Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus:DOS/Rovnix.W


  • This topic is locked This topic is locked
32 replies to this topic

#1 hospiceshepherd

hospiceshepherd

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:11 AM

Posted 05 October 2014 - 06:58 PM

Hello!

 

My Windows XP desktop pc has been infected with Virus:DOS/Rovnix.W (detected by Microsoft Security Essentials) after clicking Open on an attachment in an email.

 

Malware location info: boot:\\.\PHYSICALDRIVE0\Partition0 (NTFS)

 

I would appreciate your assistance in removing it from my system. Thank you!

 

Note: I was unable to get the dds.txt log. No dds.txt window popped up after running DDS, but I was able to get the attach.txt file saved which I can provide whenever you like.


Edited by hospiceshepherd, 05 October 2014 - 10:23 PM.


BC AdBot (Login to Remove)

 


#2 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:11:11 AM

Posted 07 October 2014 - 04:53 PM

Hello and :welcome: on bleeping computer
My name is Sandra and I will help you with your problem.

  • Please follow my instructions in the order they are given
  • Read the instructions carefully before you start. If you get in trouble or do not understand what is to do then stop with the execution and describe the problem as good as you can
  • Do only run Scans which I advise to you
  • Do not do crossposting (Posting in different forums)
  • Do not de- or install software during removal, expect I advisted that to you
  • Please post all logfiles as a reply instead of attaching them unless I asked you for do so. If the files are too big then use more posts, thanks
  • Please keep in mind that we are all doing this here in our freetime, if I do not reply within 48 hours, feel free to send me a PM

Please notice: I am Malware Study Hall Senior, that means all of my answers will reviewed by an expert before I can post them here. Therefore it could be, that there is a little delay in my answering.

 

 

Step 1

Scan with FRST
Please download Farbar Recovery Scan Tool  and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was runing from.
  • Please copy and paste these logs in your next reply.

 


regards,

 

Sandra


#3 hospiceshepherd

hospiceshepherd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:11 AM

Posted 07 October 2014 - 11:27 PM

Thank you for your reply! Here are the logs you requested:

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014 01
Ran by Dia (administrator) on D-DIZZLE on 07-10-2014 20:54:39
Running from C:\Documents and Settings\Dia\Desktop
Loaded Profile: Dia (Available profiles: Dia & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
( ) C:\WINDOWS\system32\slserv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
Winlogon\Notify\WgaLogon: C:\WINDOWS\system32\WgaLogon.dll ()
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm011^YYA^us&si=maps4pc&ptb=A1E77B7C-3287-4720-A8A1-A83627CAF78B&ind=2013072019&n=77fd0a93&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm011^YYA^us&si=maps4pc&ptb=A1E77B7C-3287-4720-A8A1-A83627CAF78B&ind=2013072019&n=77fd0a93&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm011^YYA^us&si=maps4pc&ptb=A1E77B7C-3287-4720-A8A1-A83627CAF78B&ind=2013072019&n=77fd0a93&psa=&st=sb&searchfor={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: HP Print Clips -> {053F9267-DC04-4294-A72C-58F732D338C0} -> C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 4.2.2.2

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol500.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010-12-24]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-07]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [407056 2007-02-02] (Raxco Software, Inc.)
S3 PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [734736 2007-02-02] (Raxco Software, Inc.)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 SLService; C:\WINDOWS\system32\slserv.exe [45056 2003-01-17] ( )

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 DefragFS; C:\WINDOWS\system32\Drivers\DefragFS.sys [68376 2007-02-01] (Raxco Software, Inc.)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-07] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-07] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-07] (HP)
S3 JL2005C; C:\WINDOWS\System32\Drivers\jl2005c.sys [68954 2007-11-17] (Windows ® 2000 DDK provider) [File not signed]
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [210128 2003-02-16] ( )
S3 Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [1293192 2003-02-16] ( )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [162136 2003-02-05] ( )
R3 nvax; C:\WINDOWS\System32\drivers\nvax.sys [36864 2003-09-02] (NVIDIA Corporation)
R3 NVENET; C:\WINDOWS\System32\DRIVERS\NVENET.sys [72771 2003-08-15] (NVIDIA Corporation)
R3 nvnforce; C:\WINDOWS\System32\drivers\nvapu.sys [312704 2003-09-02] (NVIDIA Corporation)
R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [18688 2003-03-19] (NVIDIA Corporation)
S3 RecAgent; C:\WINDOWS\system32\DRIVERS\RecAgent.sys [13776 2008-04-13] (Smart Link)
R3 Slntamr; C:\WINDOWS\System32\DRIVERS\slntamr.sys [516616 2003-02-16] ( )
S3 SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [85520 2003-02-16] ( )
R3 SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [39348 2003-01-17] (Vireo Software)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 20:54 - 2014-10-07 20:59 - 00012584 _____ () C:\Documents and Settings\Dia\Desktop\FRST.txt
2014-10-07 20:53 - 2014-10-07 20:56 - 00000000 ____D () C:\FRST
2014-10-07 20:51 - 2014-10-07 20:51 - 01101312 _____ (Farbar) C:\Documents and Settings\Dia\Desktop\FRST.exe
2014-10-05 20:13 - 2014-10-05 19:26 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-10-05 19:46 - 2014-10-05 19:26 - 00688992 ____R (Swearware) C:\dds.com
2014-10-05 19:42 - 2014-10-05 19:42 - 00004692 _____ () C:\Documents and Settings\Dia\Desktop\attachnew.txt
2014-10-05 19:35 - 2014-10-05 20:26 - 00004692 _____ () C:\Documents and Settings\Dia\Desktop\attach.txt
2014-10-05 19:25 - 2014-10-05 19:26 - 00688992 ____R (Swearware) C:\Documents and Settings\Dia\Desktop\dds.com
2014-10-05 15:31 - 2014-10-05 15:31 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-10-05 15:31 - 2014-10-05 15:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-10-05 09:11 - 2014-10-05 20:16 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-10-05 09:11 - 2014-10-05 20:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-10-05 09:11 - 2014-10-05 15:31 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-10-05 09:11 - 2010-10-15 19:04 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-10-05 09:11 - 2010-09-19 21:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-10-05 09:11 - 2010-09-15 20:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-10-05 09:11 - 2010-09-13 21:38 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-10-05 09:11 - 2010-09-13 21:38 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-10-05 09:11 - 2010-09-13 21:38 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-10-04 11:18 - 2014-10-05 09:14 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-10-04 11:11 - 2014-10-04 11:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-04 11:11 - 2014-10-04 11:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-04 11:10 - 2014-10-04 11:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-04 11:10 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-03 17:39 - 2014-10-05 20:24 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 21:09 - 2010-09-13 21:44 - 00000000 ____D () C:\Documents and Settings\Dia\Local Settings\Temp
2014-10-07 21:02 - 2010-09-13 21:43 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-10-07 21:00 - 2010-09-13 21:36 - 01726726 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-07 20:54 - 2014-04-17 19:10 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-10-07 20:43 - 2010-09-13 14:29 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-10-07 20:43 - 2010-09-13 14:29 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-10-07 20:42 - 2014-04-22 11:36 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-10-07 20:42 - 2010-09-13 21:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-07 20:42 - 2004-08-04 05:00 - 00002300 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-05 20:27 - 2010-09-13 21:44 - 00000178 ___SH () C:\Documents and Settings\Dia\ntuser.ini
2014-10-05 19:55 - 2010-09-13 21:43 - 00032536 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-05 01:33 - 2010-09-13 14:24 - 00000211 ___SH () C:\boot.ini
2014-10-05 01:33 - 2004-08-04 05:00 - 00000706 _____ () C:\WINDOWS\win.ini
2014-10-05 01:33 - 2004-08-04 05:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-10-04 11:11 - 2011-07-31 19:21 - 00000000 ____D () C:\Documents and Settings\Dia\Application Data\Malwarebytes
2014-10-04 11:10 - 2011-07-31 19:20 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-10-03 19:06 - 2010-09-15 20:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-09-29 13:59 - 2010-09-13 21:44 - 00000000 ____D () C:\Documents and Settings\Dia
2014-09-21 23:41 - 2010-09-13 22:36 - 00231568 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-09-11 08:58 - 2010-09-13 22:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-09-11 08:57 - 2013-08-24 10:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-11 08:54 - 2010-09-19 16:34 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Documents and Settings\Dia\Local Settings\Temp\guufplz.exe
C:\Documents and Settings\Dia\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-4599972.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7290d338.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe
[2008-04-13 20:42] - [2010-09-13 22:33] - 0507904 ____A (Microsoft Corporation) 679a7259741f6a09994f02ce261b5f2e    

C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

ADDITION.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-10-2014 01
Ran by Dia at 2014-10-07 21:10:47
Running from C:\Documents and Settings\Dia\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
56Kbps Internal Modem (HKLM\...\SLAMRNTV) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe AIR (Version: 2.0.3.13070 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.1.85.3 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
AIO_Scan (Version: 90.0.200.000 - Hewlett-Packard) Hidden
Amazon MP3 Downloader 1.0.15 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL LLC)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8153ED9A-C94A-426E-9880-5E6775C08B62}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 2.35 - Piriform)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (Version: 90.0.201.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (Version: 90.0.200.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (Version: 90.0.200.000 - Hewlett-Packard) Hidden
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F2100 (Version: 90.0.200.000 - Hewlett-Packard) Hidden
F2100_doccd (Version: 90.0.200.000 - Hewlett-Packard) Hidden
F2100_Help (Version: 90.0.200.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Deskjet All-In-One Software 9.0 (HKLM\...\{706BB40A-4102-4c89-8107-DC68C4EBD19B}) (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Smart Web Printing (HKLM\...\{415CDA53-9100-476F-A7B2-476691E117C7}) (Version: 2.15.7.0 - Hewlett-Packard)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.006.002 - Hewlett-Packard)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
iPod for Windows 2006-03-23 (HKLM\...\InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}) (Version: 4.7.0 - Apple Computer, Inc.)
iPod for Windows 2006-03-23 (Version: 4.7.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}) (Version: 10.5.3.3 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )
NVIDIA nForce Drivers (HKLM\...\NVIDIA nForce Drivers) (Version:  - )
PerfectDisk (HKLM\...\{212F5777-1190-4DEF-8E4D-6B2F313B45E7}) (Version: 8.00.050 - Raxco)
PhoTags Express  (HKLM\...\PhoTagsExpress) (Version:  - PhoTags Inc.)
Power DVD Player 2.1 (HKLM\...\PowerDVDPlayer) (Version: 2.1 - PowerDVDPlayer Software Inc)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Uninstall Dual Mode Camera (HKLM\...\Dual Mode Camera_is1) (Version:  - )
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
VLC media player 1.1.7 (HKLM\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-299502267-220523388-1177238915-1003_Classes\CLSID\{7ad3508e-238c-584c-9c26-b0d3417ae12f}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

==================== Restore Points  =========================

03-07-2014 18:49:07 Software Distribution Service 3.0
05-07-2014 21:15:58 Software Distribution Service 3.0
08-07-2014 15:48:46 Software Distribution Service 3.0
09-07-2014 19:41:23 Software Distribution Service 3.0
10-07-2014 17:09:37 Software Distribution Service 3.0
11-07-2014 17:39:24 Software Distribution Service 3.0
12-07-2014 20:32:32 Software Distribution Service 3.0
14-07-2014 15:50:55 Software Distribution Service 3.0
15-07-2014 17:51:01 Software Distribution Service 3.0
17-07-2014 16:40:00 Software Distribution Service 3.0
18-07-2014 20:18:04 Software Distribution Service 3.0
20-07-2014 17:06:06 Software Distribution Service 3.0
22-07-2014 16:52:38 Software Distribution Service 3.0
24-07-2014 19:50:13 Software Distribution Service 3.0
25-07-2014 20:07:11 Software Distribution Service 3.0
26-07-2014 18:14:40 Software Distribution Service 3.0
27-07-2014 16:58:13 Software Distribution Service 3.0
28-07-2014 17:38:00 Software Distribution Service 3.0
31-07-2014 15:54:19 Software Distribution Service 3.0
03-08-2014 02:26:02 Software Distribution Service 3.0
04-08-2014 02:29:20 Software Distribution Service 3.0
06-08-2014 16:08:34 Software Distribution Service 3.0
08-08-2014 16:26:00 Software Distribution Service 3.0
11-08-2014 02:46:16 Software Distribution Service 3.0
13-08-2014 17:06:17 Software Distribution Service 3.0
13-08-2014 17:14:52 Software Distribution Service 3.0
13-08-2014 17:22:22 Software Distribution Service 3.0
14-08-2014 01:54:17 Software Distribution Service 3.0
16-08-2014 22:26:54 Software Distribution Service 3.0
18-08-2014 18:13:23 Software Distribution Service 3.0
19-08-2014 20:05:07 Software Distribution Service 3.0
24-08-2014 22:31:50 Software Distribution Service 3.0
28-08-2014 21:45:46 Software Distribution Service 3.0
02-09-2014 17:21:37 Software Distribution Service 3.0
04-09-2014 02:43:51 Software Distribution Service 3.0
06-09-2014 17:58:56 Software Distribution Service 3.0
08-09-2014 16:51:01 Software Distribution Service 3.0
10-09-2014 14:01:12 Software Distribution Service 3.0
11-09-2014 15:49:22 Software Distribution Service 3.0
11-09-2014 15:53:50 Software Distribution Service 3.0
12-09-2014 17:29:24 Software Distribution Service 3.0
14-09-2014 17:17:44 Software Distribution Service 3.0
15-09-2014 18:36:56 Software Distribution Service 3.0
16-09-2014 18:54:45 Software Distribution Service 3.0
18-09-2014 00:33:05 Software Distribution Service 3.0
19-09-2014 03:02:21 Software Distribution Service 3.0
20-09-2014 17:12:18 Software Distribution Service 3.0
23-09-2014 01:57:25 Software Distribution Service 3.0
24-09-2014 18:19:38 Software Distribution Service 3.0
26-09-2014 18:28:01 Software Distribution Service 3.0
27-09-2014 21:09:31 Software Distribution Service 3.0
29-09-2014 20:45:47 Software Distribution Service 3.0
04-10-2014 17:28:05 Restore Operation
04-10-2014 17:35:31 Restore Operation
04-10-2014 17:39:13 Restore Operation
04-10-2014 17:43:00 Restore Operation
04-10-2014 17:52:14 Restore Operation
04-10-2014 17:59:33 Restore Operation
04-10-2014 18:11:50 Software Distribution Service 3.0
05-10-2014 23:36:52 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 05:00 - 2004-08-04 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2010-09-13 21:55 - 2010-02-22 17:00 - 00190976 _____ () C:\WINDOWS\system32\WgaLogon.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-02-02 07:50 - 2007-02-02 07:50 - 00075280 _____ () C:\Program Files\Raxco\PerfectDisk\PDDb.dll
2007-02-02 07:51 - 2007-02-02 07:51 - 00366096 _____ () C:\Program Files\Raxco\PerfectDisk\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: diqtsxpg => "C:\Documents and Settings\Dia\Local Settings\Application Data\btijssse.exe"
MSCONFIG\startupreg: flsqnraf => "C:\Documents and Settings\Dia\Local Settings\Application Data\xtirphkk.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1284443954\ee\AOLSoftware.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime

========================= Accounts: ==========================

Administrator (S-1-5-21-299502267-220523388-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Dia (S-1-5-21-299502267-220523388-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dia
Guest (S-1-5-21-299502267-220523388-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-299502267-220523388-1177238915-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-299502267-220523388-1177238915-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2014 00:37:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/21/2014 11:12:43 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x8000ffff, P2 patchapplication, P3 am bde, P4 11.1.4590.0, P5 mpsigstub.exe, P6 4.4.304.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/21/2014 11:10:52 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070490, P2 packagesnotapplicable, P3 unspecified, P4 11.1.4590.0, P5 mpsigstub.exe, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/10/2014 09:21:57 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (02/10/2014 09:21:56 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/19/2013 10:25:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/15/2013 10:53:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application hpqtra08.exe, version 90.0.146.0, faulting module hpqusg.dll, version 90.0.146.0, fault address 0x00025b48.
Processing media-specific event for [hpqtra08.exe!ws!]

Error: (12/03/2013 07:07:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application itunes.exe, version 10.5.3.3, faulting module quicktime.qts, version 7.74.80.86, fault address 0x008f3998.
Processing media-specific event for [itunes.exe!ws!]

Error: (12/03/2013 06:56:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iTunes.exe, version 10.5.3.3, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/03/2013 06:56:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iTunes.exe, version 10.5.3.3, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (03/29/2011 10:32:07 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.101.259.0

 Update Source: %NT AUTHORITY59

 Update Stage: 3.0.8107.00

 Source Path: 3.0.8107.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (03/29/2011 10:32:07 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.101.259.0

 Update Source: %NT AUTHORITY59

 Update Stage: 3.0.8107.00

 Source Path: 3.0.8107.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (03/03/2011 03:44:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (08/24/2033 03:10:08 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (08/24/2033 03:10:08 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon™ XP 1500+
Percentage of memory in use: 68%
Total physical RAM: 1215.38 MB
Available physical RAM: 378.64 MB
Total Pagefile: 1753.91 MB
Available Pagefile: 849.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:35.03 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 083B64AD)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:11:11 AM

Posted 09 October 2014 - 04:55 AM

Hello,

did you ran Malwarebytes or chameleon, do you have any logs?

What about these entries, did you disable them from start? Do you remember when that was?
 
MSCONFIG\startupreg: diqtsxpg => "C:\Documents and Settings\Dia\Local Settings\Application Data\btijssse.exe"
MSCONFIG\startupreg: flsqnraf => "C:\Documents and Settings\Dia\Local Settings\Application Data\xtirphkk.exe"

Step 1
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

regards,

 

Sandra


#5 hospiceshepherd

hospiceshepherd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:11 AM

Posted 10 October 2014 - 02:01 AM

Hi,

Here's a timeline of what I did before learning about this site and posting:

 

Friday, Oct 3

  • 10:40-50am - Downloaded viruses (zbot virus was automatically quarantined by Microsoft Security Essentials). Had to do a hard-shutdown on pc in order to turn it off.
  • 5:15pm - Ran a Malwarebytes quick scan. No viruses were detected.

Saturday, Oct 4

Morning (10:30 am - 1:00 pm) -
a. Attempted to restore the computer to an earlier date (chose multiple dates, but unable to restore every time)
b. Malwarebytes database was out-of-date so when I clicked update, it downloaded the latest version of Malwarebytes (which I didn't run yet after updating). No log files show for the quick scan since the version was updated.
c. Updated Microsoft Security Essentials to the latest definitions.
Ran a full scan. Took 12+ hours to run (CPU ran high due to iexplore.exe and dllhost.exe processes running, even in safe mode).

Sunday, Oct 5
1:24am - Microsoft Security Essentials full scan completed. Virus:DOS/Rovnix.W was detected. Clicked Remove. Received error message that removal failed. Here's log:
The following error occurred: Error code 0x8007065b. Function failed during execution.

Category: Virus

Description: This program is dangerous and replicates by infecting other files.

Recommended action: Remove this software immediately.

Items:
boot:\\.\PHYSICALDRIVE0\Partition0 (NTFS)

Get more information about this item online.
---------------------------------------------------------------

I disabled the following entries either Oct 4 or Oct 5:
MSCONFIG\startupreg: diqtsxpg => "C:\Documents and Settings\Dia\Local Settings\Application Data\btijssse.exe"
MSCONFIG\startupreg: flsqnraf => "C:\Documents and Settings\Dia\Local Settings\Application Data\xtirphkk.exe"

---------------------------------------------------------------
Tonight I ran aswMBR. Internet Explorer stated it was not responding while software was downloading latest Avast! virus definitions. I tried to run it again, but it only has "Save Log" and "Exit". "Scan", "FixMBR", and "Fix" are grayed out. Here's the log:

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-09 19:02:55
-----------------------------
19:02:55.437    OS Version: Windows 5.1.2600 Service Pack 3
19:02:55.437    Number of processors: 1 586 0x801
19:02:55.437    ComputerName: D-DIZZLE  UserName: Dia
19:03:11.156    Initialize success
19:03:11.171    VM: driver load error: 2
19:04:11.109    The log file has been saved successfully to "C:\Documents and Settings\Dia\Desktop\aswMBR.txt"

---------------------------------------------------------------

After running aswMBR, I restarted pc. In order to get it to boot, I had to select Boot using Last Known Good Configuration.



#6 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:11:11 AM

Posted 11 October 2014 - 03:40 PM

Hello,

thank you. for your detailed answering.

For the next step you need a CD-Burner and a USB-Stick your XP-computer must have an USB-Device too.

The next step may be a little bit complicated, but I must have a dump of the Masterbootrecord to see what is going on there.

Step 1
Download GETxPUD.exe to the desktop of your computer

  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download dumpit to your USB drive by rightclicking in the browsers window and choosing the save option
  • Boot the computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

regards,

 

Sandra


#7 hospiceshepherd

hospiceshepherd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:11 AM

Posted 12 October 2014 - 06:59 PM

Thanks for your response.

 

I ran GETxPUD.exe. In the new desktop folder, I clicked on get&burn.bat.

Quickly on the screen it stated "downloading xPUD bootable CD image ...... please wait. You can minimize this window and continue working while you wait." Then changed to say "Download failed! Press any key to continue . . . " . I also tried to download on a different uninfected computer, and it did the same thing. What should I do next?

Also, when you say to choose the save option, do I right-click on the "dumpit" link and select "save target as"?



#8 hospiceshepherd

hospiceshepherd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:11 AM

Posted 13 October 2014 - 03:01 PM

Hi,

 

I was able to burn the CD using another Windows XP pc!

Can you please clarify the "dumpit" portion of your post? When I click on "Save Target As", it wants to save a text file. When I click on the "dumpit" link and am taken to another page, there's no Save option.



#9 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:11:11 AM

Posted 14 October 2014 - 10:28 AM

Hello,
Yes, please save the target as decribed in my previous post on the USB-Device :)

You must choose: save target as... and then please save the file as dumpit on your flashdrive.

Edited by Bootsektor, 14 October 2014 - 10:35 AM.

regards,

 

Sandra


#10 hospiceshepherd

hospiceshepherd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:11 AM

Posted 15 October 2014 - 09:09 PM

Thanks for the clarification. I completed the steps you listed and attached mbr.zip.

FYI - I have my XP restore disc that came with the pc if you determine that using it is the best solution

Attached Files

  • Attached File  mbr.zip   1.89KB   3 downloads


#11 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:11:11 AM

Posted 17 October 2014 - 10:21 AM

Hello,

Many thanks.

Step 1
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Do not select cure. select skip and save the logfile.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards,

 

Sandra


#12 hospiceshepherd

hospiceshepherd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:11 AM

Posted 19 October 2014 - 10:08 AM

Much appreciated!

Here are the contents of the TDSSKiller log:

07:54:47.0062 0x0e7c TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
07:55:10.0218 0x0e7c ============================================================
07:55:10.0218 0x0e7c Current date / time: 2014/10/19 07:55:10.0218
07:55:10.0218 0x0e7c SystemInfo:
07:55:10.0218 0x0e7c
07:55:10.0218 0x0e7c OS Version: 5.1.2600 ServicePack: 3.0
07:55:10.0218 0x0e7c Product type: Workstation
07:55:10.0218 0x0e7c ComputerName: D-DIZZLE
07:55:10.0218 0x0e7c UserName: Dia
07:55:10.0218 0x0e7c Windows directory: C:\WINDOWS
07:55:10.0218 0x0e7c System windows directory: C:\WINDOWS
07:55:10.0218 0x0e7c Processor architecture: Intel x86
07:55:10.0218 0x0e7c Number of processors: 1
07:55:10.0218 0x0e7c Page size: 0x1000
07:55:10.0218 0x0e7c Boot type: Normal boot
07:55:10.0218 0x0e7c ============================================================
07:55:28.0265 0x0e7c KLMD registered as C:\WINDOWS\system32\drivers\12754295.sys
07:55:30.0687 0x0e7c System UUID: {D2EC08A2-0F15-126B-15B8-6F21021ADEC6}
07:55:37.0062 0x0e7c Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:55:37.0187 0x0e7c ============================================================
07:55:37.0187 0x0e7c \Device\Harddisk0\DR0:
07:55:37.0187 0x0e7c MBR partitions:
07:55:37.0187 0x0e7c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
07:55:37.0187 0x0e7c ============================================================
07:55:37.0390 0x0e7c C: <-> \Device\Harddisk0\DR0\Partition1
07:55:37.0812 0x0e7c ============================================================
07:55:37.0812 0x0e7c Initialize success
07:55:37.0812 0x0e7c ============================================================
07:55:47.0500 0x0f84 ============================================================
07:55:47.0500 0x0f84 Scan started
07:55:47.0500 0x0f84 Mode: Manual;
07:55:47.0500 0x0f84 ============================================================
07:55:47.0500 0x0f84 KSN ping started
07:56:08.0546 0x0f84 KSN ping finished: true
07:56:12.0531 0x0f84 ================ Scan system memory ========================
07:56:12.0531 0x0f84 System memory - ok
07:56:12.0578 0x0f84 ================ Scan services =============================
07:56:13.0531 0x0f84 Abiosdsk - ok
07:56:13.0546 0x0f84 abp480n5 - ok
07:56:13.0734 0x0f84 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:56:13.0812 0x0f84 ACPI - ok
07:56:14.0609 0x0f84 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
07:56:14.0671 0x0f84 ACPIEC - ok
07:56:14.0687 0x0f84 adpu160m - ok
07:56:14.0828 0x0f84 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:56:15.0031 0x0f84 aec - ok
07:56:15.0125 0x0f84 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:56:15.0328 0x0f84 AFD - ok
07:56:15.0359 0x0f84 Aha154x - ok
07:56:15.0406 0x0f84 aic78u2 - ok
07:56:15.0437 0x0f84 aic78xx - ok
07:56:15.0578 0x0f84 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:56:15.0687 0x0f84 Alerter - ok
07:56:15.0828 0x0f84 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
07:56:15.0906 0x0f84 ALG - ok
07:56:15.0937 0x0f84 AliIde - ok
07:56:16.0000 0x0f84 [ 8FCE268CDBDD83B23419D1F35F42C7B1, DF1A5097DC5B5C35427460E866E16ED25C3DDD9217065B26C3214A5674BE37DB ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
07:56:16.0046 0x0f84 AmdK7 - ok
07:56:16.0093 0x0f84 amsint - ok
07:56:16.0312 0x0f84 [ 85180CF88C5EBAD73B452A43A004CA51, 24D25495DC21293FC1F37EE7E7C2A4725E66D3D25BE05D7EDF4BB4F444C65526 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
07:56:16.0468 0x0f84 AOL ACS - ok
07:56:16.0718 0x0f84 [ 3DEBBECF665DCDDE3A95D9B902010817, F56F4A7A36FAF5FC2306E108A24E75E13EE1F2D1002D9CB71E3327A55F8694CE ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:56:16.0812 0x0f84 Apple Mobile Device - ok
07:56:16.0984 0x0f84 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
07:56:17.0156 0x0f84 AppMgmt - ok
07:56:17.0234 0x0f84 asc - ok
07:56:17.0265 0x0f84 asc3350p - ok
07:56:17.0359 0x0f84 asc3550 - ok
07:56:17.0437 0x0f84 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:56:17.0515 0x0f84 AsyncMac - ok
07:56:17.0687 0x0f84 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:56:17.0703 0x0f84 atapi - ok
07:56:17.0734 0x0f84 Atdisk - ok
07:56:17.0890 0x0f84 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:56:17.0921 0x0f84 Atmarpc - ok
07:56:17.0984 0x0f84 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:56:18.0046 0x0f84 AudioSrv - ok
07:56:18.0156 0x0f84 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:56:18.0187 0x0f84 audstub - ok
07:56:18.0250 0x0f84 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:56:18.0359 0x0f84 Beep - ok
07:56:18.0562 0x0f84 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
07:56:18.0953 0x0f84 BITS - ok
07:56:19.0187 0x0f84 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
07:56:19.0265 0x0f84 Browser - ok
07:56:19.0328 0x0f84 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:56:19.0484 0x0f84 cbidf2k - ok
07:56:19.0687 0x0f84 [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:56:19.0796 0x0f84 CCDECODE - ok
07:56:19.0812 0x0f84 cd20xrnt - ok
07:56:19.0906 0x0f84 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:56:19.0937 0x0f84 Cdaudio - ok
07:56:20.0062 0x0f84 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:56:20.0109 0x0f84 Cdfs - ok
07:56:20.0250 0x0f84 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:56:20.0406 0x0f84 Cdrom - ok
07:56:20.0468 0x0f84 Changer - ok
07:56:20.0609 0x0f84 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:56:20.0687 0x0f84 CiSvc - ok
07:56:20.0781 0x0f84 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:56:20.0890 0x0f84 ClipSrv - ok
07:56:20.0906 0x0f84 CmdIde - ok
07:56:20.0937 0x0f84 COMSysApp - ok
07:56:21.0031 0x0f84 Cpqarray - ok
07:56:21.0093 0x0f84 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:56:21.0140 0x0f84 CryptSvc - ok
07:56:21.0218 0x0f84 dac2w2k - ok
07:56:21.0234 0x0f84 dac960nt - ok
07:56:21.0546 0x0f84 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:56:21.0828 0x0f84 DcomLaunch - ok
07:56:21.0968 0x0f84 [ D0589C02158E79F6589DA7A35348EE38, E03AC04B7F92F83767FFFBAF6BEEAC78A8981E40BA06428AE7CD017E73DA2DA6 ] DefragFS C:\WINDOWS\system32\drivers\DefragFS.sys
07:56:22.0062 0x0f84 DefragFS - ok
07:56:22.0250 0x0f84 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:56:22.0328 0x0f84 Dhcp - ok
07:56:22.0453 0x0f84 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:56:22.0562 0x0f84 Disk - ok
07:56:22.0593 0x0f84 dmadmin - ok
07:56:23.0015 0x0f84 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:56:23.0640 0x0f84 dmboot - ok
07:56:23.0812 0x0f84 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:56:23.0937 0x0f84 dmio - ok
07:56:23.0984 0x0f84 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:56:24.0015 0x0f84 dmload - ok
07:56:24.0093 0x0f84 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
07:56:24.0140 0x0f84 dmserver - ok
07:56:24.0203 0x0f84 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:56:24.0359 0x0f84 DMusic - ok
07:56:24.0468 0x0f84 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:56:24.0515 0x0f84 Dnscache - ok
07:56:24.0703 0x0f84 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:56:24.0781 0x0f84 Dot3svc - ok
07:56:24.0828 0x0f84 dpti2o - ok
07:56:24.0953 0x0f84 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:56:25.0031 0x0f84 drmkaud - ok
07:56:25.0078 0x0f84 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:56:25.0140 0x0f84 EapHost - ok
07:56:25.0171 0x0f84 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:56:25.0218 0x0f84 ERSvc - ok
07:56:25.0484 0x0f84 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
07:56:25.0656 0x0f84 Eventlog - ok
07:56:25.0812 0x0f84 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
07:56:26.0046 0x0f84 EventSystem - ok
07:56:26.0140 0x0f84 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:56:26.0187 0x0f84 Fastfat - ok
07:56:26.0265 0x0f84 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:56:26.0453 0x0f84 FastUserSwitchingCompatibility - ok
07:56:26.0500 0x0f84 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
07:56:26.0593 0x0f84 Fdc - ok
07:56:26.0703 0x0f84 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:56:26.0875 0x0f84 Fips - ok
07:56:26.0953 0x0f84 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:56:27.0046 0x0f84 Flpydisk - ok
07:56:27.0156 0x0f84 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:56:27.0265 0x0f84 FltMgr - ok
07:56:27.0328 0x0f84 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:56:27.0359 0x0f84 Fs_Rec - ok
07:56:27.0421 0x0f84 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:56:27.0531 0x0f84 Ftdisk - ok
07:56:27.0609 0x0f84 [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
07:56:27.0687 0x0f84 GEARAspiWDM - ok
07:56:27.0765 0x0f84 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:56:27.0843 0x0f84 Gpc - ok
07:56:27.0984 0x0f84 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:56:28.0062 0x0f84 helpsvc - ok
07:56:28.0125 0x0f84 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
07:56:28.0203 0x0f84 HidServ - ok
07:56:28.0250 0x0f84 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:56:28.0281 0x0f84 hidusb - ok
07:56:28.0359 0x0f84 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:56:28.0453 0x0f84 hkmsvc - ok
07:56:28.0515 0x0f84 hpn - ok
07:56:28.0734 0x0f84 [ 58D4765AB87347DB835D5693ADF652C1, C82C844C29AC9041BEE7D02FB846AA9BC17D7DF0D8295AE31A485CC44B0CC7D7 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
07:56:28.0843 0x0f84 hpqcxs08 - ok
07:56:29.0000 0x0f84 [ 99ED733F614660EB32199BF889DFB7E2, E96CD3DB09639DB9685AF20915BE9097E270D331A2516FA2929B4E2251B2FA61 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
07:56:29.0046 0x0f84 hpqddsvc - ok
07:56:29.0109 0x0f84 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
07:56:29.0187 0x0f84 HPZid412 - ok
07:56:29.0250 0x0f84 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
07:56:29.0296 0x0f84 HPZipr12 - ok
07:56:29.0343 0x0f84 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
07:56:29.0484 0x0f84 HPZius12 - ok
07:56:29.0671 0x0f84 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:56:29.0812 0x0f84 HTTP - ok
07:56:29.0953 0x0f84 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:56:30.0046 0x0f84 HTTPFilter - ok
07:56:30.0062 0x0f84 i2omgmt - ok
07:56:30.0125 0x0f84 i2omp - ok
07:56:30.0187 0x0f84 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:56:30.0250 0x0f84 i8042prt - ok
07:56:30.0421 0x0f84 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:56:30.0578 0x0f84 IDriverT - ok
07:56:30.0671 0x0f84 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:56:30.0750 0x0f84 Imapi - ok
07:56:30.0843 0x0f84 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
07:56:30.0953 0x0f84 ImapiService - ok
07:56:31.0093 0x0f84 ini910u - ok
07:56:31.0156 0x0f84 IntelIde - ok
07:56:31.0234 0x0f84 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:56:31.0281 0x0f84 Ip6Fw - ok
07:56:31.0343 0x0f84 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:56:31.0375 0x0f84 IpFilterDriver - ok
07:56:31.0468 0x0f84 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:56:31.0515 0x0f84 IpInIp - ok
07:56:31.0609 0x0f84 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:56:31.0671 0x0f84 IpNat - ok
07:56:32.0218 0x0f84 [ 49918803B661367023BF325CF602AFDC, 2821451FD31EAFCB5D3081998756F7274B4C2594E9A378EEE5C1D5D92C1FC58C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:56:32.0703 0x0f84 iPod Service - ok
07:56:32.0812 0x0f84 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:56:33.0000 0x0f84 IPSec - ok
07:56:33.0328 0x0f84 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:56:33.0406 0x0f84 IRENUM - ok
07:56:33.0468 0x0f84 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:56:33.0562 0x0f84 isapnp - ok
07:56:33.0984 0x0f84 [ B9436A665A8621073A12338B16D7BFD4, 1F1CB4758768BF7B7DDB27BF9DA944D869B561ABF7EC39CEC059044E10C1EA88 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
07:56:34.0171 0x0f84 JavaQuickStarterService - ok
07:56:34.0296 0x0f84 [ D0CF54A5E47110E1D13728F75C54C620, 60EBBA5BB38518099CCA60973006C9F519D881930CF9D8F62F3808FAAB7C652E ] JL2005C C:\WINDOWS\system32\Drivers\jl2005c.sys
07:56:34.0875 0x0f84 JL2005C - ok
07:56:35.0062 0x0f84 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:56:35.0140 0x0f84 Kbdclass - ok
07:56:35.0234 0x0f84 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:56:35.0234 0x0f84 kbdhid - ok
07:56:35.0421 0x0f84 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:56:35.0593 0x0f84 kmixer - ok
07:56:35.0703 0x0f84 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:56:35.0781 0x0f84 KSecDD - ok
07:56:35.0890 0x0f84 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
07:56:36.0187 0x0f84 LanmanServer - ok
07:56:36.0375 0x0f84 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:56:36.0531 0x0f84 lanmanworkstation - ok
07:56:36.0562 0x0f84 lbrtfdc - ok
07:56:36.0734 0x0f84 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:56:36.0781 0x0f84 LmHosts - ok
07:56:36.0875 0x0f84 [ 12E71DA845D76665B56753AD149E32B3, 0E403710CCBACD5AB85FD4C32AAB6CB2C27BC1F043E8008EE49EE96ECA944146 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
07:56:37.0843 0x0f84 MBAMSwissArmy - ok
07:56:37.0968 0x0f84 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:56:38.0000 0x0f84 Messenger - ok
07:56:38.0296 0x0f84 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
07:56:38.0375 0x0f84 Microsoft Office Groove Audit Service - ok
07:56:38.0421 0x0f84 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:56:38.0453 0x0f84 mnmdd - ok
07:56:38.0500 0x0f84 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:56:38.0546 0x0f84 mnmsrvc - ok
07:56:38.0609 0x0f84 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:56:38.0640 0x0f84 Modem - ok
07:56:38.0765 0x0f84 [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
07:56:38.0828 0x0f84 MODEMCSA - ok
07:56:38.0875 0x0f84 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:56:38.0953 0x0f84 Mouclass - ok
07:56:39.0015 0x0f84 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:56:39.0093 0x0f84 mouhid - ok
07:56:39.0250 0x0f84 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:56:39.0328 0x0f84 MountMgr - ok
07:56:39.0546 0x0f84 [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
07:56:39.0734 0x0f84 MpFilter - ok
07:56:39.0750 0x0f84 mraid35x - ok
07:56:39.0937 0x0f84 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:56:40.0203 0x0f84 MRxDAV - ok
07:56:40.0562 0x0f84 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:56:41.0015 0x0f84 MRxSmb - ok
07:56:41.0125 0x0f84 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:56:41.0203 0x0f84 MSDTC - ok
07:56:41.0281 0x0f84 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:56:41.0375 0x0f84 Msfs - ok
07:56:41.0437 0x0f84 MSIServer - ok
07:56:41.0578 0x0f84 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:56:41.0656 0x0f84 MSKSSRV - ok
07:56:41.0781 0x0f84 [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:56:41.0812 0x0f84 MsMpSvc - ok
07:56:41.0890 0x0f84 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:56:41.0906 0x0f84 MSPCLOCK - ok
07:56:42.0015 0x0f84 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:56:42.0093 0x0f84 MSPQM - ok
07:56:42.0156 0x0f84 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:56:42.0187 0x0f84 mssmbios - ok
07:56:42.0296 0x0f84 [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
07:56:42.0359 0x0f84 MSTEE - ok
07:56:42.0546 0x0f84 [ 33F438BD66F2877BBB5567E49208A346, CEAEE8AEA3E6FCF7F259A1AE8C6E47CDFB5C400AEB0A53EB7DF11F129C2BB58E ] Mtlmnt5 C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
07:56:42.0734 0x0f84 Mtlmnt5 - ok
07:56:43.0328 0x0f84 [ 4D98402AE75097E362CC8ED94079D94C, 1F32C275481C26AC18A133586BE52A34910AD761689A4C76149E1C98090BBD76 ] Mtlstrm C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
07:56:44.0343 0x0f84 Mtlstrm - ok
07:56:44.0437 0x0f84 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:56:44.0656 0x0f84 Mup - ok
07:56:44.0734 0x0f84 [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:56:44.0984 0x0f84 NABTSFEC - ok
07:56:45.0406 0x0f84 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:56:45.0640 0x0f84 napagent - ok
07:56:45.0750 0x0f84 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:56:45.0859 0x0f84 NDIS - ok
07:56:46.0062 0x0f84 [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:56:46.0171 0x0f84 NdisIP - ok
07:56:46.0281 0x0f84 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:56:46.0296 0x0f84 NdisTapi - ok
07:56:46.0390 0x0f84 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:56:46.0531 0x0f84 Ndisuio - ok
07:56:46.0640 0x0f84 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:56:46.0718 0x0f84 NdisWan - ok
07:56:46.0796 0x0f84 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:56:47.0250 0x0f84 NDProxy - ok
07:56:47.0390 0x0f84 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
07:56:47.0453 0x0f84 Net Driver HPZ12 - ok
07:56:47.0578 0x0f84 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:56:47.0609 0x0f84 NetBIOS - ok
07:56:47.0734 0x0f84 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:56:47.0843 0x0f84 NetBT - ok
07:56:47.0984 0x0f84 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
07:56:48.0125 0x0f84 NetDDE - ok
07:56:48.0250 0x0f84 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:56:48.0296 0x0f84 NetDDEdsdm - ok
07:56:48.0390 0x0f84 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:56:48.0390 0x0f84 Netlogon - ok
07:56:48.0578 0x0f84 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
07:56:48.0687 0x0f84 Netman - ok
07:56:48.0859 0x0f84 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
07:56:49.0000 0x0f84 Nla - ok
07:56:49.0093 0x0f84 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:56:49.0156 0x0f84 Npfs - ok
07:56:49.0515 0x0f84 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:56:49.0875 0x0f84 Ntfs - ok
07:56:49.0984 0x0f84 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:56:50.0015 0x0f84 NtLmSsp - ok
07:56:50.0281 0x0f84 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:56:50.0578 0x0f84 NtmsSvc - ok
07:56:50.0687 0x0f84 [ 6AF0557BBFFDDE15B985F2C1B82D43E0, 889A30DC2DDB90D6DCB9986FD80F1D3D50DC89B10745A2A725DB3BB5DA510C6A ] NtMtlFax C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
07:56:50.0796 0x0f84 NtMtlFax - ok
07:56:50.0890 0x0f84 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
07:56:50.0984 0x0f84 Null - ok
07:56:51.0937 0x0f84 [ 71DBDC08DF86B80511E72953FA1AD6B0, 7E4D1BE7548FD9C0FDDA40B54F8728D8167230703009FCBF26F19871B7AA6C16 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:56:52.0984 0x0f84 nv - ok
07:56:53.0109 0x0f84 [ 51635322A7BA00B05977F70B1FFF95BB, 7CFA48D893E332F1A8836E2CD8D8D3E1033793B395571ABA0FFEC6A193EA494F ] nvax C:\WINDOWS\system32\drivers\nvax.sys
07:56:53.0171 0x0f84 nvax - ok
07:56:53.0390 0x0f84 [ 5155E22DA2F2E1CA4023D00F6EB31B5E, 0CF96ED940D6419A19BC4DD579C813256EF5A486CCAA6BEBD75F05B4D16454E5 ] NVENET C:\WINDOWS\system32\DRIVERS\NVENET.sys
07:56:53.0468 0x0f84 NVENET - ok
07:56:53.0640 0x0f84 [ F9000A5B746CABA368810147CA804E9D, 144680C6072D4152B0AFC2EC7ED5073F09409E3227AB73A5B6F124BCDACF8CAB ] nvnforce C:\WINDOWS\system32\drivers\nvapu.sys
07:56:53.0890 0x0f84 nvnforce - ok
07:56:54.0000 0x0f84 [ 5ED834603C36414B579979B3A9C90F54, 0FCDBCEC76935C0DCB8AAD6EA665EFF6249E7B0BA212EC9AFEBB64C5AD86E616 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
07:56:54.0093 0x0f84 NVSvc - ok
07:56:54.0187 0x0f84 [ 29291C3A7256337327051CC37E4FC09A, C35DEBA55F133134AAD7F7E1DB5F8CB883E0EA4E337F4530D224C2E631074996 ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
07:56:54.0250 0x0f84 nv_agp - ok
07:56:54.0312 0x0f84 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:56:54.0375 0x0f84 NwlnkFlt - ok
07:56:54.0437 0x0f84 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:56:54.0453 0x0f84 NwlnkFwd - ok
07:56:54.0734 0x0f84 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:56:55.0093 0x0f84 odserv - ok
07:56:55.0328 0x0f84 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:56:55.0453 0x0f84 ose - ok
07:56:55.0593 0x0f84 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
07:56:55.0656 0x0f84 Parport - ok
07:56:55.0718 0x0f84 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:56:55.0781 0x0f84 PartMgr - ok
07:56:55.0890 0x0f84 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:56:55.0921 0x0f84 ParVdm - ok
07:56:56.0046 0x0f84 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:56:56.0156 0x0f84 PCI - ok
07:56:56.0171 0x0f84 PCIDump - ok
07:56:56.0265 0x0f84 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:56:56.0296 0x0f84 PCIIde - ok
07:56:56.0406 0x0f84 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:56:56.0625 0x0f84 Pcmcia - ok
07:56:57.0125 0x0f84 [ 6AD0795F48DB9148172A43A42C672D70, 6473221F4261BC9292F8C960C6DED9A7E16E5BDDCB30891C98920C139D32DB48 ] PDAgent C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
07:56:57.0640 0x0f84 PDAgent - ok
07:56:57.0734 0x0f84 PDCOMP - ok
07:56:58.0343 0x0f84 [ 47F5E9453160B01F60CE88998E3FC2C9, 8579A8E835772E749CA4EFC6C17CF48CAE284A3E848DB9B8D76A923E7940813E ] PDEngine C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
07:56:59.0109 0x0f84 PDEngine - ok
07:56:59.0156 0x0f84 PDFRAME - ok
07:56:59.0187 0x0f84 PDRELI - ok
07:56:59.0234 0x0f84 PDRFRAME - ok
07:56:59.0312 0x0f84 perc2 - ok
07:56:59.0421 0x0f84 perc2hib - ok
07:56:59.0687 0x0f84 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
07:56:59.0703 0x0f84 PlugPlay - ok
07:56:59.0796 0x0f84 [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
07:56:59.0843 0x0f84 Pml Driver HPZ12 - ok
07:56:59.0890 0x0f84 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:57:00.0000 0x0f84 PolicyAgent - ok
07:57:00.0093 0x0f84 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:57:00.0187 0x0f84 PptpMiniport - ok
07:57:00.0218 0x0f84 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:57:00.0218 0x0f84 ProtectedStorage - ok
07:57:00.0265 0x0f84 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:57:00.0359 0x0f84 PSched - ok
07:57:00.0390 0x0f84 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:57:00.0437 0x0f84 Ptilink - ok
07:57:00.0468 0x0f84 ql1080 - ok
07:57:00.0515 0x0f84 Ql10wnt - ok
07:57:00.0578 0x0f84 ql12160 - ok
07:57:00.0656 0x0f84 ql1240 - ok
07:57:00.0718 0x0f84 ql1280 - ok
07:57:00.0812 0x0f84 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:57:00.0875 0x0f84 RasAcd - ok
07:57:01.0062 0x0f84 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:57:01.0171 0x0f84 RasAuto - ok
07:57:01.0250 0x0f84 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:57:01.0312 0x0f84 Rasl2tp - ok
07:57:01.0437 0x0f84 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:57:01.0625 0x0f84 RasMan - ok
07:57:01.0671 0x0f84 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:57:01.0781 0x0f84 RasPppoe - ok
07:57:01.0843 0x0f84 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:57:01.0890 0x0f84 Raspti - ok
07:57:02.0046 0x0f84 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:57:02.0218 0x0f84 Rdbss - ok
07:57:02.0250 0x0f84 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:57:02.0250 0x0f84 RDPCDD - ok
07:57:02.0421 0x0f84 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:57:02.0546 0x0f84 rdpdr - ok
07:57:02.0781 0x0f84 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:57:02.0843 0x0f84 RDPWD - ok
07:57:03.0031 0x0f84 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:57:03.0140 0x0f84 RDSessMgr - ok
07:57:03.0171 0x0f84 [ E9AAA0092D74A9D371659C4C38882E12, 832E043E4C257D85FE17C422D7705B9342648FB5F07331533D56C8DB1E9CB0E1 ] RecAgent C:\WINDOWS\system32\DRIVERS\RecAgent.sys
07:57:03.0250 0x0f84 RecAgent - ok
07:57:03.0312 0x0f84 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:57:03.0359 0x0f84 redbook - ok
07:57:03.0484 0x0f84 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:57:03.0625 0x0f84 RemoteAccess - ok
07:57:03.0671 0x0f84 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
07:57:03.0781 0x0f84 RemoteRegistry - ok
07:57:03.0843 0x0f84 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
07:57:04.0015 0x0f84 RpcLocator - ok
07:57:04.0203 0x0f84 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
07:57:04.0296 0x0f84 RpcSs - ok
07:57:04.0453 0x0f84 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:57:04.0593 0x0f84 RSVP - ok
07:57:04.0671 0x0f84 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
07:57:04.0687 0x0f84 SamSs - ok
07:57:04.0796 0x0f84 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:57:04.0921 0x0f84 SCardSvr - ok
07:57:05.0156 0x0f84 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:57:05.0312 0x0f84 Schedule - ok
07:57:05.0437 0x0f84 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:57:05.0546 0x0f84 Secdrv - ok
07:57:05.0687 0x0f84 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:57:05.0765 0x0f84 seclogon - ok
07:57:05.0796 0x0f84 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
07:57:05.0843 0x0f84 SENS - ok
07:57:05.0921 0x0f84 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
07:57:06.0046 0x0f84 serenum - ok
07:57:06.0125 0x0f84 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
07:57:06.0171 0x0f84 Serial - ok
07:57:06.0218 0x0f84 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:57:06.0250 0x0f84 Sfloppy - ok
07:57:06.0500 0x0f84 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:57:06.0796 0x0f84 SharedAccess - ok
07:57:06.0968 0x0f84 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:57:06.0968 0x0f84 ShellHWDetection - ok
07:57:07.0000 0x0f84 Simbad - ok
07:57:07.0046 0x0f84 [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:57:07.0203 0x0f84 SLIP - ok
07:57:07.0593 0x0f84 [ 769D8F1C7BBDB5C0C1EB157575DAD0BA, 428E51297E440EB0205FA74F3AA82439AD0870A5127FE759B2A7997384760747 ] Slntamr C:\WINDOWS\system32\DRIVERS\slntamr.sys
07:57:07.0906 0x0f84 Slntamr - ok
07:57:08.0046 0x0f84 [ EDD0BCB2B8548A95B2633C249BFAEEC7, DE841556E1F41B9C91CCEDD0B498480D348A63493DDB8B94B588C8082CE4C39E ] SlNtHal C:\WINDOWS\system32\DRIVERS\Slnthal.sys
07:57:08.0140 0x0f84 SlNtHal - ok
07:57:08.0187 0x0f84 SLService - ok
07:57:08.0234 0x0f84 [ 3B4A3B282F62FE5D75127D22B26909ED, 186AC1FB95E0179C378AAF0E655CAF4AA2171973F13F1FFC24CE5B01075C3CC2 ] SlWdmSup C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
07:57:08.0281 0x0f84 SlWdmSup - ok
07:57:08.0312 0x0f84 Sparrow - ok
07:57:08.0375 0x0f84 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:57:08.0375 0x0f84 splitter - ok
07:57:08.0453 0x0f84 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:57:08.0515 0x0f84 Spooler - ok
07:57:08.0578 0x0f84 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:57:08.0687 0x0f84 sr - ok
07:57:08.0796 0x0f84 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
07:57:08.0921 0x0f84 srservice - ok
07:57:09.0218 0x0f84 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:57:09.0484 0x0f84 Srv - ok
07:57:09.0593 0x0f84 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:57:09.0625 0x0f84 SSDPSRV - ok
07:57:09.0812 0x0f84 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:57:10.0062 0x0f84 stisvc - ok
07:57:10.0125 0x0f84 [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:57:10.0171 0x0f84 streamip - ok
07:57:10.0250 0x0f84 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:57:10.0312 0x0f84 swenum - ok
07:57:10.0375 0x0f84 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:57:10.0421 0x0f84 swmidi - ok
07:57:10.0468 0x0f84 SwPrv - ok
07:57:10.0500 0x0f84 symc810 - ok
07:57:10.0515 0x0f84 symc8xx - ok
07:57:10.0546 0x0f84 sym_hi - ok
07:57:10.0578 0x0f84 sym_u3 - ok
07:57:10.0656 0x0f84 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:57:10.0687 0x0f84 sysaudio - ok
07:57:10.0796 0x0f84 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:57:10.0890 0x0f84 SysmonLog - ok
07:57:11.0078 0x0f84 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:57:11.0234 0x0f84 TapiSrv - ok
07:57:11.0453 0x0f84 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:57:11.0812 0x0f84 Tcpip - ok
07:57:12.0093 0x0f84 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:57:12.0140 0x0f84 TDPIPE - ok
07:57:12.0187 0x0f84 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:57:12.0218 0x0f84 TDTCP - ok
07:57:12.0312 0x0f84 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:57:12.0390 0x0f84 TermDD - ok
07:57:12.0531 0x0f84 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
07:57:12.0718 0x0f84 TermService - ok
07:57:12.0796 0x0f84 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
07:57:12.0812 0x0f84 Themes - ok
07:57:12.0875 0x0f84 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
07:57:12.0953 0x0f84 TlntSvr - ok
07:57:13.0062 0x0f84 TosIde - ok
07:57:13.0125 0x0f84 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:57:13.0187 0x0f84 TrkWks - ok
07:57:13.0265 0x0f84 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:57:13.0359 0x0f84 Udfs - ok
07:57:13.0390 0x0f84 ultra - ok
07:57:13.0703 0x0f84 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:57:13.0953 0x0f84 Update - ok
07:57:14.0171 0x0f84 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
07:57:14.0390 0x0f84 upnphost - ok
07:57:14.0453 0x0f84 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
07:57:14.0562 0x0f84 UPS - ok
07:57:14.0609 0x0f84 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:57:14.0796 0x0f84 usbccgp - ok
07:57:14.0859 0x0f84 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:57:15.0187 0x0f84 usbehci - ok
07:57:15.0234 0x0f84 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:57:15.0296 0x0f84 usbhub - ok
07:57:15.0406 0x0f84 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
07:57:15.0484 0x0f84 usbohci - ok
07:57:15.0593 0x0f84 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:57:15.0687 0x0f84 usbprint - ok
07:57:15.0796 0x0f84 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:57:16.0125 0x0f84 usbscan - ok
07:57:16.0187 0x0f84 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:57:16.0250 0x0f84 USBSTOR - ok
07:57:16.0312 0x0f84 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:57:16.0390 0x0f84 VgaSave - ok
07:57:16.0406 0x0f84 ViaIde - ok
07:57:16.0500 0x0f84 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:57:16.0546 0x0f84 VolSnap - ok
07:57:16.0718 0x0f84 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
07:57:16.0906 0x0f84 VSS - ok
07:57:17.0125 0x0f84 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
07:57:17.0265 0x0f84 W32Time - ok
07:57:17.0406 0x0f84 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:57:17.0515 0x0f84 Wanarp - ok
07:57:17.0625 0x0f84 [ 0A716C08CB13C3A8F4F51E882DBF7416, 66FFDC9151CB3676B5DF073431DE055E7F2CDA5722F7EAAC6EC45F2CF9910882 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
07:57:17.0703 0x0f84 wanatw - ok
07:57:17.0750 0x0f84 WDICA - ok
07:57:17.0828 0x0f84 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:57:17.0906 0x0f84 wdmaud - ok
07:57:17.0968 0x0f84 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
07:57:18.0046 0x0f84 WebClient - ok
07:57:18.0312 0x0f84 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:57:18.0406 0x0f84 winmgmt - ok
07:57:18.0515 0x0f84 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
07:57:18.0578 0x0f84 WmdmPmSN - ok
07:57:18.0875 0x0f84 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
07:57:19.0281 0x0f84 Wmi - ok
07:57:19.0625 0x0f84 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:57:19.0796 0x0f84 WmiApSrv - ok
07:57:20.0250 0x0f84 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
07:57:21.0046 0x0f84 WMPNetworkSvc - ok
07:57:21.0250 0x0f84 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:57:21.0421 0x0f84 wscsvc - ok
07:57:21.0484 0x0f84 [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:57:21.0625 0x0f84 WSTCODEC - ok
07:57:21.0703 0x0f84 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:57:21.0750 0x0f84 wuauserv - ok
07:57:21.0843 0x0f84 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:57:21.0937 0x0f84 WudfPf - ok
07:57:22.0015 0x0f84 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:57:22.0109 0x0f84 WudfRd - ok
07:57:22.0203 0x0f84 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
07:57:22.0468 0x0f84 WudfSvc - ok
07:57:22.0750 0x0f84 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:57:23.0078 0x0f84 WZCSVC - ok
07:57:23.0218 0x0f84 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:57:23.0359 0x0f84 xmlprov - ok
07:57:23.0390 0x0f84 ================ Scan global ===============================
07:57:23.0546 0x0f84 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
07:57:23.0828 0x0f84 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
07:57:25.0218 0x0f84 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
07:57:25.0359 0x0f84 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
07:57:25.0437 0x0f84 [ Global ] - ok
07:57:25.0453 0x0f84 ================ Scan MBR ==================================
07:57:25.0500 0x0f84 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:57:27.0671 0x0f84 \Device\Harddisk0\DR0 - ok
07:57:27.0687 0x0f84 ================ Scan VBR ==================================
07:57:27.0718 0x0f84 [ 856D9B78831A38549AD5D6AFC6E51233 ] \Device\Harddisk0\DR0\Partition1
07:57:27.0796 0x0f84 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
07:57:27.0796 0x0f84 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
07:57:39.0359 0x0f84 ================ Scan generic autorun ======================
07:57:39.0734 0x0f84 [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
07:57:39.0796 0x0f84 APSDaemon - ok
07:57:40.0062 0x0f84 [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
07:57:40.0281 0x0f84 SunJavaUpdateSched - ok
07:57:40.0671 0x0f84 [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files\QuickTime\qttask.exe
07:57:42.0859 0x0f84 QuickTime Task - ok
07:57:42.0921 0x0f84 NvCplDaemon - ok
07:57:43.0578 0x0f84 [ 882B5B999A71F56D5DF294D93AE1E7D1, 690B93C4A3E476595808EBDBE5CF620FC4A86D41FCD66023DE0DA7972F8941E4 ] c:\Program Files\Microsoft Security Client\msseces.exe
07:57:44.0234 0x0f84 MSC - ok
07:57:44.0593 0x0f84 [ FF8E3E68F2FCC5F515EC1F3D0A546903, 255DF40F027B3B9A9E25090F268047B33CEAF5514832E6FEA36DB4A398A97FE5 ] C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
07:57:44.0859 0x0f84 DWQueuedReporting - ok
07:57:44.0953 0x0f84 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
07:57:45.0000 0x0f84 ctfmon.exe - ok
07:57:45.0140 0x0f84 Yzmociedowwela - ok
07:57:45.0203 0x0f84 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
07:57:45.0203 0x0f84 ctfmon.exe - ok
07:57:45.0203 0x0f84 Waiting for KSN requests completion. In queue: 7
07:57:46.0203 0x0f84 Waiting for KSN requests completion. In queue: 7
07:57:47.0203 0x0f84 Waiting for KSN requests completion. In queue: 7
07:57:49.0671 0x0f84 AV detected via SS1: Microsoft Security Essentials, 4.5.0216.0, enabled, updated
07:57:49.0671 0x0f84 AV detected via SS1: Microsoft Security Essentials, 2.1.6805.0, disabled, updated
07:57:49.0750 0x0f84 Win FW state via NFM: enabled
07:58:01.0281 0x0f84 ============================================================
07:58:01.0281 0x0f84 Scan finished
07:58:01.0281 0x0f84 ============================================================
07:58:01.0343 0x09e4 Detected object count: 1
07:58:01.0343 0x09e4 Actual detected object count: 1
07:58:52.0562 0x09e4 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - skipped by user
07:58:52.0562 0x09e4 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Skip

#13 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:11:11 AM

Posted 20 October 2014 - 05:04 AM

Hello,

yes there it is

Step 1

Please restart TDSS-Killer, perform a new scan and select Cure by this entry

07:58:52.0562 0x09e4 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - skipped by user




Step 2
Please reboot your computer and run a new scan with TDSS-Killer, select skip instead of cure or delete if necessary and post the logfile here in your topic.

Edited by Bootsektor, 20 October 2014 - 05:05 AM.

regards,

 

Sandra


#14 hospiceshepherd

hospiceshepherd
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:11 AM

Posted 21 October 2014 - 10:54 PM

Hi,

Thanks. I performed the steps. Here's the log file:

20:37:05.0046 0x040c TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
20:37:07.0015 0x040c ============================================================
20:37:07.0015 0x040c Current date / time: 2014/10/21 20:37:07.0015
20:37:07.0015 0x040c SystemInfo:
20:37:07.0109 0x040c
20:37:07.0296 0x040c OS Version: 5.1.2600 ServicePack: 3.0
20:37:07.0296 0x040c Product type: Workstation
20:37:07.0343 0x040c ComputerName: D-DIZZLE
20:37:07.0359 0x040c UserName: Dia
20:37:07.0406 0x040c Windows directory: C:\WINDOWS
20:37:07.0406 0x040c System windows directory: C:\WINDOWS
20:37:07.0406 0x040c Processor architecture: Intel x86
20:37:07.0484 0x040c Number of processors: 1
20:37:07.0484 0x040c Page size: 0x1000
20:37:07.0484 0x040c Boot type: Normal boot
20:37:07.0562 0x040c ============================================================
20:37:07.0640 0x040c BG loaded
20:37:16.0125 0x040c System UUID: {D2EC08A2-0F15-126B-15B8-6F21021ADEC6}
20:37:35.0968 0x040c Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
20:37:36.0156 0x040c ============================================================
20:37:36.0156 0x040c \Device\Harddisk0\DR0:
20:37:36.0281 0x040c MBR partitions:
20:37:36.0281 0x040c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
20:37:36.0281 0x040c ============================================================
20:37:37.0375 0x040c C: <-> \Device\Harddisk0\DR0\Partition1
20:37:39.0281 0x040c ============================================================
20:37:39.0281 0x040c Initialize success
20:37:39.0281 0x040c ============================================================
20:37:44.0390 0x099c ============================================================
20:37:44.0390 0x099c Scan started
20:37:44.0390 0x099c Mode: Manual;
20:37:44.0390 0x099c ============================================================
20:37:44.0390 0x099c KSN ping started
20:37:44.0828 0x099c KSN ping finished: false
20:37:47.0046 0x099c ================ Scan system memory ========================
20:37:47.0046 0x099c System memory - ok
20:37:47.0062 0x099c ================ Scan services =============================
20:37:47.0593 0x099c Abiosdsk - ok
20:37:47.0609 0x099c abp480n5 - ok
20:37:47.0718 0x099c [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:37:47.0812 0x099c ACPI - ok
20:37:48.0265 0x099c [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:37:48.0265 0x099c ACPIEC - ok
20:37:48.0312 0x099c adpu160m - ok
20:37:48.0406 0x099c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:37:48.0421 0x099c aec - ok
20:37:48.0515 0x099c [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:37:48.0531 0x099c AFD - ok
20:37:48.0562 0x099c Aha154x - ok
20:37:48.0578 0x099c aic78u2 - ok
20:37:48.0625 0x099c aic78xx - ok
20:37:48.0671 0x099c [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:37:48.0671 0x099c Alerter - ok
20:37:48.0734 0x099c [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
20:37:48.0734 0x099c ALG - ok
20:37:48.0765 0x099c AliIde - ok
20:37:48.0812 0x099c [ 8FCE268CDBDD83B23419D1F35F42C7B1, DF1A5097DC5B5C35427460E866E16ED25C3DDD9217065B26C3214A5674BE37DB ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:37:48.0812 0x099c AmdK7 - ok
20:37:48.0843 0x099c amsint - ok
20:37:49.0000 0x099c [ 85180CF88C5EBAD73B452A43A004CA51, 24D25495DC21293FC1F37EE7E7C2A4725E66D3D25BE05D7EDF4BB4F444C65526 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
20:37:49.0046 0x099c AOL ACS - ok
20:37:49.0140 0x099c [ 3DEBBECF665DCDDE3A95D9B902010817, F56F4A7A36FAF5FC2306E108A24E75E13EE1F2D1002D9CB71E3327A55F8694CE ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:37:49.0203 0x099c Apple Mobile Device - ok
20:37:49.0843 0x099c [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:37:49.0937 0x099c AppMgmt - ok
20:37:49.0968 0x099c asc - ok
20:37:50.0015 0x099c asc3350p - ok
20:37:50.0031 0x099c asc3550 - ok
20:37:50.0078 0x099c [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:37:50.0093 0x099c AsyncMac - ok
20:37:50.0203 0x099c [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:37:50.0218 0x099c atapi - ok
20:37:50.0265 0x099c Atdisk - ok
20:37:50.0312 0x099c [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:37:50.0343 0x099c Atmarpc - ok
20:37:50.0421 0x099c [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:37:50.0421 0x099c AudioSrv - ok
20:37:50.0500 0x099c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:37:50.0500 0x099c audstub - ok
20:37:50.0593 0x099c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:37:50.0593 0x099c Beep - ok
20:37:50.0812 0x099c [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
20:37:50.0859 0x099c BITS - ok
20:37:50.0937 0x099c [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
20:37:50.0937 0x099c Browser - ok
20:37:50.0984 0x099c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:37:51.0000 0x099c cbidf2k - ok
20:37:51.0078 0x099c [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:37:51.0093 0x099c CCDECODE - ok
20:37:51.0125 0x099c cd20xrnt - ok
20:37:51.0187 0x099c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:37:51.0187 0x099c Cdaudio - ok
20:37:51.0250 0x099c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:37:51.0265 0x099c Cdfs - ok
20:37:51.0343 0x099c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:37:51.0359 0x099c Cdrom - ok
20:37:51.0390 0x099c Changer - ok
20:37:51.0468 0x099c [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:37:51.0468 0x099c CiSvc - ok
20:37:51.0531 0x099c [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:37:51.0546 0x099c ClipSrv - ok
20:37:51.0578 0x099c CmdIde - ok
20:37:51.0609 0x099c COMSysApp - ok
20:37:51.0671 0x099c Cpqarray - ok
20:37:51.0765 0x099c [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:37:51.0765 0x099c CryptSvc - ok
20:37:51.0796 0x099c dac2w2k - ok
20:37:51.0828 0x099c dac960nt - ok
20:37:52.0078 0x099c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:37:52.0140 0x099c DcomLaunch - ok
20:37:52.0234 0x099c [ D0589C02158E79F6589DA7A35348EE38, E03AC04B7F92F83767FFFBAF6BEEAC78A8981E40BA06428AE7CD017E73DA2DA6 ] DefragFS C:\WINDOWS\system32\drivers\DefragFS.sys
20:37:52.0250 0x099c DefragFS - ok
20:37:52.0343 0x099c [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:37:52.0359 0x099c Dhcp - ok
20:37:52.0468 0x099c [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:37:52.0500 0x099c Disk - ok
20:37:52.0515 0x099c dmadmin - ok
20:37:53.0156 0x099c [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:37:53.0656 0x099c dmboot - ok
20:37:53.0781 0x099c [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:37:53.0859 0x099c dmio - ok
20:37:53.0890 0x099c [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:37:53.0937 0x099c dmload - ok
20:37:53.0968 0x099c [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
20:37:53.0984 0x099c dmserver - ok
20:37:54.0046 0x099c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:37:54.0046 0x099c DMusic - ok
20:37:54.0125 0x099c [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:37:54.0125 0x099c Dnscache - ok
20:37:54.0250 0x099c [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:37:54.0296 0x099c Dot3svc - ok
20:37:54.0328 0x099c dpti2o - ok
20:37:54.0359 0x099c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:37:54.0359 0x099c drmkaud - ok
20:37:54.0421 0x099c [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:37:54.0468 0x099c EapHost - ok
20:37:54.0578 0x099c [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:37:54.0578 0x099c ERSvc - ok
20:37:54.0734 0x099c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
20:37:54.0781 0x099c Eventlog - ok
20:37:54.0921 0x099c [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
20:37:54.0937 0x099c EventSystem - ok
20:37:55.0093 0x099c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:37:55.0171 0x099c Fastfat - ok
20:37:55.0265 0x099c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:37:55.0281 0x099c FastUserSwitchingCompatibility - ok
20:37:55.0828 0x099c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:37:55.0828 0x099c Fdc - ok
20:37:55.0984 0x099c [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:37:55.0984 0x099c Fips - ok
20:37:56.0046 0x099c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:37:56.0046 0x099c Flpydisk - ok
20:37:56.0171 0x099c [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:37:56.0218 0x099c FltMgr - ok
20:37:56.0265 0x099c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:37:56.0265 0x099c Fs_Rec - ok
20:37:56.0406 0x099c [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:37:56.0453 0x099c Ftdisk - ok
20:37:56.0546 0x099c [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:37:56.0546 0x099c GEARAspiWDM - ok
20:37:56.0593 0x099c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:37:56.0593 0x099c Gpc - ok
20:37:56.0812 0x099c [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:37:56.0843 0x099c helpsvc - ok
20:37:56.0921 0x099c [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:37:56.0968 0x099c HidServ - ok
20:37:57.0015 0x099c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:37:57.0015 0x099c hidusb - ok
20:37:57.0125 0x099c [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:37:57.0140 0x099c hkmsvc - ok
20:37:57.0187 0x099c hpn - ok
20:37:57.0359 0x099c [ 58D4765AB87347DB835D5693ADF652C1, C82C844C29AC9041BEE7D02FB846AA9BC17D7DF0D8295AE31A485CC44B0CC7D7 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:37:57.0406 0x099c hpqcxs08 - ok
20:37:57.0546 0x099c [ 99ED733F614660EB32199BF889DFB7E2, E96CD3DB09639DB9685AF20915BE9097E270D331A2516FA2929B4E2251B2FA61 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:37:57.0562 0x099c hpqddsvc - ok
20:37:57.0625 0x099c [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:37:57.0625 0x099c HPZid412 - ok
20:37:57.0656 0x099c [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:37:57.0656 0x099c HPZipr12 - ok
20:37:57.0734 0x099c [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:37:57.0734 0x099c HPZius12 - ok
20:37:57.0875 0x099c [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:37:57.0890 0x099c HTTP - ok
20:37:57.0953 0x099c [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:37:57.0953 0x099c HTTPFilter - ok
20:37:57.0984 0x099c i2omgmt - ok
20:37:58.0015 0x099c i2omp - ok
20:37:58.0078 0x099c [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:37:58.0078 0x099c i8042prt - ok
20:37:58.0171 0x099c [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:37:58.0250 0x099c IDriverT - ok
20:37:58.0281 0x099c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:37:58.0296 0x099c Imapi - ok
20:37:58.0421 0x099c [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
20:37:58.0421 0x099c ImapiService - ok
20:37:58.0484 0x099c ini910u - ok
20:37:58.0515 0x099c IntelIde - ok
20:37:58.0593 0x099c [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:37:58.0609 0x099c Ip6Fw - ok
20:37:58.0703 0x099c [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:37:58.0718 0x099c IpFilterDriver - ok
20:37:58.0781 0x099c [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:37:58.0781 0x099c IpInIp - ok
20:37:58.0875 0x099c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:37:58.0921 0x099c IpNat - ok
20:37:59.0328 0x099c [ 49918803B661367023BF325CF602AFDC, 2821451FD31EAFCB5D3081998756F7274B4C2594E9A378EEE5C1D5D92C1FC58C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:37:59.0750 0x099c iPod Service - ok
20:38:00.0031 0x099c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:38:00.0437 0x099c IPSec - ok
20:38:00.0484 0x099c [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:38:00.0515 0x099c IRENUM - ok
20:38:00.0609 0x099c [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:38:00.0625 0x099c isapnp - ok
20:38:00.0875 0x099c [ B9436A665A8621073A12338B16D7BFD4, 1F1CB4758768BF7B7DDB27BF9DA944D869B561ABF7EC39CEC059044E10C1EA88 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:38:00.0875 0x099c JavaQuickStarterService - ok
20:38:00.0968 0x099c [ D0CF54A5E47110E1D13728F75C54C620, 60EBBA5BB38518099CCA60973006C9F519D881930CF9D8F62F3808FAAB7C652E ] JL2005C C:\WINDOWS\system32\Drivers\jl2005c.sys
20:38:01.0000 0x099c JL2005C - ok
20:38:01.0046 0x099c [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:38:01.0046 0x099c Kbdclass - ok
20:38:01.0078 0x099c [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:38:01.0078 0x099c kbdhid - ok
20:38:01.0187 0x099c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:38:01.0234 0x099c kmixer - ok
20:38:01.0312 0x099c [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:38:01.0359 0x099c KSecDD - ok
20:38:01.0500 0x099c [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
20:38:01.0515 0x099c LanmanServer - ok
20:38:01.0687 0x099c [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:38:01.0703 0x099c lanmanworkstation - ok
20:38:01.0734 0x099c lbrtfdc - ok
20:38:01.0843 0x099c [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:38:01.0859 0x099c LmHosts - ok
20:38:01.0937 0x099c [ 12E71DA845D76665B56753AD149E32B3, 0E403710CCBACD5AB85FD4C32AAB6CB2C27BC1F043E8008EE49EE96ECA944146 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
20:38:02.0031 0x099c MBAMSwissArmy - ok
20:38:02.0093 0x099c [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:38:02.0125 0x099c Messenger - ok
20:38:02.0265 0x099c [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:38:02.0343 0x099c Microsoft Office Groove Audit Service - ok
20:38:02.0390 0x099c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:38:02.0390 0x099c mnmdd - ok
20:38:02.0453 0x099c [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:38:02.0484 0x099c mnmsrvc - ok
20:38:02.0531 0x099c [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:38:02.0531 0x099c Modem - ok
20:38:02.0593 0x099c [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:38:02.0593 0x099c MODEMCSA - ok
20:38:02.0625 0x099c [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:38:02.0640 0x099c Mouclass - ok
20:38:02.0671 0x099c [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:38:02.0671 0x099c mouhid - ok
20:38:02.0765 0x099c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:38:02.0781 0x099c MountMgr - ok
20:38:02.0937 0x099c [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:38:03.0031 0x099c MpFilter - ok
20:38:03.0062 0x099c mraid35x - ok
20:38:03.0234 0x099c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:38:03.0265 0x099c MRxDAV - ok
20:38:03.0468 0x099c [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:38:03.0531 0x099c MRxSmb - ok
20:38:03.0609 0x099c [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:38:03.0609 0x099c MSDTC - ok
20:38:03.0750 0x099c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:38:03.0796 0x099c Msfs - ok
20:38:03.0812 0x099c MSIServer - ok
20:38:03.0906 0x099c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:38:03.0906 0x099c MSKSSRV - ok
20:38:03.0984 0x099c [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:38:04.0000 0x099c MsMpSvc - ok
20:38:04.0046 0x099c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:38:04.0062 0x099c MSPCLOCK - ok
20:38:04.0093 0x099c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:38:04.0109 0x099c MSPQM - ok
20:38:04.0171 0x099c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:38:04.0187 0x099c mssmbios - ok
20:38:04.0234 0x099c [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:38:04.0343 0x099c MSTEE - ok
20:38:04.0546 0x099c [ 33F438BD66F2877BBB5567E49208A346, CEAEE8AEA3E6FCF7F259A1AE8C6E47CDFB5C400AEB0A53EB7DF11F129C2BB58E ] Mtlmnt5 C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
20:38:04.0640 0x099c Mtlmnt5 - ok
20:38:05.0359 0x099c [ 4D98402AE75097E362CC8ED94079D94C, 1F32C275481C26AC18A133586BE52A34910AD761689A4C76149E1C98090BBD76 ] Mtlstrm C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
20:38:06.0078 0x099c Mtlstrm - ok
20:38:06.0296 0x099c [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:38:06.0375 0x099c Mup - ok
20:38:06.0453 0x099c [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:38:06.0515 0x099c NABTSFEC - ok
20:38:06.0843 0x099c [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:38:07.0078 0x099c napagent - ok
20:38:07.0296 0x099c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:38:07.0359 0x099c NDIS - ok
20:38:07.0734 0x099c [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:38:07.0812 0x099c NdisIP - ok
20:38:07.0921 0x099c [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:38:07.0953 0x099c NdisTapi - ok
20:38:08.0062 0x099c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:38:08.0078 0x099c Ndisuio - ok
20:38:08.0187 0x099c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:38:08.0234 0x099c NdisWan - ok
20:38:08.0390 0x099c [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:38:08.0390 0x099c NDProxy - ok
20:38:08.0562 0x099c [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
20:38:08.0562 0x099c Net Driver HPZ12 - ok
20:38:08.0765 0x099c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:38:08.0765 0x099c NetBIOS - ok
20:38:08.0921 0x099c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:38:08.0937 0x099c NetBT - ok
20:38:09.0093 0x099c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
20:38:09.0156 0x099c NetDDE - ok
20:38:09.0250 0x099c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:38:09.0265 0x099c NetDDEdsdm - ok
20:38:09.0359 0x099c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:38:09.0359 0x099c Netlogon - ok
20:38:09.0562 0x099c [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
20:38:09.0578 0x099c Netman - ok
20:38:09.0921 0x099c [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
20:38:09.0984 0x099c Nla - ok
20:38:10.0062 0x099c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:38:10.0062 0x099c Npfs - ok
20:38:10.0500 0x099c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:38:10.0984 0x099c Ntfs - ok
20:38:11.0046 0x099c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:38:11.0078 0x099c NtLmSsp - ok
20:38:11.0453 0x099c [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:38:11.0984 0x099c NtmsSvc - ok
20:38:12.0187 0x099c [ 6AF0557BBFFDDE15B985F2C1B82D43E0, 889A30DC2DDB90D6DCB9986FD80F1D3D50DC89B10745A2A725DB3BB5DA510C6A ] NtMtlFax C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
20:38:12.0281 0x099c NtMtlFax - ok
20:38:12.0328 0x099c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
20:38:12.0328 0x099c Null - ok
20:38:13.0484 0x099c [ 71DBDC08DF86B80511E72953FA1AD6B0, 7E4D1BE7548FD9C0FDDA40B54F8728D8167230703009FCBF26F19871B7AA6C16 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:38:15.0125 0x099c nv - ok
20:38:15.0437 0x099c [ 51635322A7BA00B05977F70B1FFF95BB, 7CFA48D893E332F1A8836E2CD8D8D3E1033793B395571ABA0FFEC6A193EA494F ] nvax C:\WINDOWS\system32\drivers\nvax.sys
20:38:15.0453 0x099c nvax - ok
20:38:15.0781 0x099c [ 5155E22DA2F2E1CA4023D00F6EB31B5E, 0CF96ED940D6419A19BC4DD579C813256EF5A486CCAA6BEBD75F05B4D16454E5 ] NVENET C:\WINDOWS\system32\DRIVERS\NVENET.sys
20:38:15.0828 0x099c NVENET - ok
20:38:16.0046 0x099c [ F9000A5B746CABA368810147CA804E9D, 144680C6072D4152B0AFC2EC7ED5073F09409E3227AB73A5B6F124BCDACF8CAB ] nvnforce C:\WINDOWS\system32\drivers\nvapu.sys
20:38:16.0109 0x099c nvnforce - ok
20:38:16.0281 0x099c [ 5ED834603C36414B579979B3A9C90F54, 0FCDBCEC76935C0DCB8AAD6EA665EFF6249E7B0BA212EC9AFEBB64C5AD86E616 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
20:38:16.0328 0x099c NVSvc - ok
20:38:16.0437 0x099c [ 29291C3A7256337327051CC37E4FC09A, C35DEBA55F133134AAD7F7E1DB5F8CB883E0EA4E337F4530D224C2E631074996 ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
20:38:16.0453 0x099c nv_agp - ok
20:38:16.0640 0x099c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:38:16.0687 0x099c NwlnkFlt - ok
20:38:16.0718 0x099c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:38:16.0734 0x099c NwlnkFwd - ok
20:38:17.0359 0x099c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:38:17.0843 0x099c odserv - ok
20:38:18.0062 0x099c [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:38:18.0125 0x099c ose - ok
20:38:18.0234 0x099c [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:38:18.0234 0x099c Parport - ok
20:38:18.0375 0x099c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:38:18.0406 0x099c PartMgr - ok
20:38:18.0531 0x099c [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:38:18.0593 0x099c ParVdm - ok
20:38:18.0640 0x099c [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:38:18.0703 0x099c PCI - ok
20:38:18.0734 0x099c PCIDump - ok
20:38:18.0812 0x099c [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:38:18.0828 0x099c PCIIde - ok
20:38:18.0984 0x099c [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:38:19.0046 0x099c Pcmcia - ok
20:38:20.0015 0x099c [ 6AD0795F48DB9148172A43A42C672D70, 6473221F4261BC9292F8C960C6DED9A7E16E5BDDCB30891C98920C139D32DB48 ] PDAgent C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
20:38:20.0031 0x099c PDAgent - ok
20:38:20.0078 0x099c PDCOMP - ok
20:38:21.0109 0x099c [ 47F5E9453160B01F60CE88998E3FC2C9, 8579A8E835772E749CA4EFC6C17CF48CAE284A3E848DB9B8D76A923E7940813E ] PDEngine C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
20:38:21.0250 0x099c PDEngine - ok
20:38:21.0328 0x099c PDFRAME - ok
20:38:21.0343 0x099c PDRELI - ok
20:38:21.0359 0x099c PDRFRAME - ok
20:38:21.0453 0x099c perc2 - ok
20:38:21.0500 0x099c perc2hib - ok
20:38:21.0859 0x099c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
20:38:21.0859 0x099c PlugPlay - ok
20:38:21.0937 0x099c [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
20:38:21.0953 0x099c Pml Driver HPZ12 - ok
20:38:22.0093 0x099c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:38:22.0093 0x099c PolicyAgent - ok
20:38:22.0156 0x099c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:38:22.0156 0x099c PptpMiniport - ok
20:38:22.0343 0x099c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:38:22.0343 0x099c ProtectedStorage - ok
20:38:22.0437 0x099c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:38:22.0453 0x099c PSched - ok
20:38:22.0546 0x099c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:38:22.0562 0x099c Ptilink - ok
20:38:22.0593 0x099c ql1080 - ok
20:38:22.0625 0x099c Ql10wnt - ok
20:38:22.0640 0x099c ql12160 - ok
20:38:22.0687 0x099c ql1240 - ok
20:38:22.0703 0x099c ql1280 - ok
20:38:22.0796 0x099c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:38:22.0812 0x099c RasAcd - ok
20:38:23.0000 0x099c [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:38:23.0046 0x099c RasAuto - ok
20:38:23.0109 0x099c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:38:23.0125 0x099c Rasl2tp - ok
20:38:23.0359 0x099c [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:38:23.0375 0x099c RasMan - ok
20:38:23.0546 0x099c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:38:23.0562 0x099c RasPppoe - ok
20:38:23.0656 0x099c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:38:23.0656 0x099c Raspti - ok
20:38:24.0015 0x099c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:38:24.0015 0x099c Rdbss - ok
20:38:24.0109 0x099c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:38:24.0125 0x099c RDPCDD - ok
20:38:24.0359 0x099c [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:38:24.0359 0x099c rdpdr - ok
20:38:24.0671 0x099c [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:38:24.0968 0x099c RDPWD - ok
20:38:25.0296 0x099c [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:38:25.0375 0x099c RDSessMgr - ok
20:38:25.0406 0x099c [ E9AAA0092D74A9D371659C4C38882E12, 832E043E4C257D85FE17C422D7705B9342648FB5F07331533D56C8DB1E9CB0E1 ] RecAgent C:\WINDOWS\system32\DRIVERS\RecAgent.sys
20:38:25.0484 0x099c RecAgent - ok
20:38:25.0937 0x099c [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:38:25.0953 0x099c redbook - ok
20:38:26.0109 0x099c [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:38:26.0171 0x099c RemoteAccess - ok
20:38:26.0265 0x099c [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:38:26.0265 0x099c RemoteRegistry - ok
20:38:26.0484 0x099c [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
20:38:26.0796 0x099c RpcLocator - ok
20:38:27.0437 0x099c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:38:27.0453 0x099c RpcSs - ok
20:38:27.0921 0x099c [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:38:28.0250 0x099c RSVP - ok
20:38:28.0343 0x099c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
20:38:28.0390 0x099c SamSs - ok
20:38:28.0796 0x099c [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:38:28.0890 0x099c SCardSvr - ok
20:38:29.0203 0x099c [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:38:29.0218 0x099c Schedule - ok
20:38:29.0406 0x099c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:38:29.0484 0x099c Secdrv - ok
20:38:29.0781 0x099c [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:38:29.0781 0x099c seclogon - ok
20:38:29.0859 0x099c [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
20:38:29.0859 0x099c SENS - ok
20:38:29.0906 0x099c [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:38:29.0921 0x099c serenum - ok
20:38:30.0000 0x099c [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:38:30.0000 0x099c Serial - ok
20:38:30.0078 0x099c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:38:30.0078 0x099c Sfloppy - ok
20:38:30.0359 0x099c [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:38:30.0421 0x099c SharedAccess - ok
20:38:30.0671 0x099c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:38:30.0687 0x099c ShellHWDetection - ok
20:38:30.0703 0x099c Simbad - ok
20:38:30.0906 0x099c [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:38:30.0984 0x099c SLIP - ok
20:38:31.0531 0x099c [ 769D8F1C7BBDB5C0C1EB157575DAD0BA, 428E51297E440EB0205FA74F3AA82439AD0870A5127FE759B2A7997384760747 ] Slntamr C:\WINDOWS\system32\DRIVERS\slntamr.sys
20:38:32.0062 0x099c Slntamr - ok
20:38:32.0265 0x099c [ EDD0BCB2B8548A95B2633C249BFAEEC7, DE841556E1F41B9C91CCEDD0B498480D348A63493DDB8B94B588C8082CE4C39E ] SlNtHal C:\WINDOWS\system32\DRIVERS\Slnthal.sys
20:38:32.0390 0x099c SlNtHal - ok
20:38:32.0421 0x099c SLService - ok
20:38:32.0593 0x099c [ 3B4A3B282F62FE5D75127D22B26909ED, 186AC1FB95E0179C378AAF0E655CAF4AA2171973F13F1FFC24CE5B01075C3CC2 ] SlWdmSup C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
20:38:32.0640 0x099c SlWdmSup - ok
20:38:32.0671 0x099c Sparrow - ok
20:38:32.0812 0x099c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:38:32.0812 0x099c splitter - ok
20:38:33.0000 0x099c [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:38:33.0015 0x099c Spooler - ok
20:38:33.0250 0x099c [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:38:33.0468 0x099c sr - ok
20:38:33.0718 0x099c [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
20:38:33.0781 0x099c srservice - ok
20:38:34.0093 0x099c [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:38:34.0140 0x099c Srv - ok
20:38:34.0421 0x099c [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:38:34.0437 0x099c SSDPSRV - ok
20:38:34.0687 0x099c [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:38:34.0718 0x099c stisvc - ok
20:38:34.0812 0x099c [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:38:34.0828 0x099c streamip - ok
20:38:34.0968 0x099c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:38:34.0968 0x099c swenum - ok
20:38:35.0125 0x099c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:38:35.0125 0x099c swmidi - ok
20:38:35.0156 0x099c SwPrv - ok
20:38:35.0203 0x099c symc810 - ok
20:38:35.0234 0x099c symc8xx - ok
20:38:35.0296 0x099c sym_hi - ok
20:38:35.0328 0x099c sym_u3 - ok
20:38:35.0375 0x099c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:38:35.0390 0x099c sysaudio - ok
20:38:35.0562 0x099c [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:38:35.0640 0x099c SysmonLog - ok
20:38:35.0843 0x099c [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:38:35.0906 0x099c TapiSrv - ok
20:38:36.0281 0x099c [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:38:36.0343 0x099c Tcpip - ok
20:38:36.0437 0x099c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:38:36.0468 0x099c TDPIPE - ok
20:38:36.0562 0x099c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:38:36.0609 0x099c TDTCP - ok
20:38:36.0796 0x099c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:38:36.0796 0x099c TermDD - ok
20:38:36.0968 0x099c [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
20:38:36.0984 0x099c TermService - ok
20:38:37.0265 0x099c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
20:38:37.0281 0x099c Themes - ok
20:38:37.0406 0x099c [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:38:37.0437 0x099c TlntSvr - ok
20:38:37.0468 0x099c TosIde - ok
20:38:37.0625 0x099c [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:38:37.0671 0x099c TrkWks - ok
20:38:37.0734 0x099c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:38:37.0796 0x099c Udfs - ok
20:38:37.0859 0x099c ultra - ok
20:38:38.0140 0x099c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:38:38.0218 0x099c Update - ok
20:38:38.0390 0x099c [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
20:38:38.0468 0x099c upnphost - ok
20:38:38.0546 0x099c [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
20:38:38.0562 0x099c UPS - ok
20:38:38.0796 0x099c [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:38:38.0796 0x099c usbccgp - ok
20:38:38.0875 0x099c [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:38:38.0875 0x099c usbehci - ok
20:38:38.0921 0x099c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:38:38.0937 0x099c usbhub - ok
20:38:39.0015 0x099c [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:38:39.0015 0x099c usbohci - ok
20:38:39.0078 0x099c [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:38:39.0078 0x099c usbprint - ok
20:38:39.0296 0x099c [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:38:39.0296 0x099c usbscan - ok
20:38:39.0359 0x099c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:39.0375 0x099c USBSTOR - ok
20:38:39.0671 0x099c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:38:39.0671 0x099c VgaSave - ok
20:38:39.0734 0x099c ViaIde - ok
20:38:39.0812 0x099c [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:38:39.0828 0x099c VolSnap - ok
20:38:40.0046 0x099c [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
20:38:40.0218 0x099c VSS - ok
20:38:40.0484 0x099c [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
20:38:40.0500 0x099c W32Time - ok
20:38:40.0562 0x099c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:38:40.0578 0x099c Wanarp - ok
20:38:40.0687 0x099c [ 0A716C08CB13C3A8F4F51E882DBF7416, 66FFDC9151CB3676B5DF073431DE055E7F2CDA5722F7EAAC6EC45F2CF9910882 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
20:38:40.0734 0x099c wanatw - ok
20:38:40.0796 0x099c WDICA - ok
20:38:40.0875 0x099c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:38:40.0906 0x099c wdmaud - ok
20:38:40.0968 0x099c [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
20:38:40.0968 0x099c WebClient - ok
20:38:41.0734 0x099c [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:38:41.0750 0x099c winmgmt - ok
20:38:41.0937 0x099c [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:38:41.0968 0x099c WmdmPmSN - ok
20:38:42.0312 0x099c [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:38:42.0406 0x099c Wmi - ok
20:38:42.0812 0x099c [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:38:42.0859 0x099c WmiApSrv - ok
20:38:44.0140 0x099c [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:38:44.0796 0x099c WMPNetworkSvc - ok
20:38:45.0093 0x099c [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:38:45.0171 0x099c wscsvc - ok
20:38:45.0203 0x099c [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:38:45.0250 0x099c WSTCODEC - ok
20:38:45.0296 0x099c [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:38:45.0359 0x099c wuauserv - ok
20:38:45.0437 0x099c [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:38:45.0468 0x099c WudfPf - ok
20:38:45.0687 0x099c [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:38:45.0718 0x099c WudfRd - ok
20:38:45.0875 0x099c [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:38:45.0953 0x099c WudfSvc - ok
20:38:46.0296 0x099c [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:38:46.0390 0x099c WZCSVC - ok
20:38:46.0734 0x099c [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:38:46.0781 0x099c xmlprov - ok
20:38:46.0812 0x099c ================ Scan global ===============================
20:38:47.0015 0x099c [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
20:38:47.0218 0x099c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
20:38:47.0531 0x099c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
20:38:47.0765 0x099c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
20:38:47.0765 0x099c [ Global ] - ok
20:38:47.0781 0x099c ================ Scan MBR ==================================
20:38:47.0921 0x099c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:38:56.0562 0x099c \Device\Harddisk0\DR0 - ok
20:38:56.0562 0x099c ================ Scan VBR ==================================
20:38:56.0781 0x099c [ 5B6E2DCE1E908407573F07EB7AE8B9B5 ] \Device\Harddisk0\DR0\Partition1
20:38:56.0781 0x099c \Device\Harddisk0\DR0\Partition1 - ok
20:38:56.0796 0x099c ================ Scan generic autorun ======================
20:38:56.0921 0x099c [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
20:38:56.0921 0x099c APSDaemon - ok
20:38:57.0109 0x099c [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
20:38:57.0125 0x099c SunJavaUpdateSched - ok
20:38:57.0359 0x099c [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files\QuickTime\qttask.exe
20:38:57.0421 0x099c QuickTime Task - ok
20:38:57.0437 0x099c NvCplDaemon - ok
20:38:58.0203 0x099c [ 882B5B999A71F56D5DF294D93AE1E7D1, 690B93C4A3E476595808EBDBE5CF620FC4A86D41FCD66023DE0DA7972F8941E4 ] c:\Program Files\Microsoft Security Client\msseces.exe
20:38:58.0281 0x099c MSC - ok
20:38:58.0578 0x099c [ FF8E3E68F2FCC5F515EC1F3D0A546903, 255DF40F027B3B9A9E25090F268047B33CEAF5514832E6FEA36DB4A398A97FE5 ] C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
20:38:58.0968 0x099c DWQueuedReporting - ok
20:38:59.0015 0x099c [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
20:38:59.0015 0x099c ctfmon.exe - ok
20:38:59.0125 0x099c Yzmociedowwela - ok
20:38:59.0140 0x099c [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
20:38:59.0140 0x099c ctfmon.exe - ok
20:39:00.0140 0x099c AV detected via SS1: Microsoft Security Essentials, 4.5.0216.0, enabled, updated
20:39:00.0140 0x099c AV detected via SS1: Microsoft Security Essentials, 2.1.6805.0, disabled, updated
20:39:00.0359 0x099c Win FW state via NFM: enabled
20:39:00.0359 0x099c ============================================================
20:39:00.0390 0x099c Scan finished
20:39:00.0390 0x099c ============================================================
20:39:00.0421 0x0994 Detected object count: 0
20:39:00.0421 0x0994 Actual detected object count: 0
20:40:49.0421 0x0340 Deinitialize success
-------------------------------------------------------------------------------------------

Looks to me like the virus is no longer being detected by TDSS-Killer! Microsoft Security Essentials is detecting the virus in the Quarantine folder for TDSS-Killer. Should I press Quarantine, Clean, Remove, or Allow?

Also, is there anything else I need to do? My CPU still runs high, and I can't boot into Safe Mode or Safe Mode with Networking (this started after running a tool in Safe Mode with Networking - either FRST.exe or aswmbr.exe, I believe).

Edited by hospiceshepherd, 21 October 2014 - 11:29 PM.


#15 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:11:11 AM

Posted 23 October 2014 - 02:26 PM

Hello hospiceshepherd,
 

Looks to me like the virus is no longer being detected by TDSS-Killer! Microsoft Security Essentials is detecting the virus in the Quarantine folder for TDSS-Killer. Should I press Quarantine, Clean, Remove, or Allow?


It is ok for leaving this in the quarantine of the TDSS Killer, after our cleaning we will remove all used Tools and then we remove the TDSS-Killer too.
 

Also, is there anything else I need to do? My CPU still runs high, and I can't boot into Safe Mode or Safe Mode with Networking (this started after running a tool in Safe Mode with Networking - either FRST.exe or aswmbr.exe, I believe).


Can you please describe what is the exactly problem when you try safemode?


Step 1
Please restart FRST.
  • Check also addition.txt then press Scan.
  • When the scan is finished, two new logfiles FRST.txt and additon.txt will be created and saved on your desktop.
  • Please post the content of the logfiles here in your thread.

regards,

 

Sandra





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users