

18:54:50.0343 0x0f50 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8E838D6

18:54:50.0343 0x0f50 ============================================================

18:54:50.0390 0x0f50 C: <-> \Device\Harddisk0\DR0\Partition1

18:54:50.0390 0x0f50 ============================================================

18:54:50.0390 0x0f50 Initialize success

18:54:50.0390 0x0f50 ============================================================

18:54:52.0968 0x0f94 ============================================================

18:54:52.0968 0x0f94 Scan started

18:54:52.0968 0x0f94 Mode: Manual;

18:54:52.0968 0x0f94 ============================================================

18:54:52.0968 0x0f94 KSN ping started

18:54:56.0609 0x0f94 KSN ping finished: true

18:55:02.0843 0x0f94 ================ Scan system memory ========================

18:55:02.0843 0x0f94 System memory - ok

18:55:02.0843 0x0f94 ================ Scan services =============================

18:55:03.0093 0x0f94 [ B0CC0B50441372157F31C4C023D43A3E, A0FCC03588C06E42D3B8465AC7D0F7A909E8CABEEE3C82B3CBD68F150D7692EE ] A2DDA C:\DOWNLOADS\EMSISOFTEMERGENCYKIT\RUN\a2ddax86.sys

18:55:03.0093 0x0f94 A2DDA - ok

18:55:03.0359 0x0f94 Abiosdsk - ok

18:55:03.0375 0x0f94 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

18:55:03.0375 0x0f94 abp480n5 - ok

18:55:03.0421 0x0f94 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:55:03.0437 0x0f94 ACPI - ok

18:55:03.0484 0x0f94 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

18:55:03.0484 0x0f94 ACPIEC - ok

18:55:03.0609 0x0f94 [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

18:55:03.0625 0x0f94 AdobeFlashPlayerUpdateSvc - ok

18:55:03.0656 0x0f94 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys

18:55:03.0671 0x0f94 adpu160m - ok

18:55:03.0703 0x0f94 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys

18:55:03.0703 0x0f94 aec - ok

18:55:03.0750 0x0f94 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys

18:55:03.0750 0x0f94 AFD - ok

18:55:03.0796 0x0f94 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys

18:55:03.0796 0x0f94 agp440 - ok

18:55:03.0812 0x0f94 [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

18:55:03.0828 0x0f94 agpCPQ - ok

18:55:03.0859 0x0f94 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys

18:55:03.0859 0x0f94 Aha154x - ok

18:55:03.0906 0x0f94 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys

18:55:03.0906 0x0f94 aic78u2 - ok

18:55:03.0906 0x0f94 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys

18:55:03.0921 0x0f94 aic78xx - ok

18:55:03.0953 0x0f94 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

18:55:04.0000 0x0f94 Alerter - ok

18:55:04.0171 0x0f94 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe

18:55:04.0171 0x0f94 ALG - ok

18:55:04.0218 0x0f94 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys

18:55:04.0218 0x0f94 AliIde - ok

18:55:04.0250 0x0f94 [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys

18:55:04.0250 0x0f94 alim1541 - ok

18:55:04.0468 0x0f94 [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys

18:55:04.0468 0x0f94 amdagp - ok

18:55:04.0734 0x0f94 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys

18:55:04.0781 0x0f94 amsint - ok

18:55:05.0015 0x0f94 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

18:55:05.0125 0x0f94 AppMgmt - ok

18:55:05.0218 0x0f94 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys

18:55:05.0234 0x0f94 asc - ok

18:55:05.0437 0x0f94 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys

18:55:05.0562 0x0f94 asc3350p - ok

18:55:05.0640 0x0f94 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys

18:55:05.0687 0x0f94 asc3550 - ok

18:55:07.0468 0x0f94 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

18:55:08.0593 0x0f94 aspnet_state - ok

18:55:08.0687 0x0f94 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:55:08.0765 0x0f94 AsyncMac - ok

18:55:08.0906 0x0f94 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

18:55:08.0906 0x0f94 atapi - ok

18:55:08.0921 0x0f94 Atdisk - ok

18:55:08.0984 0x0f94 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:55:09.0109 0x0f94 Atmarpc - ok

18:55:09.0296 0x0f94 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

18:55:09.0390 0x0f94 AudioSrv - ok

18:55:09.0593 0x0f94 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

18:55:09.0593 0x0f94 audstub - ok

18:55:09.0687 0x0f94 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys

18:55:09.0703 0x0f94 Beep - ok

18:55:10.0968 0x0f94 [ EE684C735B6D1D07498A1EC2EA1AE483, B0CE44B542FFB44EB5B75AE95C2A191779D8B482ACFE724EA3E27FBE686B546F ] Belkin 54g Wireless USB Network Adapter Service C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe

18:55:11.0062 0x0f94 Belkin 54g Wireless USB Network Adapter Service - ok

18:55:11.0296 0x0f94 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll

18:55:11.0921 0x0f94 BITS - ok

18:55:12.0250 0x0f94 [ 6D39682A1051A5BE7437EC99F1BF9921, 588CB98514D5C3B2C897F945C4AA9ED5364E93890DFA0DD7C6CC7F602A03451E ] bkn50USB C:\WINDOWS\system32\DRIVERS\rt2500usb.sys

18:55:12.0312 0x0f94 bkn50USB - ok

18:55:12.0515 0x0f94 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll

18:55:12.0546 0x0f94 Browser - ok

18:55:12.0625 0x0f94 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

18:55:12.0671 0x0f94 cbidf - ok

18:55:12.0765 0x0f94 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

18:55:12.0765 0x0f94 cbidf2k - ok

18:55:12.0843 0x0f94 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:55:12.0875 0x0f94 CCDECODE - ok

18:55:12.0921 0x0f94 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

18:55:12.0968 0x0f94 cd20xrnt - ok

18:55:13.0031 0x0f94 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

18:55:13.0031 0x0f94 Cdaudio - ok

18:55:13.0062 0x0f94 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

18:55:13.0093 0x0f94 Cdfs - ok

18:55:13.0171 0x0f94 [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:55:13.0171 0x0f94 Cdrom - ok

18:55:13.0187 0x0f94 Changer - ok

18:55:13.0484 0x0f94 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe

18:55:13.0593 0x0f94 CiSvc - ok

18:55:14.0406 0x0f94 [ DBC8CDAFC84E96E894C3BAAED9B30F47, A25CDF4BBF8227878D3CBB8E74904A43751EC4E98DFEBFE4CBD3953890A170F9 ] cleanhlp C:\downloads\EmsisoftEmergencyKit\Run\cleanhlp32.sys

18:55:14.0781 0x0f94 cleanhlp - ok

18:55:15.0046 0x0f94 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

18:55:15.0062 0x0f94 ClipSrv - ok

18:55:15.0156 0x0f94 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:55:16.0187 0x0f94 clr_optimization_v2.0.50727_32 - ok

18:55:16.0218 0x0f94 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys

18:55:16.0234 0x0f94 CmdIde - ok

18:55:16.0234 0x0f94 COMSysApp - ok

18:55:16.0281 0x0f94 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys

18:55:16.0281 0x0f94 Cpqarray - ok

18:55:16.0328 0x0f94 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

18:55:16.0343 0x0f94 CryptSvc - ok

18:55:16.0593 0x0f94 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

18:55:16.0609 0x0f94 dac2w2k - ok

18:55:16.0656 0x0f94 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys

18:55:16.0656 0x0f94 dac960nt - ok

18:55:16.0718 0x0f94 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

18:55:16.0750 0x0f94 DcomLaunch - ok

18:55:16.0796 0x0f94 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

18:55:16.0796 0x0f94 Dhcp - ok

18:55:16.0843 0x0f94 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

18:55:16.0859 0x0f94 Disk - ok

18:55:16.0859 0x0f94 dmadmin - ok

18:55:16.0937 0x0f94 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

18:55:16.0984 0x0f94 dmboot - ok

18:55:17.0031 0x0f94 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys

18:55:17.0234 0x0f94 dmio - ok

18:55:17.0312 0x0f94 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys

18:55:17.0312 0x0f94 dmload - ok

18:55:17.0359 0x0f94 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll

18:55:17.0359 0x0f94 dmserver - ok

18:55:17.0390 0x0f94 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

18:55:17.0390 0x0f94 DMusic - ok

18:55:17.0437 0x0f94 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

18:55:17.0437 0x0f94 Dnscache - ok

18:55:17.0500 0x0f94 [ 23A49584376D091C967B145C8CA358BD, 3D258D95F15B2008B9DBDE7735DF9B0DCAF9EF9CCC458C61E6D1791C053008F6 ] Dokan C:\WINDOWS\system32\drivers\dokan.sys

18:55:17.0500 0x0f94 Dokan - ok

18:55:17.0562 0x0f94 [ B81386BD0BFAC840AA3420DB57F1C132, 5C7B80BC25060E725321D2174DB44EFA629683D0B12B19387304F73B6BB6F887 ] DokanMounter C:\Program Files\PTPdrive\dokan_mounter.exe

18:55:17.0562 0x0f94 DokanMounter - ok

18:55:17.0593 0x0f94 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

18:55:17.0609 0x0f94 Dot3svc - ok

18:55:17.0656 0x0f94 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys

18:55:17.0656 0x0f94 dpti2o - ok

18:55:17.0687 0x0f94 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

18:55:17.0703 0x0f94 drmkaud - ok

18:55:17.0750 0x0f94 [ E814854E6B246CCF498874839AB64D77, D7BD17AD9709DA8305FF58710EE5EAA14BA5857F4B64C1CBDD21751625BFF2A3 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys

18:55:17.0750 0x0f94 drvmcdb - ok

18:55:17.0765 0x0f94 [ EE83A4EBAE70BC93CF14879D062F548B, CCA423C19BC8A6807EE29DA7FA9F545FDF2D0AAA8D4556E13B864ED6F6683827 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys

18:55:17.0765 0x0f94 drvnddm - ok

18:55:17.0859 0x0f94 [ FE80901578E7E3DA70299A5AEB2B7FBD, E68E8BAAA37AE26318BE8C084CFDD9040E97714C75EAA64B9720AB41FB1C9EF5 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe

18:55:17.0859 0x0f94 DSBrokerService - ok

18:55:17.0906 0x0f94 [ 413F2D5F9D802688242C23B38F767ECB, 6D5B6B8FC6E8E45555C444D3E881D3E44DE4C6F2602ADBB4D0E8E9F834089827 ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

18:55:17.0906 0x0f94 DSproct - ok

18:55:18.0031 0x0f94 [ DFEABB7CFFFADEA4A912AB95BDC3177A, 9A93956CF826F419ACB2B3CA8809917E345ACFD43B102EAB18DB46F49859D1C7 ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

18:55:18.0109 0x0f94 dsunidrv - ok

18:55:18.0156 0x0f94 [ 7D91DC6342248369F94D6EBA0CF42E99, 3A0B94862AF1E085F1FD9B8B96FC1F7BD6FF00342AC04D697AB65BC686F7BC2F ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys

18:55:18.0171 0x0f94 E100B - ok

18:55:18.0218 0x0f94 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll

18:55:18.0218 0x0f94 EapHost - ok

18:55:18.0359 0x0f94 [ 10D14FAEF105DF2432D0E03860895284, 200662CD73537A8152FA0C276F20CE9B558FB2EB1AD0C171E5CCF4DC8C02F8B3 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

18:55:18.0406 0x0f94 eeCtrl - ok

18:55:18.0843 0x0f94 [ B8EAC99B14772BDC36CA963AED109FA2, 332484E0F0E5D2C4F45A9D840B2946D247B0AA03697E1A1196F04A330A37FEDE ] ElRawDisk C:\WINDOWS\system32\drivers\rsdrv.sys

18:55:18.0843 0x0f94 ElRawDisk - ok

18:55:18.0906 0x0f94 [ 0424EAB7549926FB864BD41E7F0639CC, 04E349F311B24239E1B4DAD073360A0D91391B69E74B43D705A1C00FDF113F45 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

18:55:18.0937 0x0f94 EraserUtilRebootDrv - ok

18:55:18.0984 0x0f94 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll

18:55:18.0984 0x0f94 ERSvc - ok

18:55:19.0015 0x0f94 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe

18:55:19.0031 0x0f94 Eventlog - ok

18:55:19.0156 0x0f94 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll

18:55:19.0390 0x0f94 EventSystem - ok

18:55:19.0437 0x0f94 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

18:55:19.0453 0x0f94 Fastfat - ok

18:55:19.0500 0x0f94 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

18:55:19.0515 0x0f94 FastUserSwitchingCompatibility - ok

18:55:19.0531 0x0f94 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

18:55:19.0531 0x0f94 Fdc - ok

18:55:19.0671 0x0f94 [ 105DF2089FEA245E8F80984AE91158DC, 95E6A255DC2A0F5D5E99CDDA0F0BCB5E23402665C5422D424672F539AE1FEF9B ] FileMonitor C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys

18:55:19.0687 0x0f94 FileMonitor - ok

18:55:19.0796 0x0f94 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys

18:55:20.0062 0x0f94 Fips - ok

18:55:20.0093 0x0f94 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:55:20.0093 0x0f94 Flpydisk - ok

18:55:20.0140 0x0f94 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

18:55:20.0156 0x0f94 FltMgr - ok

18:55:20.0187 0x0f94 [ 8EFA9BFC940D9EB9348D9DAFB839FE25, 4EE3F7C899E74F91A61950EBB6FA2CEC275838B212CE702C766EC9AC5E1DC120 ] FlyUsb C:\WINDOWS\system32\DRIVERS\FlyUsb.sys

18:55:20.0187 0x0f94 FlyUsb - ok

18:55:20.0265 0x0f94 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:55:20.0265 0x0f94 FontCache3.0.0.0 - ok

18:55:20.0312 0x0f94 [ C6EE3A87FE609D3E1DB9DBD072A248DE, 9C2189FA09A9E1DC39F9AB8F0C9C0B44BE0E11FC3165BCD0813DFA85EA62907C ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

18:55:20.0328 0x0f94 fssfltr - ok

18:55:20.0468 0x0f94 [ 206AD9A89BF05DFA1621F1FC7B82592D, EAEE557535D865232237898858F5AE35F868065A1F79BBB48A2173124E2B6F63 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe

18:55:20.0531 0x0f94 fsssvc - ok

18:55:20.0546 0x0f94 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:55:20.0546 0x0f94 Fs_Rec - ok

18:55:20.0578 0x0f94 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:55:20.0578 0x0f94 Ftdisk - ok

18:55:20.0625 0x0f94 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:55:20.0625 0x0f94 Gpc - ok

18:55:20.0656 0x0f94 [ FC80052194D5708254A346568F0E77C0, 70F81DD8115998BAB162D047FD6D098CA54DB44BF90B8A048DB68E169D89AB77 ] GTNDIS5 C:\WINDOWS\system32\GTNDIS5.SYS

18:55:20.0656 0x0f94 GTNDIS5 - ok

18:55:20.0890 0x0f94 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

18:55:21.0000 0x0f94 gupdate - ok

18:55:21.0000 0x0f94 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

18:55:21.0015 0x0f94 gupdatem - ok

18:55:21.0062 0x0f94 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

18:55:21.0062 0x0f94 gusvc - ok

18:55:21.0171 0x0f94 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:55:21.0171 0x0f94 helpsvc - ok

18:55:21.0218 0x0f94 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll

18:55:21.0218 0x0f94 HidServ - ok

18:55:21.0265 0x0f94 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:55:21.0265 0x0f94 HidUsb - ok

18:55:21.0312 0x0f94 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

18:55:21.0328 0x0f94 hkmsvc - ok

18:55:21.0375 0x0f94 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys

18:55:21.0390 0x0f94 hpn - ok

18:55:21.0453 0x0f94 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

18:55:21.0828 0x0f94 HTTP - ok

18:55:21.0859 0x0f94 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

18:55:21.0875 0x0f94 HTTPFilter - ok

18:55:21.0921 0x0f94 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys

18:55:21.0921 0x0f94 i2omgmt - ok

18:55:21.0953 0x0f94 [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys

18:55:21.0953 0x0f94 i2omp - ok

18:55:22.0000 0x0f94 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:55:22.0000 0x0f94 i8042prt - ok

18:55:22.0312 0x0f94 [ 9A883C3C4D91292C0D09DE7C728E781C, 34DD9E781C42FF55BF83F62DFE7B0F4FE3CAEF19B517245BA004C2C641493A98 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

18:55:22.0406 0x0f94 ialm - ok

18:55:22.0515 0x0f94 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:55:22.0937 0x0f94 idsvc - ok

18:55:22.0984 0x0f94 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

18:55:22.0984 0x0f94 Imapi - ok

18:55:23.0031 0x0f94 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe

18:55:23.0046 0x0f94 ImapiService - ok

18:55:23.0328 0x0f94 [ 491FB9E6C0BD1383884D64EA5B886AD8, 7FF42213E260893C498663299AF6D3D4301F6C383C6B91E667BBD204F2B0A3E9 ] IMFservice C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

18:55:23.0406 0x0f94 IMFservice - ok

18:55:23.0437 0x0f94 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys

18:55:23.0453 0x0f94 ini910u - ok

18:55:23.0578 0x0f94 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

18:55:23.0671 0x0f94 IntelIde - ok

18:55:23.0718 0x0f94 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:55:23.0718 0x0f94 intelppm - ok

18:55:23.0750 0x0f94 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

18:55:23.0750 0x0f94 Ip6Fw - ok

18:55:23.0781 0x0f94 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:55:23.0781 0x0f94 IpFilterDriver - ok

18:55:23.0828 0x0f94 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:55:23.0828 0x0f94 IpInIp - ok

18:55:23.0859 0x0f94 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:55:23.0875 0x0f94 IpNat - ok

18:55:23.0937 0x0f94 [ E51BD095B2FDF56B17EE010BB794D6ED, EEF30B3161A7929E34DE34363CCBCB9E51AD7F1E7FAEE85963075C5775F7E806 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

18:55:24.0265 0x0f94 iPod Service - ok

18:55:24.0296 0x0f94 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:55:24.0296 0x0f94 IPSec - ok

18:55:24.0328 0x0f94 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

18:55:24.0343 0x0f94 IRENUM - ok

18:55:24.0390 0x0f94 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:55:24.0390 0x0f94 isapnp - ok

18:55:24.0406 0x0f94 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:55:24.0406 0x0f94 Kbdclass - ok

18:55:24.0671 0x0f94 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:55:24.0671 0x0f94 kbdhid - ok

18:55:24.0718 0x0f94 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

18:55:24.0734 0x0f94 kmixer - ok

18:55:24.0781 0x0f94 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

18:55:24.0781 0x0f94 KSecDD - ok

18:55:24.0828 0x0f94 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

18:55:24.0843 0x0f94 lanmanserver - ok

18:55:25.0140 0x0f94 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

18:55:25.0171 0x0f94 lanmanworkstation - ok

18:55:25.0187 0x0f94 lbrtfdc - ok

18:55:25.0250 0x0f94 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

18:55:25.0250 0x0f94 LmHosts - ok

18:55:25.0328 0x0f94 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll

18:55:25.0390 0x0f94 Messenger - ok

18:55:25.0578 0x0f94 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

18:55:25.0609 0x0f94 Microsoft Office Groove Audit Service - ok

18:55:25.0656 0x0f94 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

18:55:25.0656 0x0f94 mnmdd - ok

18:55:25.0687 0x0f94 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

18:55:25.0703 0x0f94 mnmsrvc - ok

18:55:25.0750 0x0f94 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys

18:55:25.0750 0x0f94 Modem - ok

18:55:25.0796 0x0f94 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:55:25.0796 0x0f94 Mouclass - ok

18:55:25.0843 0x0f94 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:55:25.0843 0x0f94 mouhid - ok

18:55:25.0906 0x0f94 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

18:55:25.0906 0x0f94 MountMgr - ok

18:55:25.0953 0x0f94 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys

18:55:25.0953 0x0f94 mraid35x - ok

18:55:26.0000 0x0f94 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:55:26.0000 0x0f94 MRxDAV - ok

18:55:26.0062 0x0f94 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:55:26.0421 0x0f94 MRxSmb - ok

18:55:26.0468 0x0f94 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe

18:55:26.0468 0x0f94 MSDTC - ok

18:55:26.0515 0x0f94 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

18:55:26.0515 0x0f94 Msfs - ok

18:55:26.0531 0x0f94 MSIServer - ok

18:55:26.0562 0x0f94 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:55:26.0562 0x0f94 MSKSSRV - ok

18:55:26.0578 0x0f94 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:55:26.0578 0x0f94 MSPCLOCK - ok

18:55:26.0828 0x0f94 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

18:55:26.0843 0x0f94 MSPQM - ok

18:55:26.0875 0x0f94 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:55:26.0875 0x0f94 mssmbios - ok

18:55:26.0906 0x0f94 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

18:55:26.0906 0x0f94 MSTEE - ok

18:55:26.0937 0x0f94 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

18:55:26.0937 0x0f94 Mup - ok

18:55:26.0984 0x0f94 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:55:26.0984 0x0f94 NABTSFEC - ok

18:55:27.0234 0x0f94 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll

18:55:27.0250 0x0f94 napagent - ok

18:55:27.0296 0x0f94 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

18:55:27.0312 0x0f94 NDIS - ok

18:55:27.0359 0x0f94 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:55:27.0359 0x0f94 NdisIP - ok

18:55:27.0421 0x0f94 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:55:27.0421 0x0f94 NdisTapi - ok

18:55:27.0453 0x0f94 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:55:27.0453 0x0f94 Ndisuio - ok

18:55:27.0562 0x0f94 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:55:27.0656 0x0f94 NdisWan - ok

18:55:27.0781 0x0f94 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

18:55:27.0781 0x0f94 NDProxy - ok

18:55:27.0828 0x0f94 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

18:55:27.0828 0x0f94 NetBIOS - ok

18:55:27.0859 0x0f94 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

18:55:27.0859 0x0f94 NetBT - ok

18:55:27.0906 0x0f94 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe

18:55:27.0906 0x0f94 NetDDE - ok

18:55:27.0921 0x0f94 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

18:55:27.0921 0x0f94 NetDDEdsdm - ok

18:55:28.0156 0x0f94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe

18:55:28.0156 0x0f94 Netlogon - ok

18:55:28.0203 0x0f94 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll

18:55:28.0218 0x0f94 Netman - ok

18:55:28.0828 0x0f94 [ 02D0798F376FCBD0210EDA58476D0B1B, 7658BFBF216FC92C27A60D7E6FF105E89AF2C125519174F27AC73D2E9F397E4C ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

18:55:28.0828 0x0f94 NetSvc - ok

18:55:28.0875 0x0f94 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:55:28.0875 0x0f94 NetTcpPortSharing - ok

18:55:29.0281 0x0f94 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll

18:55:29.0296 0x0f94 Nla - ok

18:55:29.0546 0x0f94 [ F70FE22F48FBE2A16C3D4B235DA608E8, 601461FFCD58E4C00A6F769772390773738C92EC2ABB47CB604D98736F674B95 ] nlsX86cc C:\WINDOWS\system32\NLSSRV32.EXE

18:55:29.0546 0x0f94 nlsX86cc - ok

18:55:29.0593 0x0f94 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

18:55:29.0593 0x0f94 Npfs - ok

18:55:29.0625 0x0f94 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

18:55:29.0687 0x0f94 Ntfs - ok

18:55:29.0718 0x0f94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

18:55:29.0718 0x0f94 NtLmSsp - ok

18:55:29.0781 0x0f94 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

18:55:30.0031 0x0f94 NtmsSvc - ok

18:55:30.0062 0x0f94 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys

18:55:30.0062 0x0f94 Null - ok

18:55:30.0187 0x0f94 [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:55:30.0500 0x0f94 nv - ok

18:55:30.0546 0x0f94 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:55:30.0546 0x0f94 NwlnkFlt - ok

18:55:30.0593 0x0f94 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:55:30.0593 0x0f94 NwlnkFwd - ok

18:55:30.0703 0x0f94 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

18:55:31.0031 0x0f94 odserv - ok

18:55:31.0093 0x0f94 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:55:31.0093 0x0f94 ose - ok

18:55:31.0140 0x0f94 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

18:55:31.0156 0x0f94 Parport - ok

18:55:31.0156 0x0f94 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

18:55:31.0171 0x0f94 PartMgr - ok

18:55:31.0296 0x0f94 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

18:55:31.0437 0x0f94 ParVdm - ok

18:55:31.0468 0x0f94 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

18:55:31.0468 0x0f94 PCI - ok

18:55:31.0468 0x0f94 PCIDump - ok

18:55:31.0500 0x0f94 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

18:55:31.0500 0x0f94 PCIIde - ok

18:55:31.0546 0x0f94 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

18:55:31.0546 0x0f94 Pcmcia - ok

18:55:31.0562 0x0f94 PDCOMP - ok

18:55:31.0578 0x0f94 PDFRAME - ok

18:55:31.0593 0x0f94 PDRELI - ok

18:55:31.0593 0x0f94 PDRFRAME - ok

18:55:31.0640 0x0f94 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys

18:55:31.0640 0x0f94 perc2 - ok

18:55:31.0750 0x0f94 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys

18:55:31.0812 0x0f94 perc2hib - ok

18:55:31.0906 0x0f94 [ 8512A7A19959218711F884EECC1DBAEB, 22448A8E36EF1FF5948274E08F1F45B4C0C670CFC40CD66BCE7D0669068A0DB2 ] PfFilter C:\Program Files\IObit\Protected Folder\pffilter.sys

18:55:31.0906 0x0f94 PfFilter - ok

18:55:31.0937 0x0f94 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe

18:55:31.0953 0x0f94 PlugPlay - ok

18:55:32.0000 0x0f94 [ 2D091A99624FB9E7EEF0A86D872EC0C3, 465C0772E23F7959EC71DCCFA3304E2E46FD31548AE37D7BA3DAAA59E6B561FD ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe

18:55:32.0000 0x0f94 Pml Driver HPZ12 - ok

18:55:32.0015 0x0f94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

18:55:32.0015 0x0f94 PolicyAgent - ok

18:55:32.0125 0x0f94 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:55:32.0250 0x0f94 PptpMiniport - ok

18:55:32.0281 0x0f94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

18:55:32.0281 0x0f94 ProtectedStorage - ok

18:55:32.0296 0x0f94 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

18:55:32.0312 0x0f94 PSched - ok

18:55:32.0359 0x0f94 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:55:32.0359 0x0f94 Ptilink - ok

18:55:32.0406 0x0f94 [ D86B4A68565E444D76457F14172C875A, 06B1CF81A62B3DAA8D0C5A8B88C56A504DE8E9278C520F754AF363A6676C58B0 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:55:32.0406 0x0f94 PxHelp20 - ok

18:55:32.0453 0x0f94 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys

18:55:32.0453 0x0f94 ql1080 - ok

18:55:32.0500 0x0f94 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

18:55:32.0500 0x0f94 Ql10wnt - ok

18:55:32.0531 0x0f94 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys

18:55:32.0531 0x0f94 ql12160 - ok

18:55:32.0578 0x0f94 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys

18:55:32.0750 0x0f94 ql1240 - ok

18:55:32.0781 0x0f94 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys

18:55:32.0796 0x0f94 ql1280 - ok

18:55:32.0812 0x0f94 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:55:32.0812 0x0f94 RasAcd - ok

18:55:32.0859 0x0f94 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll

18:55:32.0859 0x0f94 RasAuto - ok

18:55:32.0906 0x0f94 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:55:32.0921 0x0f94 Rasl2tp - ok

18:55:32.0984 0x0f94 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll

18:55:33.0218 0x0f94 RasMan - ok

18:55:33.0281 0x0f94 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:55:33.0281 0x0f94 RasPppoe - ok

18:55:33.0281 0x0f94 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

18:55:33.0296 0x0f94 Raspti - ok

18:55:33.0312 0x0f94 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:55:33.0328 0x0f94 Rdbss - ok

18:55:33.0343 0x0f94 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:55:33.0343 0x0f94 RDPCDD - ok

18:55:33.0390 0x0f94 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:55:33.0390 0x0f94 rdpdr - ok

18:55:33.0437 0x0f94 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

18:55:33.0453 0x0f94 RDPWD - ok

18:55:33.0625 0x0f94 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

18:55:33.0734 0x0f94 RDSessMgr - ok

18:55:33.0765 0x0f94 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

18:55:33.0765 0x0f94 redbook - ok

18:55:33.0812 0x0f94 [ 3BC05EC17F0A2BF4F141CB3D3390515E, 7430D6DB73A0CD40BD0F0DDA5508CF91233784BD76B4EDCDAED0EA6FB95ECFA7 ] RegFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys

18:55:33.0812 0x0f94 RegFilter - ok

18:55:33.0859 0x0f94 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

18:55:33.0859 0x0f94 RemoteAccess - ok

18:55:33.0890 0x0f94 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

18:55:33.0906 0x0f94 RemoteRegistry - ok

18:55:34.0218 0x0f94 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe

18:55:34.0218 0x0f94 RpcLocator - ok

18:55:34.0281 0x0f94 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll

18:55:34.0296 0x0f94 RpcSs - ok

18:55:34.0343 0x0f94 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe

18:55:34.0359 0x0f94 RSVP - ok

18:55:34.0609 0x0f94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe

18:55:34.0609 0x0f94 SamSs - ok

18:55:34.0640 0x0f94 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

18:55:34.0640 0x0f94 SCardSvr - ok

18:55:34.0703 0x0f94 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll

18:55:34.0718 0x0f94 Schedule - ok

18:55:34.0765 0x0f94 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:55:34.0765 0x0f94 Secdrv - ok

18:55:34.0812 0x0f94 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll

18:55:34.0812 0x0f94 seclogon - ok

18:55:35.0015 0x0f94 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8, E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys

18:55:35.0109 0x0f94 senfilt - ok

18:55:35.0156 0x0f94 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll

18:55:35.0171 0x0f94 SENS - ok

18:55:35.0187 0x0f94 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

18:55:35.0187 0x0f94 serenum - ok

18:55:35.0203 0x0f94 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

18:55:35.0203 0x0f94 Serial - ok

18:55:35.0265 0x0f94 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

18:55:35.0265 0x0f94 Sfloppy - ok

18:55:35.0453 0x0f94 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

18:55:35.0531 0x0f94 SharedAccess - ok

18:55:35.0578 0x0f94 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

18:55:35.0578 0x0f94 ShellHWDetection - ok

18:55:35.0593 0x0f94 Simbad - ok

18:55:35.0640 0x0f94 [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys

18:55:35.0640 0x0f94 sisagp - ok

18:55:35.0703 0x0f94 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

18:55:35.0718 0x0f94 SkypeUpdate - ok

18:55:35.0953 0x0f94 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:55:35.0953 0x0f94 SLIP - ok

18:55:36.0015 0x0f94 [ C6D9959E493682F872A639B6EC1B4A08, 5B6D3FD23A44422F8B3972CF47BF16B5015DC0CCF7EF59FADAFEEF1AEE32958B ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys

18:55:36.0015 0x0f94 smwdm - ok

18:55:36.0062 0x0f94 [ 60C377BE6B3CC83F6A8584934B181D2E, 58F94CAD0149F634BE2F630A39561073F9399A904E3E3143C0D0BEC348A0C3B2 ] SNMP C:\WINDOWS\System32\snmp.exe

18:55:36.0078 0x0f94 SNMP - ok

18:55:36.0109 0x0f94 [ 80A050795A107A76C2B1CD4CFBE010E6, DA5BFB0E8E990BE998F1ED5991CA3318A99E0F252669CE9FAE2EF67C535140B8 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe

18:55:36.0109 0x0f94 SNMPTRAP - ok

18:55:36.0140 0x0f94 [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

18:55:36.0140 0x0f94 SONYPVU1 - ok

18:55:36.0187 0x0f94 [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys

18:55:36.0187 0x0f94 Sparrow - ok

18:55:36.0437 0x0f94 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys

18:55:36.0468 0x0f94 splitter - ok

18:55:36.0515 0x0f94 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe

18:55:36.0515 0x0f94 Spooler - ok

18:55:36.0562 0x0f94 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

18:55:36.0578 0x0f94 sr - ok

18:55:36.0625 0x0f94 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll

18:55:36.0640 0x0f94 srservice - ok

18:55:36.0703 0x0f94 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

18:55:36.0734 0x0f94 Srv - ok

18:55:36.0765 0x0f94 [ D7968049BE0ADBB6A57CEE3960320911, 6FB6D7BE384324211DAEDCCD80BA983E32183D08DF6C5B5B5453773DCC0F4D5B ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys

18:55:36.0765 0x0f94 sscdbhk5 - ok

18:55:36.0796 0x0f94 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

18:55:36.0796 0x0f94 SSDPSRV - ok

18:55:36.0812 0x0f94 [ C3FFD65ABFB6441E7606CF74F1155273, EFA481D5075A9C0490CEBA5F8223BE322EB3811465F41A1FB3386E30E8C81714 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys

18:55:36.0828 0x0f94 ssrtln - ok

18:55:36.0828 0x0f94 [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys

18:55:36.0828 0x0f94 StillCam - ok

18:55:36.0906 0x0f94 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll

18:55:36.0921 0x0f94 stisvc - ok

18:55:37.0062 0x0f94 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:55:37.0156 0x0f94 streamip - ok

18:55:37.0296 0x0f94 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

18:55:37.0312 0x0f94 swenum - ok

18:55:37.0328 0x0f94 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

18:55:37.0343 0x0f94 swmidi - ok

18:55:37.0343 0x0f94 SwPrv - ok

18:55:37.0390 0x0f94 [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys

18:55:37.0390 0x0f94 symc810 - ok

18:55:37.0421 0x0f94 [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys

18:55:37.0437 0x0f94 symc8xx - ok

18:55:37.0468 0x0f94 [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys

18:55:37.0484 0x0f94 sym_hi - ok

18:55:37.0500 0x0f94 [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys

18:55:37.0500 0x0f94 sym_u3 - ok

18:55:37.0546 0x0f94 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

18:55:37.0546 0x0f94 sysaudio - ok

18:55:37.0640 0x0f94 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

18:55:37.0640 0x0f94 SysmonLog - ok

18:55:37.0687 0x0f94 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

18:55:37.0703 0x0f94 TapiSrv - ok

18:55:37.0765 0x0f94 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:55:37.0796 0x0f94 Tcpip - ok

18:55:37.0828 0x0f94 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

18:55:37.0828 0x0f94 TDPIPE - ok

18:55:38.0000 0x0f94 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

18:55:38.0000 0x0f94 TDTCP - ok

18:55:38.0250 0x0f94 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

18:55:38.0250 0x0f94 TermDD - ok

18:55:38.0312 0x0f94 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll

18:55:38.0328 0x0f94 TermService - ok

18:55:38.0406 0x0f94 [ 30698355067D07DA5F9EB81132C9FDD6, 80457F8DBB089FFF23ED220924F5C872D896707F4B31E9C77DAB78421B9B2F6D ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys

18:55:38.0406 0x0f94 tfsnboio - ok

18:55:38.0421 0x0f94 [ FB9D825BB4A2ABDF24600F7505050E2B, A7A11366525C4DEAD588822F4C57C7ED5D6F3578F2DB2124BF0441133B3169B9 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys

18:55:38.0421 0x0f94 tfsncofs - ok

18:55:38.0437 0x0f94 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33, AA5BDE527B67A14654D930252894FEDB8976EAE1F33C2BC0E7747D2B4EB93C4E ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys

18:55:38.0437 0x0f94 tfsndrct - ok

18:55:38.0453 0x0f94 [ 8DB1E78FBF7C426D8EC3D8F1A33D6485, FF437EFD667EFE00729188B18C7E17E8C15D06A2C1F58A0F79E22DFADCECF969 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys

18:55:38.0453 0x0f94 tfsndres - ok

18:55:38.0468 0x0f94 [ B92F67A71CC8176F331B8AA8D9F555AD, F59E8464E44E08C18C3C7D32408D7661923F30FDD35390082DC7F2C02DCC40A3 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys

18:55:38.0468 0x0f94 tfsnifs - ok

18:55:38.0484 0x0f94 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C, 9ADD1077C3B34E0EFA85EC4762822330D85F43EB4557C9ED015D8D1575E52885 ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys

18:55:38.0484 0x0f94 tfsnopio - ok

18:55:38.0484 0x0f94 [ BBA22094F0F7C210567EFDAF11F64495, C55D3F3628C73FFA776C9B61BA735CB24DEE9F80F6E74A2F9BD70CFFB863BA57 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys

18:55:38.0484 0x0f94 tfsnpool - ok

18:55:38.0515 0x0f94 [ 81340BEF80B9811E98CE64611E67E3FF, CD6679A4D1A7932CD64F1F6AACF09CEC2D8E7DD001F812CC49756D8F582D907A ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys

18:55:38.0515 0x0f94 tfsnudf - ok

18:55:38.0531 0x0f94 [ C035FD116224CCC8325F384776B6A8BB, CB97AD56288F916DE2AF5B1EC9D04AF3A1C2A2FA0A738282DA3763036DD18F12 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys

18:55:38.0531 0x0f94 tfsnudfa - ok

18:55:38.0546 0x0f94 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll

18:55:38.0562 0x0f94 Themes - ok

18:55:38.0609 0x0f94 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

18:55:38.0609 0x0f94 TlntSvr - ok

18:55:38.0640 0x0f94 [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys

18:55:38.0640 0x0f94 TosIde - ok

18:55:38.0687 0x0f94 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll

18:55:38.0687 0x0f94 TrkWks - ok

18:55:38.0718 0x0f94 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

18:55:38.0734 0x0f94 Udfs - ok

18:55:38.0765 0x0f94 [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys

18:55:38.0781 0x0f94 ultra - ok

18:55:38.0828 0x0f94 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

18:55:38.0859 0x0f94 Update - ok

18:55:38.0921 0x0f94 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll

18:55:38.0921 0x0f94 upnphost - ok

18:55:38.0953 0x0f94 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe

18:55:38.0968 0x0f94 UPS - ok

18:55:39.0000 0x0f94 [ 6A65CD6761337D339001959232233F0D, CB3507F565E675E3B9BAB85B622991035DB87EE2183557E7A009C70F82A9DB38 ] UrlFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys

18:55:39.0000 0x0f94 UrlFilter - ok

18:55:39.0031 0x0f94 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:55:39.0046 0x0f94 usbccgp - ok

18:55:39.0062 0x0f94 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:55:39.0062 0x0f94 usbehci - ok

18:55:39.0109 0x0f94 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:55:39.0109 0x0f94 usbhub - ok

18:55:39.0140 0x0f94 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:55:39.0140 0x0f94 usbprint - ok

18:55:39.0187 0x0f94 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:55:39.0187 0x0f94 usbscan - ok

18:55:39.0218 0x0f94 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:55:39.0234 0x0f94 USBSTOR - ok

18:55:39.0281 0x0f94 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:55:39.0281 0x0f94 usbuhci - ok

18:55:39.0328 0x0f94 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

18:55:39.0328 0x0f94 VgaSave - ok

18:55:39.0375 0x0f94 [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys

18:55:39.0375 0x0f94 viaagp - ok

18:55:39.0390 0x0f94 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

18:55:39.0390 0x0f94 ViaIde - ok

18:55:39.0437 0x0f94 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

18:55:39.0437 0x0f94 VolSnap - ok

18:55:39.0500 0x0f94 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe

18:55:39.0515 0x0f94 VSS - ok

18:55:39.0562 0x0f94 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time C:\WINDOWS\system32\w32time.dll

18:55:39.0562 0x0f94 w32time - ok

18:55:39.0593 0x0f94 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:55:39.0609 0x0f94 Wanarp - ok

18:55:39.0609 0x0f94 WDICA - ok

18:55:39.0640 0x0f94 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

18:55:39.0640 0x0f94 wdmaud - ok

18:55:39.0687 0x0f94 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll

18:55:39.0703 0x0f94 WebClient - ok

18:55:39.0812 0x0f94 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

18:55:39.0828 0x0f94 winmgmt - ok

18:55:39.0906 0x0f94 [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM C:\WINDOWS\system32\WsmSvc.dll

18:55:40.0000 0x0f94 WinRM - ok

18:55:40.0046 0x0f94 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

18:55:40.0046 0x0f94 WmdmPmSN - ok

18:55:40.0093 0x0f94 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll

18:55:40.0140 0x0f94 Wmi - ok

18:55:40.0203 0x0f94 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:55:40.0203 0x0f94 WmiApSrv - ok

18:55:40.0343 0x0f94 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

18:55:40.0421 0x0f94 WMPNetworkSvc - ok

18:55:40.0484 0x0f94 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

18:55:40.0484 0x0f94 WS2IFSL - ok

18:55:40.0546 0x0f94 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll

18:55:40.0546 0x0f94 wscsvc - ok

18:55:40.0593 0x0f94 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:55:40.0593 0x0f94 WSTCODEC - ok

18:55:40.0625 0x0f94 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll

18:55:40.0640 0x0f94 wuauserv - ok

18:55:40.0671 0x0f94 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:55:40.0671 0x0f94 WudfPf - ok

18:55:40.0718 0x0f94 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:55:40.0718 0x0f94 WudfRd - ok

18:55:40.0765 0x0f94 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

18:55:40.0781 0x0f94 WudfSvc - ok

18:55:40.0843 0x0f94 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

18:55:40.0875 0x0f94 WZCSVC - ok

18:55:40.0921 0x0f94 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll

18:55:40.0937 0x0f94 xmlprov - ok

18:55:40.0953 0x0f94 ================ Scan global ===============================

18:55:41.0000 0x0f94 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll

18:55:41.0046 0x0f94 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll

18:55:41.0093 0x0f94 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll

18:55:41.0140 0x0f94 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe

18:55:41.0140 0x0f94 [ Global ] - ok

18:55:41.0140 0x0f94 ================ Scan MBR ==================================

18:55:41.0140 0x0f94 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0

18:55:41.0375 0x0f94 \Device\Harddisk0\DR0 - ok

18:55:41.0390 0x0f94 ================ Scan VBR ==================================

18:55:41.0390 0x0f94 [ 622A417CF62915632DEDC7A25894BB8A ] \Device\Harddisk0\DR0\Partition1

18:55:41.0390 0x0f94 \Device\Harddisk0\DR0\Partition1 - ok

18:55:41.0390 0x0f94 ================ Scan generic autorun ======================

18:55:41.0437 0x0f94 [ 2CA827BA68D0CDB5437C40C6F53D7F20, 2727C5BA23C106E0531E9820CD9682039A6CC1DDF94DF571C62E96F99E88740C ] C:\WINDOWS\system32\dla\tfswctrl.exe

18:55:41.0437 0x0f94 dla - ok

18:55:41.0500 0x0f94 [ 3F2C8DD08549BB3419CDA372F5999FFA, D2AF3C3BD950A027094034B40C6F81BE966A557F9BD403D3D10E3D0D31CF8A76 ] C:\WINDOWS\system32\igfxtray.exe

18:55:41.0500 0x0f94 igfxtray - ok

18:55:41.0531 0x0f94 [ 01018F75F3F18CE629FAC9689954A2AE, F10802A5DEE4527B34939A5FF77B6B3184F7A2FF2963DE6C872C85C25233C7CF ] C:\WINDOWS\system32\hkcmd.exe

18:55:41.0531 0x0f94 igfxhkcmd - ok

18:55:41.0671 0x0f94 [ 10247C15D999CC116C87DA36BD0AD64D, C2F0EE62505690DD7A11E08B555C522843B9A0902E05A6A75EB6FFFF3654606A ] C:\Program Files\Analog Devices\Core\smax4pnp.exe

18:55:41.0781 0x0f94 SoundMAXPnP - ok

18:55:41.0890 0x0f94 [ 0AEE5668EB59912F32FF245BFA72465F, 653978E365B0E72D34E8B3ED1BFCF0237B70B41396BD70EBBBEDB31AFD77857B ] C:\Program Files\QuickTime\qttask.exe

18:55:41.0921 0x0f94 QuickTime Task - ok

18:55:42.0000 0x0f94 [ B75FDBF14073D72C50624CC8338DD534, 953C7E16B56597ABCCD805A379769B0FD76298669DDE6E1172C728F410371CE8 ] C:\Program Files\DellSupport\DSAgnt.exe

18:55:42.0031 0x0f94 DellSupport - ok

18:55:42.0078 0x0f94 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe

18:55:42.0078 0x0f94 ctfmon.exe - ok

18:55:42.0125 0x0f94 [ 7EAED08CCCA4DDDE61A388C82598CFA9, 1995067478C8C04BDAAC030C380BE59BB6BEFAE715C8BED74E7A05C40586707B ] C:\Program Files\Windows Media Player\WMPNSCFG.exe

18:55:42.0156 0x0f94 WMPNSCFG - ok

18:55:42.0218 0x0f94 [ B75FDBF14073D72C50624CC8338DD534, 953C7E16B56597ABCCD805A379769B0FD76298669DDE6E1172C728F410371CE8 ] C:\Program Files\DellSupport\DSAgnt.exe

18:55:42.0218 0x0f94 DellSupport - ok

18:55:42.0250 0x0f94 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe

18:55:42.0265 0x0f94 ctfmon.exe - ok

18:55:42.0343 0x0f94 [ E616A6A6E91B0A86F2F6217CDE835FFE, 411671C4B2BB4DB3F02A21C199A5479F31394165704736A549B53245B94577F7 ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

18:55:42.0359 0x0f94 swg - ok

18:55:42.0406 0x0f94 [ 0AEE5668EB59912F32FF245BFA72465F, 653978E365B0E72D34E8B3ED1BFCF0237B70B41396BD70EBBBEDB31AFD77857B ] C:\Program Files\QuickTime\qttask.exe

18:55:42.0406 0x0f94 QuickTime Task - ok

18:55:42.0437 0x0f94 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe

18:55:42.0437 0x0f94 ctfmon.exe - ok

18:55:42.0609 0x0f94 [ AC44886015BFD0D9B0E3B4F44D6027AD, F4567EBA84B09ED48441A58C2E72E34BCF1E353F980261F1495619CD16608555 ] C:\WINDOWS\setup_rangers_2.exe

18:55:43.0296 0x0f94 setup_rangers_2.exe - ok

18:55:43.0328 0x0f94 [ E616A6A6E91B0A86F2F6217CDE835FFE, 411671C4B2BB4DB3F02A21C199A5479F31394165704736A549B53245B94577F7 ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

18:55:43.0343 0x0f94 swg - ok

18:55:43.0375 0x0f94 [ 7EAED08CCCA4DDDE61A388C82598CFA9, 1995067478C8C04BDAAC030C380BE59BB6BEFAE715C8BED74E7A05C40586707B ] C:\Program Files\Windows Media Player\WMPNSCFG.exe

18:55:43.0375 0x0f94 WMPNSCFG - ok

18:55:43.0421 0x0f94 [ B75FDBF14073D72C50624CC8338DD534, 953C7E16B56597ABCCD805A379769B0FD76298669DDE6E1172C728F410371CE8 ] C:\Program Files\DellSupport\DSAgnt.exe

18:55:43.0437 0x0f94 DellSupport - ok

18:55:43.0437 0x0f94 [ E616A6A6E91B0A86F2F6217CDE835FFE, 411671C4B2BB4DB3F02A21C199A5479F31394165704736A549B53245B94577F7 ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

18:55:43.0453 0x0f94 swg - ok

18:55:43.0484 0x0f94 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe

18:55:43.0484 0x0f94 ctfmon.exe - ok

18:55:43.0500 0x0f94 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe

18:55:43.0500 0x0f94 ctfmon.exe - ok

18:55:43.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:44.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:45.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:46.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:47.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:48.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:49.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:50.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:51.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:52.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:53.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:54.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:55.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:56.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:57.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:58.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:55:59.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:56:00.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:56:01.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:56:02.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:56:03.0500 0x0f94 Waiting for KSN requests completion. In queue: 303

18:56:04.0750 0x0f94 Win FW state via NFM: enabled

18:56:08.0328 0x0f94 ============================================================

18:56:08.0328 0x0f94 Scan finished

18:56:08.0328 0x0f94 ============================================================

18:56:08.0343 0x0f8c Detected object count: 0

18:56:08.0343 0x0f8c Actual detected object count: 0

18:56:12.0500 0x08a8 ============================================================

18:56:12.0500 0x08a8 Scan started

18:56:12.0500 0x08a8 Mode: Manual;

18:56:12.0500 0x08a8 ============================================================

18:56:12.0500 0x08a8 KSN ping started

18:56:14.0890 0x08a8 KSN ping finished: true

18:56:16.0718 0x08a8 ================ Scan system memory ========================

18:56:16.0718 0x08a8 System memory - ok

18:56:16.0718 0x08a8 ================ Scan services =============================

18:56:16.0906 0x08a8 [ B0CC0B50441372157F31C4C023D43A3E, A0FCC03588C06E42D3B8465AC7D0F7A909E8CABEEE3C82B3CBD68F150D7692EE ] A2DDA C:\DOWNLOADS\EMSISOFTEMERGENCYKIT\RUN\a2ddax86.sys

18:56:16.0906 0x08a8 A2DDA - ok

18:56:17.0031 0x08a8 Abiosdsk - ok

18:56:17.0093 0x08a8 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

18:56:17.0093 0x08a8 abp480n5 - ok

18:56:17.0140 0x08a8 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:56:17.0156 0x08a8 ACPI - ok

18:56:17.0187 0x08a8 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

18:56:17.0203 0x08a8 ACPIEC - ok

18:56:17.0312 0x08a8 [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

18:56:17.0328 0x08a8 AdobeFlashPlayerUpdateSvc - ok

18:56:17.0359 0x08a8 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys

18:56:17.0375 0x08a8 adpu160m - ok

18:56:17.0406 0x08a8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys

18:56:17.0406 0x08a8 aec - ok

18:56:17.0453 0x08a8 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys

18:56:17.0468 0x08a8 AFD - ok

18:56:17.0500 0x08a8 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys

18:56:17.0500 0x08a8 agp440 - ok

18:56:17.0531 0x08a8 [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

18:56:17.0546 0x08a8 agpCPQ - ok

18:56:17.0593 0x08a8 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys

18:56:17.0593 0x08a8 Aha154x - ok

18:56:17.0640 0x08a8 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys

18:56:17.0656 0x08a8 aic78u2 - ok

18:56:17.0687 0x08a8 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys

18:56:17.0687 0x08a8 aic78xx - ok

18:56:17.0718 0x08a8 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

18:56:17.0734 0x08a8 Alerter - ok

18:56:17.0750 0x08a8 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe

18:56:17.0765 0x08a8 ALG - ok

18:56:17.0796 0x08a8 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys

18:56:17.0796 0x08a8 AliIde - ok

18:56:17.0812 0x08a8 [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys

18:56:17.0812 0x08a8 alim1541 - ok

18:56:17.0843 0x08a8 [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys

18:56:17.0843 0x08a8 amdagp - ok

18:56:17.0890 0x08a8 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys

18:56:17.0890 0x08a8 amsint - ok

18:56:17.0937 0x08a8 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

18:56:17.0953 0x08a8 AppMgmt - ok

18:56:18.0015 0x08a8 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys

18:56:18.0015 0x08a8 asc - ok

18:56:18.0062 0x08a8 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys

18:56:18.0062 0x08a8 asc3350p - ok

18:56:18.0078 0x08a8 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys

18:56:18.0078 0x08a8 asc3550 - ok

18:56:18.0250 0x08a8 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

18:56:18.0265 0x08a8 aspnet_state - ok

18:56:18.0312 0x08a8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:56:18.0312 0x08a8 AsyncMac - ok

18:56:18.0359 0x08a8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

18:56:18.0359 0x08a8 Suspicious file ( Forged ): C:\WINDOWS\system32\DRIVERS\atapi.sys. Real md5: 9F3A2F5AA6875C72BF062C712CFA2674, sha256: B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9, fake md5: 29CCBE8684D7DCBC533C3796798F0C87, fake sha256: 39E554E80C7F3D2E901EE4B354022FBEBB6D84CA51F4FCC0E24B2366DFDDC139

18:56:18.0359 0x08a8 atapi - detected ForgedFile.Multi.Generic ( 1 )

18:56:18.0375 0x08a8 Detect skipped due to KSN trusted

18:56:18.0375 0x08a8 atapi - ok

18:56:18.0390 0x08a8 Atdisk - ok

18:56:18.0421 0x08a8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:56:18.0437 0x08a8 Atmarpc - ok

18:56:18.0500 0x08a8 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

18:56:18.0500 0x08a8 AudioSrv - ok

18:56:18.0546 0x08a8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

18:56:18.0546 0x08a8 audstub - ok

18:56:18.0578 0x08a8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys

18:56:18.0578 0x08a8 Beep - ok

18:56:18.0703 0x08a8 [ EE684C735B6D1D07498A1EC2EA1AE483, B0CE44B542FFB44EB5B75AE95C2A191779D8B482ACFE724EA3E27FBE686B546F ] Belkin 54g Wireless USB Network Adapter Service C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe

18:56:18.0703 0x08a8 Belkin 54g Wireless USB Network Adapter Service - ok

18:56:18.0765 0x08a8 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll

18:56:18.0796 0x08a8 BITS - ok

18:56:18.0843 0x08a8 [ 6D39682A1051A5BE7437EC99F1BF9921, 588CB98514D5C3B2C897F945C4AA9ED5364E93890DFA0DD7C6CC7F602A03451E ] bkn50USB C:\WINDOWS\system32\DRIVERS\rt2500usb.sys

18:56:18.0859 0x08a8 bkn50USB - ok

18:56:18.0890 0x08a8 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll

18:56:18.0906 0x08a8 Browser - ok

18:56:18.0953 0x08a8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

18:56:18.0953 0x08a8 cbidf - ok

18:56:18.0968 0x08a8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

18:56:18.0968 0x08a8 cbidf2k - ok

18:56:19.0000 0x08a8 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:56:19.0000 0x08a8 CCDECODE - ok

18:56:19.0046 0x08a8 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

18:56:19.0046 0x08a8 cd20xrnt - ok

18:56:19.0078 0x08a8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

18:56:19.0078 0x08a8 Cdaudio - ok

18:56:19.0109 0x08a8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

18:56:19.0109 0x08a8 Cdfs - ok

18:56:19.0203 0x08a8 [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:56:19.0218 0x08a8 Cdrom - ok

18:56:19.0218 0x08a8 Changer - ok

18:56:19.0265 0x08a8 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe

18:56:19.0265 0x08a8 CiSvc - ok

18:56:19.0312 0x08a8 [ DBC8CDAFC84E96E894C3BAAED9B30F47, A25CDF4BBF8227878D3CBB8E74904A43751EC4E98DFEBFE4CBD3953890A170F9 ] cleanhlp C:\downloads\EmsisoftEmergencyKit\Run\cleanhlp32.sys

18:56:19.0312 0x08a8 cleanhlp - ok

18:56:19.0343 0x08a8 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

18:56:19.0343 0x08a8 ClipSrv - ok

18:56:19.0390 0x08a8 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:56:19.0437 0x08a8 clr_optimization_v2.0.50727_32 - ok

18:56:19.0484 0x08a8 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys

18:56:19.0484 0x08a8 CmdIde - ok

18:56:19.0500 0x08a8 COMSysApp - ok

18:56:19.0562 0x08a8 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys

18:56:19.0562 0x08a8 Cpqarray - ok

18:56:19.0609 0x08a8 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

18:56:19.0609 0x08a8 CryptSvc - ok

18:56:19.0671 0x08a8 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

18:56:19.0671 0x08a8 dac2w2k - ok

18:56:19.0718 0x08a8 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys

18:56:19.0718 0x08a8 dac960nt - ok

18:56:19.0781 0x08a8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

18:56:19.0796 0x08a8 DcomLaunch - ok

18:56:19.0859 0x08a8 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

18:56:19.0859 0x08a8 Dhcp - ok

18:56:19.0890 0x08a8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

18:56:19.0890 0x08a8 Disk - ok

18:56:19.0906 0x08a8 dmadmin - ok

18:56:19.0984 0x08a8 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

18:56:20.0031 0x08a8 dmboot - ok

18:56:20.0046 0x08a8 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys

18:56:20.0062 0x08a8 dmio - ok

18:56:20.0109 0x08a8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys

18:56:20.0109 0x08a8 dmload - ok

18:56:20.0156 0x08a8 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll

18:56:20.0156 0x08a8 dmserver - ok

18:56:20.0203 0x08a8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

18:56:20.0203 0x08a8 DMusic - ok

18:56:20.0265 0x08a8 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

18:56:20.0265 0x08a8 Dnscache - ok

18:56:20.0328 0x08a8 [ 23A49584376D091C967B145C8CA358BD, 3D258D95F15B2008B9DBDE7735DF9B0DCAF9EF9CCC458C61E6D1791C053008F6 ] Dokan C:\WINDOWS\system32\drivers\dokan.sys

18:56:20.0328 0x08a8 Dokan - ok

18:56:20.0406 0x08a8 [ B81386BD0BFAC840AA3420DB57F1C132, 5C7B80BC25060E725321D2174DB44EFA629683D0B12B19387304F73B6BB6F887 ] DokanMounter C:\Program Files\PTPdrive\dokan_mounter.exe

18:56:20.0406 0x08a8 DokanMounter - ok

18:56:20.0453 0x08a8 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

18:56:20.0453 0x08a8 Dot3svc - ok

18:56:20.0500 0x08a8 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys

18:56:20.0500 0x08a8 dpti2o - ok

18:56:20.0562 0x08a8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

18:56:20.0562 0x08a8 drmkaud - ok

18:56:20.0609 0x08a8 [ E814854E6B246CCF498874839AB64D77, D7BD17AD9709DA8305FF58710EE5EAA14BA5857F4B64C1CBDD21751625BFF2A3 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys

18:56:20.0625 0x08a8 drvmcdb - ok

18:56:20.0640 0x08a8 [ EE83A4EBAE70BC93CF14879D062F548B, CCA423C19BC8A6807EE29DA7FA9F545FDF2D0AAA8D4556E13B864ED6F6683827 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys

18:56:20.0640 0x08a8 drvnddm - ok

18:56:20.0734 0x08a8 [ FE80901578E7E3DA70299A5AEB2B7FBD, E68E8BAAA37AE26318BE8C084CFDD9040E97714C75EAA64B9720AB41FB1C9EF5 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe

18:56:20.0734 0x08a8 DSBrokerService - ok

18:56:20.0796 0x08a8 [ 413F2D5F9D802688242C23B38F767ECB, 6D5B6B8FC6E8E45555C444D3E881D3E44DE4C6F2602ADBB4D0E8E9F834089827 ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

18:56:20.0796 0x08a8 DSproct - ok

18:56:20.0843 0x08a8 [ DFEABB7CFFFADEA4A912AB95BDC3177A, 9A93956CF826F419ACB2B3CA8809917E345ACFD43B102EAB18DB46F49859D1C7 ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

18:56:20.0843 0x08a8 dsunidrv - ok

18:56:20.0906 0x08a8 [ 7D91DC6342248369F94D6EBA0CF42E99, 3A0B94862AF1E085F1FD9B8B96FC1F7BD6FF00342AC04D697AB65BC686F7BC2F ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys

18:56:20.0906 0x08a8 E100B - ok

18:56:20.0953 0x08a8 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll

18:56:20.0953 0x08a8 EapHost - ok

18:56:21.0078 0x08a8 [ 10D14FAEF105DF2432D0E03860895284, 200662CD73537A8152FA0C276F20CE9B558FB2EB1AD0C171E5CCF4DC8C02F8B3 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

18:56:21.0109 0x08a8 eeCtrl - ok

18:56:21.0156 0x08a8 [ B8EAC99B14772BDC36CA963AED109FA2, 332484E0F0E5D2C4F45A9D840B2946D247B0AA03697E1A1196F04A330A37FEDE ] ElRawDisk C:\WINDOWS\system32\drivers\rsdrv.sys

18:56:21.0156 0x08a8 ElRawDisk - ok

18:56:21.0218 0x08a8 [ 0424EAB7549926FB864BD41E7F0639CC, 04E349F311B24239E1B4DAD073360A0D91391B69E74B43D705A1C00FDF113F45 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

18:56:21.0234 0x08a8 EraserUtilRebootDrv - ok

18:56:21.0281 0x08a8 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll

18:56:21.0281 0x08a8 ERSvc - ok

18:56:21.0328 0x08a8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe

18:56:21.0328 0x08a8 Eventlog - ok

18:56:21.0390 0x08a8 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll

18:56:21.0406 0x08a8 EventSystem - ok

18:56:21.0468 0x08a8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

18:56:21.0468 0x08a8 Fastfat - ok

18:56:21.0531 0x08a8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

18:56:21.0531 0x08a8 FastUserSwitchingCompatibility - ok

18:56:21.0546 0x08a8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

18:56:21.0546 0x08a8 Fdc - ok

18:56:21.0703 0x08a8 [ 105DF2089FEA245E8F80984AE91158DC, 95E6A255DC2A0F5D5E99CDDA0F0BCB5E23402665C5422D424672F539AE1FEF9B ] FileMonitor C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys

18:56:21.0703 0x08a8 FileMonitor - ok

18:56:21.0765 0x08a8 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys

18:56:21.0765 0x08a8 Fips - ok

18:56:21.0781 0x08a8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:56:21.0781 0x08a8 Flpydisk - ok

18:56:21.0843 0x08a8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

18:56:21.0843 0x08a8 FltMgr - ok

18:56:21.0890 0x08a8 [ 8EFA9BFC940D9EB9348D9DAFB839FE25, 4EE3F7C899E74F91A61950EBB6FA2CEC275838B212CE702C766EC9AC5E1DC120 ] FlyUsb C:\WINDOWS\system32\DRIVERS\FlyUsb.sys

18:56:21.0890 0x08a8 FlyUsb - ok

18:56:22.0000 0x08a8 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:56:22.0000 0x08a8 FontCache3.0.0.0 - ok

18:56:22.0062 0x08a8 [ C6EE3A87FE609D3E1DB9DBD072A248DE, 9C2189FA09A9E1DC39F9AB8F0C9C0B44BE0E11FC3165BCD0813DFA85EA62907C ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

18:56:22.0062 0x08a8 fssfltr - ok

18:56:22.0203 0x08a8 [ 206AD9A89BF05DFA1621F1FC7B82592D, EAEE557535D865232237898858F5AE35F868065A1F79BBB48A2173124E2B6F63 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe

18:56:22.0265 0x08a8 fsssvc - ok

18:56:22.0296 0x08a8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:56:22.0296 0x08a8 Fs_Rec - ok

18:56:22.0328 0x08a8 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:56:22.0359 0x08a8 Ftdisk - ok

18:56:22.0406 0x08a8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:56:22.0406 0x08a8 Gpc - ok

18:56:22.0453 0x08a8 [ FC80052194D5708254A346568F0E77C0, 70F81DD8115998BAB162D047FD6D098CA54DB44BF90B8A048DB68E169D89AB77 ] GTNDIS5 C:\WINDOWS\system32\GTNDIS5.SYS

18:56:22.0453 0x08a8 GTNDIS5 - ok

18:56:22.0546 0x08a8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

18:56:22.0546 0x08a8 gupdate - ok

18:56:22.0562 0x08a8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

18:56:22.0578 0x08a8 gupdatem - ok

18:56:22.0625 0x08a8 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

18:56:22.0671 0x08a8 gusvc - ok

18:56:22.0796 0x08a8 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:56:22.0796 0x08a8 helpsvc - ok

18:56:22.0843 0x08a8 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll

18:56:22.0843 0x08a8 HidServ - ok

18:56:22.0890 0x08a8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:56:22.0890 0x08a8 HidUsb - ok

18:56:22.0953 0x08a8 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

18:56:22.0953 0x08a8 hkmsvc - ok

18:56:23.0000 0x08a8 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys

18:56:23.0000 0x08a8 hpn - ok

18:56:23.0062 0x08a8 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

18:56:23.0078 0x08a8 HTTP - ok

18:56:23.0125 0x08a8 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

18:56:23.0125 0x08a8 HTTPFilter - ok

18:56:23.0171 0x08a8 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys

18:56:23.0171 0x08a8 i2omgmt - ok

18:56:23.0203 0x08a8 [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys

18:56:23.0203 0x08a8 i2omp - ok

18:56:23.0265 0x08a8 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:56:23.0265 0x08a8 i8042prt - ok

18:56:23.0421 0x08a8 [ 9A883C3C4D91292C0D09DE7C728E781C, 34DD9E781C42FF55BF83F62DFE7B0F4FE3CAEF19B517245BA004C2C641493A98 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

18:56:23.0468 0x08a8 ialm - ok

18:56:23.0593 0x08a8 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:56:23.0609 0x08a8 idsvc - ok

18:56:23.0656 0x08a8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

18:56:23.0656 0x08a8 Imapi - ok

18:56:23.0703 0x08a8 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe

18:56:23.0718 0x08a8 ImapiService - ok

18:56:23.0781 0x08a8 [ 491FB9E6C0BD1383884D64EA5B886AD8, 7FF42213E260893C498663299AF6D3D4301F6C383C6B91E667BBD204F2B0A3E9 ] IMFservice C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

18:56:23.0812 0x08a8 IMFservice - ok

18:56:23.0859 0x08a8 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys

18:56:23.0859 0x08a8 ini910u - ok

18:56:23.0906 0x08a8 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

18:56:23.0906 0x08a8 IntelIde - ok

18:56:23.0953 0x08a8 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:56:23.0953 0x08a8 intelppm - ok

18:56:24.0000 0x08a8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

18:56:24.0000 0x08a8 Ip6Fw - ok

18:56:24.0031 0x08a8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:56:24.0031 0x08a8 IpFilterDriver - ok

18:56:24.0078 0x08a8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:56:24.0078 0x08a8 IpInIp - ok

18:56:24.0125 0x08a8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:56:24.0140 0x08a8 IpNat - ok

18:56:24.0250 0x08a8 [ E51BD095B2FDF56B17EE010BB794D6ED, EEF30B3161A7929E34DE34363CCBCB9E51AD7F1E7FAEE85963075C5775F7E806 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

18:56:24.0265 0x08a8 iPod Service - ok

18:56:24.0296 0x08a8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:56:24.0296 0x08a8 IPSec - ok

18:56:24.0343 0x08a8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

18:56:24.0343 0x08a8 IRENUM - ok

18:56:24.0390 0x08a8 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:56:24.0390 0x08a8 isapnp - ok

18:56:24.0421 0x08a8 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:56:24.0421 0x08a8 Kbdclass - ok

18:56:24.0453 0x08a8 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:56:24.0453 0x08a8 kbdhid - ok

18:56:24.0500 0x08a8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

18:56:24.0500 0x08a8 kmixer - ok

18:56:24.0562 0x08a8 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

18:56:24.0562 0x08a8 KSecDD - ok

18:56:24.0609 0x08a8 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

18:56:24.0609 0x08a8 lanmanserver - ok

18:56:24.0671 0x08a8 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

18:56:24.0671 0x08a8 lanmanworkstation - ok

18:56:24.0687 0x08a8 lbrtfdc - ok

18:56:24.0734 0x08a8 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

18:56:24.0734 0x08a8 LmHosts - ok

18:56:24.0781 0x08a8 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll

18:56:24.0781 0x08a8 Messenger - ok

18:56:24.0906 0x08a8 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

18:56:24.0906 0x08a8 Microsoft Office Groove Audit Service - ok

18:56:24.0968 0x08a8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

18:56:24.0968 0x08a8 mnmdd - ok

18:56:25.0015 0x08a8 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

18:56:25.0015 0x08a8 mnmsrvc - ok

18:56:25.0062 0x08a8 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys

18:56:25.0062 0x08a8 Modem - ok

18:56:25.0093 0x08a8 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:56:25.0093 0x08a8 Mouclass - ok

18:56:25.0140 0x08a8 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:56:25.0140 0x08a8 mouhid - ok

18:56:25.0156 0x08a8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

18:56:25.0171 0x08a8 MountMgr - ok

18:56:25.0218 0x08a8 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys

18:56:25.0218 0x08a8 mraid35x - ok

18:56:25.0250 0x08a8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:56:25.0265 0x08a8 MRxDAV - ok

18:56:25.0328 0x08a8 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:56:25.0343 0x08a8 MRxSmb - ok

18:56:25.0390 0x08a8 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe

18:56:25.0390 0x08a8 MSDTC - ok

18:56:25.0437 0x08a8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

18:56:25.0437 0x08a8 Msfs - ok

18:56:25.0453 0x08a8 MSIServer - ok

18:56:25.0484 0x08a8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:56:25.0484 0x08a8 MSKSSRV - ok

18:56:25.0500 0x08a8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:56:25.0500 0x08a8 MSPCLOCK - ok

18:56:25.0515 0x08a8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

18:56:25.0531 0x08a8 MSPQM - ok

18:56:25.0562 0x08a8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:56:25.0562 0x08a8 mssmbios - ok

18:56:25.0593 0x08a8 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

18:56:25.0609 0x08a8 MSTEE - ok

18:56:25.0640 0x08a8 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

18:56:25.0640 0x08a8 Mup - ok

18:56:25.0687 0x08a8 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:56:25.0687 0x08a8 NABTSFEC - ok

18:56:25.0750 0x08a8 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll

18:56:25.0765 0x08a8 napagent - ok

18:56:25.0812 0x08a8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

18:56:25.0812 0x08a8 NDIS - ok

18:56:25.0859 0x08a8 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:56:25.0859 0x08a8 NdisIP - ok

18:56:25.0890 0x08a8 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:56:25.0890 0x08a8 NdisTapi - ok

18:56:25.0937 0x08a8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:56:25.0937 0x08a8 Ndisuio - ok

18:56:25.0968 0x08a8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:56:25.0968 0x08a8 NdisWan - ok

18:56:26.0015 0x08a8 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

18:56:26.0015 0x08a8 NDProxy - ok

18:56:26.0078 0x08a8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

18:56:26.0078 0x08a8 NetBIOS - ok

18:56:26.0109 0x08a8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

18:56:26.0109 0x08a8 NetBT - ok

18:56:26.0156 0x08a8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe

18:56:26.0156 0x08a8 NetDDE - ok

18:56:26.0171 0x08a8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

18:56:26.0187 0x08a8 NetDDEdsdm - ok

18:56:26.0234 0x08a8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe

18:56:26.0234 0x08a8 Netlogon - ok

18:56:26.0296 0x08a8 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll

18:56:26.0312 0x08a8 Netman - ok

18:56:26.0421 0x08a8 [ 02D0798F376FCBD0210EDA58476D0B1B, 7658BFBF216FC92C27A60D7E6FF105E89AF2C125519174F27AC73D2E9F397E4C ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

18:56:26.0421 0x08a8 NetSvc - ok

18:56:26.0468 0x08a8 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:56:26.0484 0x08a8 NetTcpPortSharing - ok

18:56:26.0531 0x08a8 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll

18:56:26.0546 0x08a8 Nla - ok

18:56:26.0609 0x08a8 [ F70FE22F48FBE2A16C3D4B235DA608E8, 601461FFCD58E4C00A6F769772390773738C92EC2ABB47CB604D98736F674B95 ] nlsX86cc C:\WINDOWS\system32\NLSSRV32.EXE

18:56:26.0609 0x08a8 nlsX86cc - ok

18:56:26.0656 0x08a8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

18:56:26.0656 0x08a8 Npfs - ok

18:56:26.0687 0x08a8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

18:56:26.0703 0x08a8 Ntfs - ok

18:56:26.0734 0x08a8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

18:56:26.0734 0x08a8 NtLmSsp - ok

18:56:26.0796 0x08a8 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

18:56:26.0812 0x08a8 NtmsSvc - ok

18:56:26.0843 0x08a8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys

18:56:26.0843 0x08a8 Null - ok

18:56:26.0968 0x08a8 [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:56:27.0015 0x08a8 nv - ok

18:56:27.0062 0x08a8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:56:27.0062 0x08a8 NwlnkFlt - ok

18:56:27.0109 0x08a8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:56:27.0109 0x08a8 NwlnkFwd - ok

18:56:27.0234 0x08a8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

18:56:27.0250 0x08a8 odserv - ok

18:56:27.0328 0x08a8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:56:27.0328 0x08a8 ose - ok

18:56:27.0390 0x08a8 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

18:56:27.0390 0x08a8 Parport - ok

18:56:27.0421 0x08a8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

18:56:27.0421 0x08a8 PartMgr - ok

18:56:27.0468 0x08a8 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

18:56:27.0468 0x08a8 ParVdm - ok

18:56:27.0531 0x08a8 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

18:56:27.0531 0x08a8 PCI - ok

18:56:27.0546 0x08a8 PCIDump - ok

18:56:27.0578 0x08a8 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

18:56:27.0578 0x08a8 PCIIde - ok

18:56:27.0625 0x08a8 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

18:56:27.0625 0x08a8 Pcmcia - ok

18:56:27.0640 0x08a8 PDCOMP - ok

18:56:27.0656 0x08a8 PDFRAME - ok

18:56:27.0671 0x08a8 PDRELI - ok

18:56:27.0671 0x08a8 PDRFRAME - ok

18:56:27.0734 0x08a8 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys

18:56:27.0734 0x08a8 perc2 - ok

18:56:27.0765 0x08a8 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys

18:56:27.0765 0x08a8 perc2hib - ok

18:56:27.0875 0x08a8 [ 8512A7A19959218711F884EECC1DBAEB, 22448A8E36EF1FF5948274E08F1F45B4C0C670CFC40CD66BCE7D0669068A0DB2 ] PfFilter C:\Program Files\IObit\Protected Folder\pffilter.sys

18:56:27.0890 0x08a8 PfFilter - ok

18:56:27.0921 0x08a8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe

18:56:27.0937 0x08a8 PlugPlay - ok

18:56:28.0000 0x08a8 [ 2D091A99624FB9E7EEF0A86D872EC0C3, 465C0772E23F7959EC71DCCFA3304E2E46FD31548AE37D7BA3DAAA59E6B561FD ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe

18:56:28.0000 0x08a8 Pml Driver HPZ12 - ok

18:56:28.0015 0x08a8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

18:56:28.0015 0x08a8 PolicyAgent - ok

18:56:28.0093 0x08a8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:56:28.0093 0x08a8 PptpMiniport - ok

18:56:28.0125 0x08a8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

18:56:28.0125 0x08a8 ProtectedStorage - ok

18:56:28.0187 0x08a8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

18:56:28.0187 0x08a8 PSched - ok

18:56:28.0234 0x08a8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:56:28.0234 0x08a8 Ptilink - ok

18:56:28.0312 0x08a8 [ D86B4A68565E444D76457F14172C875A, 06B1CF81A62B3DAA8D0C5A8B88C56A504DE8E9278C520F754AF363A6676C58B0 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:56:28.0312 0x08a8 PxHelp20 - ok

18:56:28.0375 0x08a8 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys

18:56:28.0375 0x08a8 ql1080 - ok

18:56:28.0421 0x08a8 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

18:56:28.0421 0x08a8 Ql10wnt - ok

18:56:28.0453 0x08a8 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys

18:56:28.0453 0x08a8 ql12160 - ok

18:56:28.0484 0x08a8 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys

18:56:28.0484 0x08a8 ql1240 - ok

18:56:28.0515 0x08a8 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys

18:56:28.0515 0x08a8 ql1280 - ok

18:56:28.0562 0x08a8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:56:28.0578 0x08a8 RasAcd - ok

18:56:28.0625 0x08a8 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll

18:56:28.0625 0x08a8 RasAuto - ok

18:56:28.0656 0x08a8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:56:28.0656 0x08a8 Rasl2tp - ok

18:56:28.0765 0x08a8 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll

18:56:28.0765 0x08a8 RasMan - ok

18:56:28.0828 0x08a8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:56:28.0828 0x08a8 RasPppoe - ok

18:56:28.0843 0x08a8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

18:56:28.0843 0x08a8 Raspti - ok

18:56:28.0875 0x08a8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:56:28.0875 0x08a8 Rdbss - ok

18:56:28.0890 0x08a8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:56:28.0890 0x08a8 RDPCDD - ok

18:56:28.0937 0x08a8 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:56:28.0953 0x08a8 rdpdr - ok

18:56:29.0015 0x08a8 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

18:56:29.0015 0x08a8 RDPWD - ok

18:56:29.0062 0x08a8 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

18:56:29.0078 0x08a8 RDSessMgr - ok

18:56:29.0093 0x08a8 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

18:56:29.0109 0x08a8 redbook - ok

18:56:29.0156 0x08a8 [ 3BC05EC17F0A2BF4F141CB3D3390515E, 7430D6DB73A0CD40BD0F0DDA5508CF91233784BD76B4EDCDAED0EA6FB95ECFA7 ] RegFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys

18:56:29.0156 0x08a8 RegFilter - ok

18:56:29.0187 0x08a8 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

18:56:29.0203 0x08a8 RemoteAccess - ok

18:56:29.0250 0x08a8 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

18:56:29.0265 0x08a8 RemoteRegistry - ok

18:56:29.0296 0x08a8 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe

18:56:29.0312 0x08a8 RpcLocator - ok

18:56:29.0359 0x08a8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll

18:56:29.0375 0x08a8 RpcSs - ok

18:56:29.0437 0x08a8 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe

18:56:29.0437 0x08a8 RSVP - ok

18:56:29.0468 0x08a8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe

18:56:29.0484 0x08a8 SamSs - ok

18:56:29.0515 0x08a8 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

18:56:29.0515 0x08a8 SCardSvr - ok

18:56:29.0578 0x08a8 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll

18:56:29.0578 0x08a8 Schedule - ok

18:56:29.0640 0x08a8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:56:29.0640 0x08a8 Secdrv - ok

18:56:29.0687 0x08a8 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll

18:56:29.0687 0x08a8 seclogon - ok

18:56:29.0828 0x08a8 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8, E94F7E97AAB80600DED0310160527C3CC8CAC8593EC2FBEAED2EF5EC5A6C4086 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys

18:56:29.0843 0x08a8 senfilt - ok

18:56:29.0906 0x08a8 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll

18:56:29.0906 0x08a8 SENS - ok

18:56:29.0953 0x08a8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

18:56:29.0953 0x08a8 serenum - ok

18:56:29.0984 0x08a8 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

18:56:29.0984 0x08a8 Serial - ok

18:56:30.0015 0x08a8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

18:56:30.0015 0x08a8 Sfloppy - ok

18:56:30.0093 0x08a8 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

18:56:30.0109 0x08a8 SharedAccess - ok

18:56:30.0203 0x08a8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

18:56:30.0203 0x08a8 ShellHWDetection - ok

18:56:30.0218 0x08a8 Simbad - ok

18:56:30.0265 0x08a8 [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys

18:56:30.0281 0x08a8 sisagp - ok

18:56:30.0343 0x08a8 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

18:56:30.0343 0x08a8 SkypeUpdate - ok

18:56:30.0390 0x08a8 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:56:30.0390 0x08a8 SLIP - ok

18:56:30.0453 0x08a8 [ C6D9959E493682F872A639B6EC1B4A08, 5B6D3FD23A44422F8B3972CF47BF16B5015DC0CCF7EF59FADAFEEF1AEE32958B ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys

18:56:30.0468 0x08a8 smwdm - ok

18:56:30.0515 0x08a8 [ 60C377BE6B3CC83F6A8584934B181D2E, 58F94CAD0149F634BE2F630A39561073F9399A904E3E3143C0D0BEC348A0C3B2 ] SNMP C:\WINDOWS\System32\snmp.exe

18:56:30.0531 0x08a8 SNMP - ok

18:56:30.0562 0x08a8 [ 80A050795A107A76C2B1CD4CFBE010E6, DA5BFB0E8E990BE998F1ED5991CA3318A99E0F252669CE9FAE2EF67C535140B8 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe

18:56:30.0562 0x08a8 SNMPTRAP - ok

18:56:30.0609 0x08a8 [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

18:56:30.0609 0x08a8 SONYPVU1 - ok

18:56:30.0640 0x08a8 [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys

18:56:30.0640 0x08a8 Sparrow - ok

18:56:30.0671 0x08a8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys

18:56:30.0687 0x08a8 splitter - ok

18:56:30.0750 0x08a8 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe

18:56:30.0750 0x08a8 Spooler - ok

18:56:30.0812 0x08a8 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

18:56:30.0812 0x08a8 sr - ok

18:56:30.0875 0x08a8 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll

18:56:30.0890 0x08a8 srservice - ok

18:56:30.0953 0x08a8 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

18:56:30.0968 0x08a8 Srv - ok

18:56:30.0984 0x08a8 [ D7968049BE0ADBB6A57CEE3960320911, 6FB6D7BE384324211DAEDCCD80BA983E32183D08DF6C5B5B5453773DCC0F4D5B ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys

18:56:30.0984 0x08a8 sscdbhk5 - ok

18:56:31.0046 0x08a8 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

18:56:31.0046 0x08a8 SSDPSRV - ok

18:56:31.0078 0x08a8 [ C3FFD65ABFB6441E7606CF74F1155273, EFA481D5075A9C0490CEBA5F8223BE322EB3811465F41A1FB3386E30E8C81714 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys

18:56:31.0078 0x08a8 ssrtln - ok

18:56:31.0093 0x08a8 [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys

18:56:31.0093 0x08a8 StillCam - ok

18:56:31.0171 0x08a8 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll

18:56:31.0187 0x08a8 stisvc - ok

18:56:31.0234 0x08a8 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:56:31.0234 0x08a8 streamip - ok

18:56:31.0281 0x08a8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

18:56:31.0281 0x08a8 swenum - ok

18:56:31.0343 0x08a8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

18:56:31.0343 0x08a8 swmidi - ok

18:56:31.0359 0x08a8 SwPrv - ok

18:56:31.0406 0x08a8 [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys

18:56:31.0406 0x08a8 symc810 - ok

18:56:31.0453 0x08a8 [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys

18:56:31.0453 0x08a8 symc8xx - ok

18:56:31.0500 0x08a8 [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys

18:56:31.0500 0x08a8 sym_hi - ok

18:56:31.0531 0x08a8 [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys

18:56:31.0531 0x08a8 sym_u3 - ok

18:56:31.0578 0x08a8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

18:56:31.0578 0x08a8 sysaudio - ok

18:56:31.0625 0x08a8 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

18:56:31.0625 0x08a8 SysmonLog - ok

18:56:31.0687 0x08a8 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

18:56:31.0687 0x08a8 TapiSrv - ok

18:56:31.0765 0x08a8 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:56:31.0781 0x08a8 Tcpip - ok

18:56:31.0828 0x08a8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

18:56:31.0828 0x08a8 TDPIPE - ok

18:56:31.0843 0x08a8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

18:56:31.0859 0x08a8 TDTCP - ok

18:56:31.0890 0x08a8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

18:56:31.0890 0x08a8 TermDD - ok

18:56:31.0953 0x08a8 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll

18:56:31.0968 0x08a8 TermService - ok

18:56:32.0062 0x08a8 [ 30698355067D07DA5F9EB81132C9FDD6, 80457F8DBB089FFF23ED220924F5C872D896707F4B31E9C77DAB78421B9B2F6D ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys

18:56:32.0062 0x08a8 tfsnboio - ok

18:56:32.0078 0x08a8 [ FB9D825BB4A2ABDF24600F7505050E2B, A7A11366525C4DEAD588822F4C57C7ED5D6F3578F2DB2124BF0441133B3169B9 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys

18:56:32.0078 0x08a8 tfsncofs - ok

18:56:32.0093 0x08a8 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33, AA5BDE527B67A14654D930252894FEDB8976EAE1F33C2BC0E7747D2B4EB93C4E ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys

18:56:32.0093 0x08a8 tfsndrct - ok

18:56:32.0109 0x08a8 [ 8DB1E78FBF7C426D8EC3D8F1A33D6485, FF437EFD667EFE00729188B18C7E17E8C15D06A2C1F58A0F79E22DFADCECF969 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys

18:56:32.0109 0x08a8 tfsndres - ok

18:56:32.0125 0x08a8 [ B92F67A71CC8176F331B8AA8D9F555AD, F59E8464E44E08C18C3C7D32408D7661923F30FDD35390082DC7F2C02DCC40A3 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys

18:56:32.0125 0x08a8 tfsnifs - ok

18:56:32.0156 0x08a8 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C, 9ADD1077C3B34E0EFA85EC4762822330D85F43EB4557C9ED015D8D1575E52885 ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys

18:56:32.0156 0x08a8 tfsnopio - ok

18:56:32.0171 0x08a8 [ BBA22094F0F7C210567EFDAF11F64495, C55D3F3628C73FFA776C9B61BA735CB24DEE9F80F6E74A2F9BD70CFFB863BA57 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys

18:56:32.0171 0x08a8 tfsnpool - ok

18:56:32.0203 0x08a8 [ 81340BEF80B9811E98CE64611E67E3FF, CD6679A4D1A7932CD64F1F6AACF09CEC2D8E7DD001F812CC49756D8F582D907A ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys

18:56:32.0203 0x08a8 tfsnudf - ok

18:56:32.0265 0x08a8 [ C035FD116224CCC8325F384776B6A8BB, CB97AD56288F916DE2AF5B1EC9D04AF3A1C2A2FA0A738282DA3763036DD18F12 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys

18:56:32.0265 0x08a8 tfsnudfa - ok

18:56:32.0296 0x08a8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll

18:56:32.0296 0x08a8 Themes - ok

18:56:32.0359 0x08a8 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

18:56:32.0375 0x08a8 TlntSvr - ok

18:56:32.0421 0x08a8 [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys

18:56:32.0421 0x08a8 TosIde - ok

18:56:32.0453 0x08a8 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll

18:56:32.0468 0x08a8 TrkWks - ok

18:56:32.0515 0x08a8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

18:56:32.0515 0x08a8 Udfs - ok

18:56:32.0562 0x08a8 [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys

18:56:32.0562 0x08a8 ultra - ok

18:56:32.0625 0x08a8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

18:56:32.0640 0x08a8 Update - ok

18:56:32.0703 0x08a8 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll

18:56:32.0703 0x08a8 upnphost - ok

18:56:32.0750 0x08a8 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe

18:56:32.0750 0x08a8 UPS - ok

18:56:32.0796 0x08a8 [ 6A65CD6761337D339001959232233F0D, CB3507F565E675E3B9BAB85B622991035DB87EE2183557E7A009C70F82A9DB38 ] UrlFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys

18:56:32.0796 0x08a8 UrlFilter - ok

18:56:32.0843 0x08a8 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:56:32.0843 0x08a8 usbccgp - ok

18:56:32.0875 0x08a8 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:56:32.0875 0x08a8 usbehci - ok

18:56:32.0937 0x08a8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:56:32.0937 0x08a8 usbhub - ok

18:56:32.0968 0x08a8 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:56:32.0984 0x08a8 usbprint - ok

18:56:33.0015 0x08a8 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:56:33.0015 0x08a8 usbscan - ok

18:56:33.0046 0x08a8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:56:33.0046 0x08a8 USBSTOR - ok

18:56:33.0093 0x08a8 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:56:33.0093 0x08a8 usbuhci - ok

18:56:33.0125 0x08a8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

18:56:33.0125 0x08a8 VgaSave - ok

18:56:33.0171 0x08a8 [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys

18:56:33.0171 0x08a8 viaagp - ok

18:56:33.0203 0x08a8 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

18:56:33.0203 0x08a8 ViaIde - ok

18:56:33.0265 0x08a8 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

18:56:33.0265 0x08a8 VolSnap - ok

18:56:33.0343 0x08a8 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe

18:56:33.0359 0x08a8 VSS - ok

18:56:33.0390 0x08a8 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time C:\WINDOWS\system32\w32time.dll

18:56:33.0406 0x08a8 w32time - ok

18:56:33.0421 0x08a8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:56:33.0421 0x08a8 Wanarp - ok

18:56:33.0453 0x08a8 WDICA - ok

18:56:34.0078 0x08a8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

18:56:34.0093 0x08a8 wdmaud - ok

18:56:34.0140 0x08a8 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll

18:56:34.0140 0x08a8 WebClient - ok

18:56:34.0250 0x08a8 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

18:56:34.0265 0x08a8 winmgmt - ok

18:56:34.0359 0x08a8 [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM C:\WINDOWS\system32\WsmSvc.dll

18:56:34.0390 0x08a8 WinRM - ok

18:56:34.0437 0x08a8 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

18:56:34.0437 0x08a8 WmdmPmSN - ok

18:56:34.0546 0x08a8 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll

18:56:34.0562 0x08a8 Wmi - ok

18:56:34.0765 0x08a8 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:56:34.0781 0x08a8 WmiApSrv - ok

18:56:34.0906 0x08a8 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

18:56:34.0953 0x08a8 WMPNetworkSvc - ok

18:56:35.0015 0x08a8 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

18:56:35.0015 0x08a8 WS2IFSL - ok

18:56:35.0078 0x08a8 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll

18:56:35.0078 0x08a8 wscsvc - ok

18:56:35.0125 0x08a8 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:56:35.0140 0x08a8 WSTCODEC - ok

18:56:35.0187 0x08a8 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll

18:56:35.0187 0x08a8 wuauserv - ok

18:56:35.0234 0x08a8 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:56:35.0250 0x08a8 WudfPf - ok

18:56:35.0296 0x08a8 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:56:35.0296 0x08a8 WudfRd - ok

18:56:35.0328 0x08a8 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

18:56:35.0328 0x08a8 WudfSvc - ok

18:56:35.0437 0x08a8 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

18:56:35.0468 0x08a8 WZCSVC - ok

18:56:35.0515 0x08a8 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll

18:56:35.0531 0x08a8 xmlprov - ok

18:56:35.0546 0x08a8 ================ Scan global ===============================

18:56:35.0578 0x08a8 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll

18:56:35.0625 0x08a8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll

18:56:35.0687 0x08a8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll

18:56:35.0734 0x08a8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe

18:56:35.0734 0x08a8 [ Global ] - ok

18:56:35.0734 0x08a8 ================ Scan MBR ==================================

18:56:35.0734 0x08a8 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0

18:56:36.0000 0x08a8 \Device\Harddisk0\DR0 - ok

18:56:36.0000 0x08a8 ================ Scan VBR ==================================

18:56:36.0000 0x08a8 [ 622A417CF62915632DEDC7A25894BB8A ] \Device\Harddisk0\DR0\Partition1

18:56:36.0015 0x08a8 \Device\Harddisk0\DR0\Partition1 - ok

18:56:36.0015 0x08a8 ================ Scan generic autorun ======================

18:56:36.0062 0x08a8 [ 2CA827BA68D0CDB5437C40C6F53D7F20, 2727C5BA23C106E0531E9820CD9682039A6CC1DDF94DF571C62E96F99E88740C ] C:\WINDOWS\system32\dla\tfswctrl.exe

18:56:36.0062 0x08a8 dla - ok

18:56:36.0140 0x08a8 [ 3F2C8DD08549BB3419CDA372F5999FFA, D2AF3C3BD950A027094034B40C6F81BE966A557F9BD403D3D10E3D0D31CF8A76 ] C:\WINDOWS\system32\igfxtray.exe

18:56:36.0156 0x08a8 igfxtray - ok

18:56:36.0187 0x08a8 [ 01018F75F3F18CE629FAC9689954A2AE, F10802A5DEE4527B34939A5FF77B6B3184F7A2FF2963DE6C872C85C25233C7CF ] C:\WINDOWS\system32\hkcmd.exe

18:56:36.0250 0x08a8 igfxhkcmd - ok

18:56:36.0390 0x08a8 [ 10247C15D999CC116C87DA36BD0AD64D, C2F0EE62505690DD7A11E08B555C522843B9A0902E05A6A75EB6FFFF3654606A ] C:\Program Files\Analog Devices\Core\smax4pnp.exe

18:56:36.0468 0x08a8 SoundMAXPnP - ok

18:56:36.0578 0x08a8 [ 0AEE5668EB59912F32FF245BFA72465F, 653978E365B0E72D34E8B3ED1BFCF0237B70B41396BD70EBBBEDB31AFD77857B ] C:\Program Files\QuickTime\qttask.exe

18:56:36.0593 0x08a8 QuickTime Task - ok

18:56:36.0671 0x08a8 [ B75FDBF14073D72C50624CC8338DD534, 953C7E16B56597ABCCD805A379769B0FD76298669DDE6E1172C728F410371CE8 ] C:\Program Files\DellSupport\DSAgnt.exe

18:56:36.0703 0x08a8 DellSupport - ok

18:56:36.0750 0x08a8 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe

18:56:36.0750 0x08a8 ctfmon.exe - ok

18:56:36.0796 0x08a8 [ 7EAED08CCCA4DDDE61A388C82598CFA9, 1995067478C8C04BDAAC030C380BE59BB6BEFAE715C8BED74E7A05C40586707B ] C:\Program Files\Windows Media Player\WMPNSCFG.exe

18:56:36.0812 0x08a8 WMPNSCFG - ok

18:56:36.0859 0x08a8 [ B75FDBF14073D72C50624CC8338DD534, 953C7E16B56597ABCCD805A379769B0FD76298669DDE6E1172C728F410371CE8 ] C:\Program Files\DellSupport\DSAgnt.exe

18:56:36.0859 0x08a8 DellSupport - ok

18:56:36.0890 0x08a8 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe

18:56:36.0890 0x08a8 ctfmon.exe - ok

18:56:36.0953 0x08a8 [ E616A6A6E91B0A86F2F6217CDE835FFE, 411671C4B2BB4DB3F02A21C199A5479F31394165704736A549B53245B94577F7 ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

18:56:36.0953 0x08a8 swg - ok

18:56:37.0000 0x08a8 [ 0AEE5668EB59912F32FF245BFA72465F, 653978E365B0E72D34E8B3ED1BFCF0237B70B41396BD70EBBBEDB31AFD77857B ] C:\Program Files\QuickTime\qttask.exe

18:56:37.0015 0x08a8 QuickTime Task - ok

18:56:37.0046 0x08a8 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe

18:56:37.0046 0x08a8 ctfmon.exe - ok

18:56:37.0218 0x08a8 [ AC44886015BFD0D9B0E3B4F44D6027AD, F4567EBA84B09ED48441A58C2E72E34BCF1E353F980261F1495619CD16608555 ] C:\WINDOWS\setup_rangers_2.exe

18:56:40.0390 0x08a8 setup_rangers_2.exe - ok

18:56:40.0656 0x08a8 [ E616A6A6E91B0A86F2F6217CDE835FFE, 411671C4B2BB4DB3F02A21C199A5479F31394165704736A549B53245B94577F7 ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

18:56:40.0656 0x08a8 swg - ok

18:56:40.0828 0x08a8 [ 7EAED08CCCA4DDDE61A388C82598CFA9, 1995067478C8C04BDAAC030C380BE59BB6BEFAE715C8BED74E7A05C40586707B ] C:\Program Files\Windows Media Player\WMPNSCFG.exe

18:56:40.0828 0x08a8 WMPNSCFG - ok

18:56:41.0000 0x08a8 [ B75FDBF14073D72C50624CC8338DD534, 953C7E16B56597ABCCD805A379769B0FD76298669DDE6E1172C728F410371CE8 ] C:\Program Files\DellSupport\DSAgnt.exe

18:56:41.0015 0x08a8 DellSupport - ok

18:56:41.0171 0x08a8 [ E616A6A6E91B0A86F2F6217CDE835FFE, 411671C4B2BB4DB3F02A21C199A5479F31394165704736A549B53245B94577F7 ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

18:56:41.0171 0x08a8 swg - ok

18:56:41.0312 0x08a8 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe

18:56:41.0312 0x08a8 ctfmon.exe - ok

18:56:41.0453 0x08a8 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe

18:56:41.0453 0x08a8 ctfmon.exe - ok

18:56:41.0546 0x08a8 Waiting for KSN requests completion. In queue: 274

18:56:42.0546 0x08a8 Waiting for KSN requests completion. In queue: 274

18:56:43.0546 0x08a8 Waiting for KSN requests completion. In queue: 244

18:56:44.0593 0x08a8 Waiting for KSN requests completion. In queue: 198

18:56:45.0593 0x08a8 Waiting for KSN requests completion. In queue: 5

18:56:47.0250 0x08a8 Win FW state via NFM: enabled

18:56:49.0859 0x08a8 ============================================================

18:56:49.0859 0x08a8 Scan finished

18:56:49.0859 0x08a8 ============================================================

18:56:50.0078 0x0550 Detected object count: 0

18:56:50.0078 0x0550 Actual detected object count: 0



#9 Sacred Nymphaea

Sacred Nymphaea
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:14 AM

Posted 05 August 2014 - 08:46 PM

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-05 19:09:21
-----------------------------
19:09:21.828    OS Version: Windows 5.1.2600 Service Pack 3
19:09:21.828    Number of processors: 1 586 0x401
19:09:21.828    ComputerName: JOE  UserName:
19:09:23.359    Initialize success
19:09:23.359    VM: initialized successfully
19:09:23.500    VM: Intel CPU virtualization not supported
19:10:42.890    AVAST engine defs: 14080500
20:28:13.171    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:28:13.171    Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
20:28:13.359    Disk 0 MBR read successfully
20:28:13.375    Disk 0 MBR scan
20:28:13.546    Disk 0 unknown MBR code
20:28:13.562    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
20:28:13.671    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        72967 MB offset 80325
20:28:13.703    Disk 0 default boot code
20:28:13.765    Disk 0 Partition 3 00     DB  CP/M / CTOS Dell 8.0     3278 MB offset 149516955
20:28:13.828    Disk 0 scanning sectors +156232125
20:28:14.078    Disk 0 scanning C:\WINDOWS\system32\drivers
20:28:37.750    Service scanning
20:29:29.609    Modules scanning
20:29:52.968    Disk 0 trace - called modules:
20:29:52.968    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x82f6d388]<<
20:29:52.968    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f7aab8]
20:29:52.984    3 CLASSPNP.SYS[f87b8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f78d98]
20:29:54.171    AVAST engine scan C:\WINDOWS
20:30:03.484    AVAST engine scan C:\WINDOWS\system32
20:31:26.421    Scan stopped
20:31:34.218    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:31:34.218    Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
20:31:34.375    Disk 0 MBR read successfully
20:31:34.375    Disk 0 MBR scan
20:31:34.375    Disk 0 unknown MBR code
20:31:34.406    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
20:31:34.421    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        72967 MB offset 80325
20:31:34.437    Disk 0 default boot code
20:31:34.468    Disk 0 Partition 3 00     DB  CP/M / CTOS Dell 8.0     3278 MB offset 149516955
20:31:34.468    Disk 0 scanning sectors +156232125
20:31:34.671    Disk 0 scanning C:\WINDOWS\system32\drivers
20:31:52.062    Service scanning
20:32:27.328    Modules scanning
20:32:42.312    Disk 0 trace - called modules:
20:32:42.328    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys >>UNKNOWN [0x82f6d388]<<
20:32:42.328    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f7aab8]
20:32:42.343    3 CLASSPNP.SYS[f87b8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f78d98]
20:32:42.609    AVAST engine scan C:\WINDOWS
20:32:50.640    AVAST engine scan C:\WINDOWS\system32
20:37:19.562    AVAST engine scan C:\WINDOWS\system32\drivers
20:37:40.515    AVAST engine scan C:\Documents and Settings\mmmm
20:38:14.171    AVAST engine scan C:\Documents and Settings\All Users
20:39:34.343    Scan finished successfully
20:39:48.281    Disk 0 MBR has been saved successfully to "C:\downloads\MBR.dat"
20:39:48.296    The log file has been saved successfully to "C:\downloads\aswMBR.txt"

 

Attached Files

  • Attached File  MBR.zip   577bytes   0 downloads


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 AM

Posted 06 August 2014 - 08:23 AM

Run the aswMBR and select the FixMBR button.

Restart the computer normally.

How is the computer running now?

#11 Sacred Nymphaea

Sacred Nymphaea
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:14 AM

Posted 06 August 2014 - 07:51 PM

Computer seems to be running much smoother ...

Internet is much faster.

However, the volume still lowers every few minutes.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 AM

Posted 07 August 2014 - 10:55 AM

Could it be that your Audio Card is the cause.

http://superuser.com/questions/450055/volume-randomly-turning-itself-down-on-windows-7-64-bit
===
Google this string the volume still lowers every few minutes Others may have a solution.

#13 Sacred Nymphaea

Sacred Nymphaea
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:14 AM

Posted 07 August 2014 - 03:00 PM

No, it is not the audio card.  When I first started having this issue I downloaded ESET. While I had the Free trial of ESET the volume worked fine. After I got rid of ESET it began happening again. However, ESET would constantly tell me it would find - SVCHOST and that it was a Trojan x 2. It would shut them down and quarantine them. I would then have it do a scan and ESET would find nothing. The next time I rebooted it would tell me that it found the same 2 again.

 

I have 8 SVCHOST running.

 

I have windows XP.

It lowers the Wave Volume the regular volume never changes.

I have checked on my sound settings and they are all fine.

My sound drivers are fine and I do not think they would have anything to do with my wave volume lowering. I could be wrong.

My sound comes back when I bring up volume control and raise the wave volume back up.


Edited by Sacred Nymphaea, 07 August 2014 - 03:08 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 AM

Posted 08 August 2014 - 06:36 AM

Refer to this article.

http://answers.microsoft.com/en-us/windows/forum/windows_xp-hardware/wave-volume-control-keeps-resetting-to-lowest/5bbb4bad-65a0-4168-b37e-3796bd323413

Read the topic and if you have a nvidia audio check the reply from meshguru replied on April 11, 2014
I do not have a XP computer to check this.

Keep me posted.

#15 Sacred Nymphaea

Sacred Nymphaea
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:14 AM

Posted 08 August 2014 - 11:03 AM

I really appreciate your time.... I will attempt to fix my registry but I do not have NVIDIA.... but I just want to clarify...

 

 

ESET changed settings in my registry keys having to do with my wave volume and when I removed the anti-virus software ... it changed them back? Because again I had this problem before I installed ESET .... while I had ESET it did not happen. However it (ESET) bogged my computer down due to CPU usage. So while it would be easier for me to purchase it.... it makes using my computer very difficult.

 

When I get home I will go to the link and see if messing with the registry works.

 

Thank you for trying :)


Edited by Sacred Nymphaea, 08 August 2014 - 11:47 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users