Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Pro SP3 - high usage in Task Manager, sluggish performance


  • This topic is locked This topic is locked
48 replies to this topic

#1 MrMark52

MrMark52

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 23 January 2015 - 02:04 PM

Seems I've gotten a bug over the past few weeks. I typically run AvastFree but seeing AvastSvc was consuming a lot of CPU resource, I uninstalled (using the Avast uninstaller through Safe Mode) prior to running FRST and posting this topic. In normal operation, CPU usage typically runs in the %-12%, sometimes 15% range during normal day to day usage. Now it's consistently in the 70%-90%, sometimes 100% range, when doing the same activities.

One other thing I've noted is I can't get into "Add/Remove Programs". A window opens when I click th elink out of COntrol Panel, but it never populates - although in the past it has always been slow to populate (30 secs to 1 minute), I've let it sit 5 minutes now without success. In the past, it would always populate while I was doing other things. It won't now.

 

As always, Thanks in advance!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Markie (administrator) on MARKDELL on 23-01-2015 12:23:08
Running from C:\Documents and Settings\Markie\Desktop
Loaded Profiles: Markie (Available profiles: Markie & ASPNET & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\WINDOWS\system32\Crypserv.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Trend Micro Inc.) C:\Program Files\trend micro\RUBotted\RUBotSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Trend Micro Inc.) C:\Program Files\trend micro\RUBotted\RUBottedGUI.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Koninklijke Philips Electronics N.V.) C:\Documents and Settings\Markie\Application Data\DirectLife\ALconnect\ALconnect.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\Download Master Utility\DM2.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Markie\Local Settings\Application Data\Akamai\netsession_win.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\PROGRA~1\MI3AA1~1\rapimgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Markie\Local Settings\Application Data\Akamai\netsession_win.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2498560 2010-10-29] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [176128 2005-10-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [OSSelectorReinstall] => C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2209224 2007-02-26] ()
HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [cdloader] => C:\Documents and Settings\Markie\Application Data\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [ALconnect] => C:\Documents and Settings\Markie\Application Data\DirectLife\ALconnect\ALconnect.exe [716424 2012-09-03] (Koninklijke Philips Electronics N.V.)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [429120 2014-01-23] (BillP Studios)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6699800 2014-12-18] (SUPERAntiSpyware)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [Download Master] => C:\Program Files\ASUS\Download Master Utility\DM2.exe [6726144 2014-08-01] (ASUSTeK COMPUTER INC.)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\Markie\Local Settings\Application Data\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [DellSystemDetect] => C:\Documents and Settings\Markie\Local Settings\Apps\2.0\5KZKX0W5.9VO\T7W9Z775.NH4\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-08-27] (Dell)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:3265;https=127.0.0.1:3265;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1220945662-1532298954-1417001333-1003 -> DefaultScope {5E9DB3E5-68B8-4983-BBA3-BE258EB9FF32} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1220945662-1532298954-1417001333-1003 -> {4A2CC286-3F90-49AD-AA0F-AD6EDC923BAC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1220945662-1532298954-1417001333-1003 -> {5E9DB3E5-68B8-4983-BBA3-BE258EB9FF32} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1220945662-1532298954-1417001333-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1220945662-1532298954-1417001333-1003 -> {E9DB9E7B-A275-41D1-8158-D0423FBEBDEB} URL = http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms}
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\PROGRA~1\SPYBOT~1\SDHelper.dll No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll No File
Toolbar: HKU\S-1-5-21-1220945662-1532298954-1417001333-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll No File
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} http://www.sayatv.com/download/SayaTV.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.200.100

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\n2sdhv8k.default-1421151375500
FF DefaultSearchEngine: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 -> C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1220945662-1532298954-1417001333-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Markie\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32asw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Markie\Application Data\mozilla\plugins\ieatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Markie\Application Data\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2015-01-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-12-12]
FF HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-01-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-12] (SUPERAntiSpyware.com)
R2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [61440 2005-10-18] (Broadcom Corporation) [File not signed]
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-07-14] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-17] (Oracle Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-07-20] (Dell Inc.) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-08-07] (The OpenVPN Project)
R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [102400 2009-06-26] (WDC) [File not signed]
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2232320 2010-10-29] (Dell Inc.) [File not signed]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{FF56C341-ED36-44C6-A8F0-47A5ACD2A6F4}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [6025 2003-04-24] (Broadcom Corporation) [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2649216 2010-10-29] (Broadcom Corporation)
R1 BUFADPT; C:\WINDOWS\system32\BUFADPT.SYS [10880 2007-11-25] (BUFFALO INC.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R1 Ext2Fsd; C:\WINDOWS\system32\Drivers\Ext2Fsd.sys [686360 2011-07-09] (www.ext2fsd.com)
R1 fanio; C:\WINDOWS\system32\drivers\fanio.sys [14464 2007-02-16] (Christian Diefer) [File not signed]
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
S3 giveio; C:\WINDOWS\system32\giveio.sys [5248 2010-02-04] () [File not signed]
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.) [File not signed]
S3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)
R0 imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [11304 2007-07-03] (Ahead Software AG)
R0 imagesrv; C:\WINDOWS\System32\DRIVERS\imagesrv.sys [132904 2007-07-03] (Ahead Software AG)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2014-11-21] (Malwarebytes Corporation)
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [31048 2014-01-10] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 oneuport; C:\WINDOWS\System32\DRIVERS\oneuport.sys [851840 2005-02-10] ()
S3 PID_0928; C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)
S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 RT-USB; C:\WINDOWS\System32\drivers\RT-USB.SYS [59464 2010-06-16] (Ross-Tech LLC)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Ser2pl; C:\WINDOWS\System32\DRIVERS\ser2pl.sys [119424 2005-06-16] (Prolific Technology Inc.) [File not signed]
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2009-07-22] () [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2014-06-30] (The OpenVPN Project) [File not signed]
S3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [26784 2007-12-11] (RapidSolution Software AG)
R1 vcdrom; C:\Downloads\Microsoft\Virtual CD\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
S3 bnsdusb; system32\DRIVERS\bnsdusb.sys [X]
S3 catchme; \??\C:\DOCUME~1\Markie\LOCALS~1\Temp\catchme.sys [X]
U2 CertPropSvc; No ImagePath
S3 cmvad; system32\drivers\cmudaxv.sys [X]
S3 DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [X]
S4 IntelIde; No ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S2 PCASp50; system32\drivers\PCASp50.sys [X]
S3 PORTIO; \??\C:\Program Files\PICPgm\PortIO.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 WinRing0_1_2_0; \??\C:\Downloads\Open Hardware Monitor\OpenHardwareMonitor\OpenHardwareMonitor.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 12:23 - 2015-01-23 12:25 - 00024575 _____ () C:\Documents and Settings\Markie\Desktop\FRST.txt
2015-01-23 11:58 - 2015-01-23 11:58 - 00014319 _____ () C:\Documents and Settings\Markie\Desktop\hijackthis.log
2015-01-23 11:57 - 2015-01-23 11:57 - 00014353 _____ () C:\Documents and Settings\Markie\hijackthis log 01232015
2015-01-23 11:50 - 2015-01-23 11:50 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Markie\Desktop\HijackThis.exe
2015-01-22 16:30 - 2015-01-22 16:37 - 00003832 _____ () C:\Documents and Settings\Markie\Desktop\Rkill.txt
2015-01-20 16:24 - 2015-01-22 12:37 - 00009669 _____ () C:\WINDOWS\setupapi.log
2015-01-20 10:40 - 2015-01-20 10:40 - 00000000 ____D () C:\Program Files\Intel Corporation
2015-01-20 10:40 - 2015-01-20 10:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Intel® Processor Identification Utility
2015-01-20 09:29 - 2015-01-23 11:11 - 00001612 _____ () C:\WINDOWS\error.log
2015-01-13 20:32 - 2015-01-13 20:32 - 00004834 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\recently-used.xbel
2015-01-13 19:28 - 2015-01-13 19:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-13 06:16 - 2015-01-13 06:16 - 00000000 ____D () C:\Documents and Settings\Markie\Desktop\Old Firefox Data

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 12:25 - 2013-10-16 13:12 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\temp
2015-01-23 12:23 - 2014-07-08 09:54 - 00000000 ____D () C:\FRST
2015-01-23 12:20 - 2014-07-08 09:54 - 01118208 _____ (Farbar) C:\Documents and Settings\Markie\Desktop\FRST.exe
2015-01-23 12:17 - 2012-09-05 15:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-23 11:58 - 2009-03-13 14:19 - 01400003 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-23 11:57 - 2009-03-13 14:26 - 00000000 ____D () C:\Documents and Settings\Markie
2015-01-23 11:53 - 2013-04-03 15:25 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 11:47 - 2012-01-17 09:05 - 00002449 _____ () C:\Documents and Settings\Markie\Desktop\HiJackThis.lnk
2015-01-23 11:15 - 2009-03-13 08:09 - 00755314 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-23 11:15 - 2009-03-13 07:59 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2015-01-23 11:11 - 2014-03-30 15:33 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-23 11:11 - 2013-10-02 08:41 - 00000316 _____ () C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
2015-01-23 11:11 - 2013-04-03 15:25 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 11:11 - 2009-03-13 14:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-23 11:11 - 2009-03-13 14:24 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-01-23 11:11 - 2009-03-13 08:11 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-23 11:11 - 2009-03-13 08:11 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-23 11:11 - 2008-04-14 06:00 - 00013732 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-23 11:09 - 2009-03-13 14:26 - 00000178 ___SH () C:\Documents and Settings\Markie\ntuser.ini
2015-01-23 10:56 - 2009-03-13 08:07 - 00000355 ___SH () C:\boot.ini
2015-01-23 10:38 - 2009-07-29 08:17 - 00000012 _____ () C:\WINDOWS\bthservsdp.dat
2015-01-23 10:38 - 2009-03-13 14:25 - 00032620 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-23 10:18 - 2012-09-05 15:47 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-23 10:18 - 2012-09-05 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-23 08:22 - 2014-06-18 08:16 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-23 08:12 - 2012-07-11 02:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2015-01-22 16:44 - 2014-07-11 12:07 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 15:26 - 2008-04-14 06:00 - 00000503 _____ () C:\WINDOWS\win.ini
2015-01-22 15:26 - 2008-04-14 06:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-01-22 11:43 - 2009-03-13 15:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951978$
2015-01-22 10:52 - 2014-07-11 12:07 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-22 10:52 - 2014-07-11 12:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-22 10:52 - 2012-01-10 17:32 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 22:50 - 2014-01-31 17:10 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-01-20 09:36 - 2013-10-16 13:12 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-01-20 08:27 - 2012-10-02 15:56 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\inkscape
2015-01-20 08:27 - 2009-09-12 07:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-01-20 07:54 - 2012-05-03 12:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-14 14:16 - 2013-10-10 10:05 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\vlc
2015-01-14 14:14 - 2009-05-10 13:17 - 00203264 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-13 21:20 - 2014-01-24 17:40 - 01043712 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-01-13 21:20 - 2009-07-02 08:23 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt
2015-01-13 18:54 - 2009-10-04 09:20 - 00000000 ____D () C:\LM HP
2015-01-13 16:31 - 2009-10-28 22:22 - 00002437 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Streets & Trips 2007.lnk
2015-01-13 15:23 - 2013-07-20 02:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-13 15:00 - 2009-03-13 15:43 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 06:24 - 2010-05-12 09:03 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-12 15:54 - 2009-03-23 20:09 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-01-11 09:30 - 2013-10-02 08:42 - 00000310 _____ () C:\WINDOWS\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2015-01-09 09:46 - 2009-04-12 19:24 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\WMTools Downloaded Files
2015-01-09 09:33 - 2009-04-12 19:20 - 00000182 _____ () C:\WINDOWS\NeroDigital.ini
2015-01-08 15:00 - 2014-03-30 15:33 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-12-27 12:09 - 2011-03-02 10:36 - 00000000 ____D () C:\Program Files\PIC Simulator IDE
2014-12-25 18:52 - 2010-07-22 14:07 - 00128152 ____H () C:\WINDOWS\system32\mlfcache.dat

==================== Files in the root of some directories =======
2013-02-14 16:52 - 2013-02-14 16:52 - 0000336 _____ () C:\Program Files\temp995.bat
2009-11-01 09:51 - 2009-11-01 09:51 - 0002528 _____ () C:\Documents and Settings\Markie\Application Data\$_hpcst$.hpc
2011-05-05 13:54 - 2011-05-05 13:54 - 0038445 _____ () C:\Documents and Settings\Markie\Application Data\Comma Separated Values (DOS).ADR
2011-05-05 13:54 - 2011-05-05 14:01 - 0038446 _____ () C:\Documents and Settings\Markie\Application Data\Comma Separated Values (Windows).ADR
2010-04-13 16:22 - 2010-04-13 16:22 - 0000120 _____ () C:\Documents and Settings\Markie\Application Data\FixVTS.ini
2010-08-12 16:10 - 2010-08-25 21:18 - 0000925 _____ () C:\Documents and Settings\Markie\Application Data\gcgb.ini
2014-02-04 13:15 - 2014-02-13 16:38 - 0000600 _____ () C:\Documents and Settings\Markie\Application Data\winscp.rnd
2010-05-03 21:54 - 2010-05-03 21:54 - 0024576 _____ () C:\Documents and Settings\Markie\Application Data\WSM.exe
2014-05-29 15:08 - 2014-08-20 10:40 - 0265053 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\ars.cache
2014-05-29 15:09 - 2014-08-20 10:42 - 0393582 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\census.cache
2009-05-10 13:17 - 2015-01-14 14:14 - 0203264 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-03-14 07:34 - 2009-03-14 07:34 - 0000129 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\fusioncache.dat
2009-10-18 14:53 - 2009-10-18 14:53 - 0000036 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\housecall.guid.cache
2012-10-01 13:14 - 2014-02-04 14:19 - 0000600 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\PUTTY.RND
2015-01-13 20:32 - 2015-01-13 20:32 - 0004834 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\recently-used.xbel

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 AM

Posted 25 January 2015 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Using the Add/Remove Programs applet remove these programs in bold.
File Opener Packages (HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\File Opener Packages) (Version: - ) <==== ATTENTION
Foxtab (HKLM\...\foxtab) (Version: - FoxTab) <==== ATTENTION!
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:3265;https=127.0.0.1:3265;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1220945662-1532298954-1417001333-1003 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1220945662-1532298954-1417001333-1003 -> {E9DB9E7B-A275-41D1-8158-D0423FBEBDEB} URL = http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms}
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\PROGRA~1\SPYBOT~1\SDHelper.dll No File
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll No File
Toolbar: HKU\S-1-5-21-1220945662-1532298954-1417001333-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll No File
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 bnsdusb; system32\DRIVERS\bnsdusb.sys [X]
S3 catchme; \??\C:\DOCUME~1\Markie\LOCALS~1\Temp\catchme.sys [X]
U2 CertPropSvc; No ImagePath
S3 cmvad; system32\drivers\cmudaxv.sys [X]
S3 DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [X]
S4 IntelIde; No ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S2 PCASp50; system32\drivers\PCASp50.sys [X]
S3 PORTIO; \??\C:\Program Files\PICPgm\PortIO.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 WinRing0_1_2_0; \??\C:\Downloads\Open Hardware Monitor\OpenHardwareMonitor\OpenHardwareMonitor.sys [X]
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Remove the proxy settings.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:3265 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".

If required press the Apply button.
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

Restart the computer normally to reset the registry.

====

How is the computer running now?

#3 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 26 January 2015 - 09:25 AM

Thanks nasdaq!

 

It seems to be running normally once again. Faster boot, machine not as sluggish.

 

For some reason fixlog.txt didn't save on the machine. I looked where FRST is saved, then did a search scan on the drive and could not find it.

 

I did happen to notice some programs running in task manager that I am not familiar with - rapimgr.rxe and jucheck.exe, ALconnect.exe, wcescomm.exe hidfind.exe, Apoint.exe, sqlwriter.exe, sql broweser.exe, sqlserver.exe, and mDNSResponder.exe. There may be 1 or 2 others.

 

Any thoughts or suggestions on those, or any other scans I need to or should run?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 AM

Posted 26 January 2015 - 01:43 PM

I did happen to notice some programs running in task manager that I am not familiar with - rapimgr.rxe and jucheck.exe, ALconnect.exe, wcescomm.exe hidfind.exe, Apoint.exe, sqlwriter.exe, sql broweser.exe, sqlserver.exe, and mDNSResponder.exe. There may be 1 or 2 others.


They look familiar to me.

===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#5 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 26 January 2015 - 02:56 PM

nasdaq,
 
For some reason, the portal wouldn't let me copy/paste so saved as a file and attached.
 
I noted in th efirst run of SecurityCHeck that HiJackThis was out of date. I went ahead and removed it from my computer, as well as a couple of other programs I no longer use, using add/remove programs. But, it still takes 60-90 seconds for add/remove programs to populate. Maybe it's what all I have loaded on this machine - but it might also be an indicator of other issues.
 
thanks again for you help!

Results of screen317's Security Check version 0.99.95
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
Panda Cloud Cleaner
Java 8 Update 31
Java™ SE Development Kit 6 Update 45
Java DB 10.6.2.1
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.296
Adobe Reader XI
Mozilla Firefox (35.0)
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
BillP Studios WinPatrol winpatrol.exe
Trend Micro RUBotted RUBotSrv.exe
Trend Micro RUBotted RUBottedGUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````

Attached Files


Edited by nasdaq, 27 January 2015 - 08:34 AM.
Log of SecurityCheck posted.


#6 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 26 January 2015 - 06:39 PM

nasdaq,

 

I may have spoken too soon to how well the comuter is running - it for certain boots faster. But CPU processing contiues to run at a high percentage (60%-80%) rather than 10%-30% as in the past. Fan runs more so now than it used to as well.

 

I also did another shut-down to test if it does so quickly or lags - turns out it lags, taking about 4 minutes from the time I tell it to "Shut-down" with no other processes intentionally running or having been started. I tired this twice just to be sure it wasn't a fluke from your previous instructions, even though I had done this before as per your instructions.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 AM

Posted 27 January 2015 - 08:40 AM

Remove these old versions of Java using the Add/Remove programs.
Java SE Development Kit 6 Update 45
Java DB 10.6.2.1


===

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#8 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 27 January 2015 - 06:14 PM

nasdaq,

 

Funny, after selecting and right clicking the info in the "Report" window, I never got the ability to select "Copy" (or anything else for that matter). I tried dragging to a blank page on Notepad and it didn't work. I then tried dragging to MSWord, where I didn't get the drag box, but it did at least copy over. To get it to this box, I had to drag it - I couldn't copy/paste to here from the MSWord document.

 

And WOW - aswMBR took about 7 hours to run. I didn't expect that. :-) aswMBR file attached.

 

08:58:22.0531 0x13b4  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
08:58:27.0171 0x13b4  ============================================================
08:58:27.0171 0x13b4  Current date / time: 2015/01/27 08:58:27.0171
08:58:27.0171 0x13b4  SystemInfo:
08:58:27.0171 0x13b4 
08:58:27.0171 0x13b4  OS Version: 5.1.2600 ServicePack: 3.0
08:58:27.0171 0x13b4  Product type: Workstation
08:58:27.0250 0x13b4  ComputerName: MARKDELL
08:58:27.0250 0x13b4  UserName: Markie
08:58:27.0250 0x13b4  Windows directory: C:\WINDOWS
08:58:27.0250 0x13b4  System windows directory: C:\WINDOWS
08:58:27.0250 0x13b4  Processor architecture: Intel x86
08:58:27.0250 0x13b4  Number of processors: 2
08:58:27.0250 0x13b4  Page size: 0x1000
08:58:27.0250 0x13b4  Boot type: Normal boot
08:58:27.0250 0x13b4  ============================================================
08:58:30.0984 0x13b4  KLMD registered as C:\WINDOWS\system32\drivers\84926447.sys
08:58:31.0531 0x13b4  System UUID: {4234F9EF-AF9F-A56D-554C-7AABBFABFDF9}
08:58:36.0000 0x13b4  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:58:36.0015 0x13b4  ============================================================
08:58:36.0015 0x13b4  \Device\Harddisk0\DR0:
08:58:36.0015 0x13b4  MBR partitions:
08:58:36.0015 0x13b4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
08:58:36.0015 0x13b4  ============================================================
08:58:36.0046 0x13b4  C: <-> \Device\Harddisk0\DR0\Partition1
08:58:36.0046 0x13b4  ============================================================
08:58:36.0046 0x13b4  Initialize success
08:58:36.0046 0x13b4  ============================================================
08:58:40.0921 0x1040  ============================================================
08:58:40.0921 0x1040  Scan started
08:58:40.0921 0x1040  Mode: Manual;
08:58:40.0921 0x1040  ============================================================
08:58:40.0921 0x1040  KSN ping started
08:58:41.0343 0x1040  KSN ping finished: true
08:58:44.0906 0x1040  ================ Scan system memory ========================
08:58:44.0953 0x1040  System memory - ok
08:58:44.0953 0x1040  ================ Scan services =============================
08:58:45.0140 0x1040  [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:58:45.0203 0x1040  !SASCORE - ok
08:58:46.0234 0x1040  Abiosdsk - ok
08:58:46.0281 0x1040  abp480n5 - ok
08:58:46.0437 0x1040  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:58:46.0484 0x1040  ACPI - ok
08:58:46.0578 0x1040  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
08:58:46.0578 0x1040  ACPIEC - ok
08:58:46.0796 0x1040  [ A2A9C100FE1BE20A76C0B80D4CA44103, C34B4A31C8563E29EC6A3D318C40075F43C891C23D156F53EE2102C959B7887F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:58:46.0890 0x1040  AdobeFlashPlayerUpdateSvc - ok
08:58:46.0937 0x1040  adpu160m - ok
08:58:47.0125 0x1040  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
08:58:47.0171 0x1040  aec - ok
08:58:47.0296 0x1040  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
08:58:47.0343 0x1040  AFD - ok
08:58:47.0390 0x1040  Aha154x - ok
08:58:47.0437 0x1040  aic78u2 - ok
08:58:47.0484 0x1040  aic78xx - ok
08:58:47.0562 0x1040  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
08:58:47.0578 0x1040  Alerter - ok
08:58:47.0640 0x1040  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
08:58:47.0656 0x1040  ALG - ok
08:58:47.0703 0x1040  AliIde - ok
08:58:47.0750 0x1040  amsint - ok
08:58:47.0890 0x1040  [ 090880E9BF20F928BC341F96D27C019E, 3544F2F8F006351B991994EBC1B0D56AEF55856790978E8CE6D4C8DD60E73F62 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
08:58:47.0921 0x1040  ApfiltrService - ok
08:58:48.0000 0x1040  [ EC94E05B76D033B74394E7B2175103CF, 4F0993951B72478D87AD15A6FC33D3D18FEFAF2A08698CFC63BBD1EDB784B0FE ] APPDRV          C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
08:58:48.0000 0x1040  APPDRV - ok
08:58:48.0187 0x1040  [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:58:48.0218 0x1040  Apple Mobile Device - ok
08:58:48.0359 0x1040  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
08:58:48.0421 0x1040  AppMgmt - ok
08:58:48.0484 0x1040  asc - ok
08:58:48.0531 0x1040  asc3350p - ok
08:58:48.0593 0x1040  asc3550 - ok
08:58:48.0687 0x1040  [ A8FD25A183FAEDD810EFCDDB8118CA50, E5741E4B4646E13DD27A402DBAF4309FD21CBACBAD565ED7911E42F6D08B0DBF ] ASFIPmon        C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
08:58:48.0718 0x1040  ASFIPmon - ok
08:58:49.0031 0x1040  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:58:49.0046 0x1040  aspnet_state - ok
08:58:49.0140 0x1040  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:58:49.0140 0x1040  AsyncMac - ok
08:58:49.0265 0x1040  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
08:58:49.0296 0x1040  atapi - ok
08:58:49.0343 0x1040  Atdisk - ok
08:58:49.0437 0x1040  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:58:49.0453 0x1040  Atmarpc - ok
08:58:49.0531 0x1040  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
08:58:49.0546 0x1040  AudioSrv - ok
08:58:49.0640 0x1040  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
08:58:49.0656 0x1040  audstub - ok
08:58:49.0812 0x1040  [ 9F29157695EE58875B06724743CE9C42, B98FA8070CAB75A972C0877B8B575EF887B4701351177A84D8561412474C31F3 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
08:58:49.0843 0x1040  Autodesk Licensing Service - ok
08:58:49.0968 0x1040  [ C0ACD392ECE55784884CC208AAFA06CE, B87B47062E2BAFED50D0A9CC83D00B986298A2A9E33B52D5EA331CDC5C046C56 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
08:58:50.0015 0x1040  b57w2k - ok
08:58:50.0140 0x1040  [ 3D87B0484BE1093C6614062701F375C5, 88BE4A9AD309F8258A8509AF9B60421449CE039C1809A5BCE83B2174D5EAE082 ] BASFND          C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
08:58:50.0140 0x1040  BASFND - ok
08:58:51.0234 0x1040  [ 345D38F298368DD6B0DF5C4F37457A22, 78CFEE7E45966E645ACD912052C018B701040EF4E1F00B349397F9E287A8F8EB ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
08:58:52.0156 0x1040  BCM43XX - ok
08:58:52.0312 0x1040  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
08:58:52.0312 0x1040  Beep - ok
08:58:52.0515 0x1040  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
08:58:52.0671 0x1040  BITS - ok
08:58:52.0718 0x1040  bnsdusb - ok
08:58:52.0968 0x1040  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:58:53.0109 0x1040  Bonjour Service - ok
08:58:53.0234 0x1040  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
08:58:53.0265 0x1040  Browser - ok
08:58:53.0406 0x1040  [ B279426E3C0C344893ED78A613A73BDE, 30B29ED5DCFF0C180B806A5FBC705E1CAF6B0F525298CDA79A77FC2AF6E5AAA7 ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
08:58:53.0406 0x1040  BthEnum - ok
08:58:53.0484 0x1040  [ FCA6F069597B62D42495191ACE3FC6C1, 23A4EAA542547AC48BCB19DEC9C8E1C1D7D83F199F045DA4682C33292F011CE9 ] BTHMODEM        C:\WINDOWS\system32\DRIVERS\bthmodem.sys
08:58:53.0500 0x1040  BTHMODEM - ok
08:58:53.0640 0x1040  [ 80602B8746D3738F5886CE3D67EF06B6, 15ABAA8106C42A4453763EEB92B291844580168C934088DB1E22B2065DC238E9 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
08:58:53.0671 0x1040  BthPan - ok
08:58:53.0890 0x1040  [ 662BFD909447DD9CC15B1A1C366583B4, 2E012304336769C24A6EFB4D975BA3F21289827A5EB4C9A8216E941344348447 ] BTHPORT         C:\WINDOWS\system32\Drivers\BTHport.sys
08:58:53.0984 0x1040  BTHPORT - ok
08:58:54.0109 0x1040  [ F4C43C66471B87996D95DB7A3A664A37, C7324DBF75376578EC254FD64E2564FEF9A35B58DFE1095389F769F37EA68B21 ] BthServ         C:\WINDOWS\System32\bthserv.dll
08:58:54.0125 0x1040  BthServ - ok
08:58:54.0203 0x1040  [ 61364CD71EF63B0F038B7E9DF00F1EFA, FB44D02B4379A8AF7DD8B0B22B53888B758903700142BFE45A412709294CE88A ] BTHUSB          C:\WINDOWS\system32\Drivers\BTHUSB.sys
08:58:54.0218 0x1040  BTHUSB - ok
08:58:54.0296 0x1040  [ 28D8D2902E88C59C0F15BD88E318E7EF, 061ABD99791FE9F7119D8E4AF8D7BA8CF2BC6C756C8E50F7F47A621AC4076650 ] BUFADPT         C:\WINDOWS\system32\BUFADPT.SYS
08:58:54.0296 0x1040  BUFADPT - ok
08:58:54.0531 0x1040  catchme - ok
08:58:54.0625 0x1040  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
08:58:54.0625 0x1040  cbidf2k - ok
08:58:54.0718 0x1040  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:58:54.0718 0x1040  CCDECODE - ok
08:58:54.0796 0x1040  cd20xrnt - ok
08:58:54.0906 0x1040  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
08:58:54.0921 0x1040  Cdaudio - ok
08:58:54.0984 0x1040  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
08:58:55.0015 0x1040  Cdfs - ok
08:58:55.0125 0x1040  [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:58:55.0156 0x1040  Cdrom - ok
08:58:55.0203 0x1040  Changer - ok
08:58:55.0281 0x1040  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] cisvc           C:\WINDOWS\system32\cisvc.exe
08:58:55.0296 0x1040  cisvc - ok
08:58:55.0359 0x1040  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
08:58:55.0375 0x1040  ClipSrv - ok
08:58:55.0515 0x1040  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:58:55.0546 0x1040  clr_optimization_v2.0.50727_32 - ok
08:58:55.0656 0x1040  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:58:55.0703 0x1040  clr_optimization_v4.0.30319_32 - ok
08:58:55.0781 0x1040  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:58:55.0796 0x1040  CmBatt - ok
08:58:55.0828 0x1040  CmdIde - ok
08:58:55.0921 0x1040  cmvad - ok
08:58:55.0984 0x1040  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:58:56.0000 0x1040  Compbatt - ok
08:58:56.0078 0x1040  COMSysApp - ok
08:58:56.0171 0x1040  Cpqarray - ok
08:58:56.0265 0x1040  [ D01F685F8B4598D144B0CCE9FF95D8D5, A68EF814CDBD7291DEF4745FE14D5080041BD3275AB12629C7811506AF2B8E17 ] cpudrv          C:\Program Files\SystemRequirementsLab\cpudrv.sys
08:58:56.0281 0x1040  cpudrv - ok
08:58:56.0296 0x1040  Crypkey License - ok
08:58:56.0406 0x1040  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
08:58:56.0437 0x1040  CryptSvc - ok
08:58:56.0500 0x1040  dac2w2k - ok
08:58:56.0546 0x1040  dac960nt - ok
08:58:56.0812 0x1040  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
08:58:56.0984 0x1040  DcomLaunch - ok
08:58:57.0125 0x1040  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
08:58:57.0171 0x1040  Dhcp - ok
08:58:57.0265 0x1040  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
08:58:57.0296 0x1040  Disk - ok
08:58:57.0328 0x1040  dmadmin - ok
08:58:57.0656 0x1040  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
08:58:57.0937 0x1040  dmboot - ok
08:58:58.0062 0x1040  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
08:58:58.0109 0x1040  dmio - ok
08:58:58.0187 0x1040  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
08:58:58.0187 0x1040  dmload - ok
08:58:58.0281 0x1040  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
08:58:58.0296 0x1040  dmserver - ok
08:58:58.0406 0x1040  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
08:58:58.0421 0x1040  DMusic - ok
08:58:58.0515 0x1040  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
08:58:58.0546 0x1040  Dnscache - ok
08:58:58.0625 0x1040  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
08:58:58.0671 0x1040  Dot3svc - ok
08:58:58.0718 0x1040  dpti2o - ok
08:58:58.0843 0x1040  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
08:58:58.0843 0x1040  drmkaud - ok
08:58:58.0875 0x1040  DSproct - ok
08:58:58.0937 0x1040  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
08:58:58.0968 0x1040  EapHost - ok
08:58:59.0031 0x1040  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
08:58:59.0046 0x1040  ERSvc - ok
08:58:59.0171 0x1040  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
08:58:59.0218 0x1040  Eventlog - ok
08:58:59.0375 0x1040  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
08:58:59.0468 0x1040  EventSystem - ok
08:58:59.0640 0x1040  [ 3EF58F2EAE3AECAB45D682152DB2F67D, 61A0904D27572B1129B17CE073AEBF30E26398D8B9BD8279458D1A4363555467 ] exFat           C:\WINDOWS\system32\drivers\exFat.sys
08:58:59.0703 0x1040  exFat - ok
08:59:00.0015 0x1040  [ 81A65244D3FFBEDA568576BB72B510F2, 2A70D7B5C4791E0CCABCCE781A2AA64B016E00A1281A34A9BA99D6CD029D2EF5 ] Ext2Fsd         C:\WINDOWS\system32\drivers\Ext2Fsd.sys
08:59:00.0234 0x1040  Ext2Fsd - ok
08:59:00.0296 0x1040  [ 0DD24DABB0B8C4AC0D8F2EBF0492276A, E1102D124AE7902CCD1B951B59FCA6E0194E1C59DB97E4555724B4201E2146C5 ] fanio           C:\WINDOWS\system32\drivers\fanio.sys
08:59:00.0312 0x1040  fanio - ok
08:59:00.0421 0x1040  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
08:59:00.0468 0x1040  Fastfat - ok
08:59:00.0593 0x1040  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:59:00.0656 0x1040  FastUserSwitchingCompatibility - ok
08:59:00.0828 0x1040  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
08:59:00.0937 0x1040  Fax - ok
08:59:01.0046 0x1040  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
08:59:01.0062 0x1040  Fdc - ok
08:59:01.0125 0x1040  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
08:59:01.0140 0x1040  Fips - ok
08:59:01.0453 0x1040  [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:59:01.0671 0x1040  FLEXnet Licensing Service - ok
08:59:01.0734 0x1040  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
08:59:01.0734 0x1040  Flpydisk - ok
08:59:01.0843 0x1040  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:59:01.0890 0x1040  FltMgr - ok
08:59:02.0031 0x1040  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:59:02.0046 0x1040  FontCache3.0.0.0 - ok
08:59:02.0125 0x1040  [ C865B83411D7347627A4BEEC22543FB1, 40F2232892CABF192903DA148ABD359F6FC0C5A21AC0B61EDC011C7CC4AA54BF ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:59:02.0125 0x1040  Fs_Rec - ok
08:59:02.0218 0x1040  [ B7AA8283EC551D3A3B924E520E0621A7, 648D93BCBEC0CE98D4F7E899F276A72F107A87C4215E07399961511DA3C39FDE ] FTDIBUS         C:\WINDOWS\system32\drivers\ftdibus.sys
08:59:02.0250 0x1040  FTDIBUS - ok
08:59:02.0343 0x1040  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:59:02.0390 0x1040  Ftdisk - ok
08:59:02.0546 0x1040  [ 596D31583CE332B5514520D74837F434, 1B84F909A462CFA5435C3A0C385A397744E9971415A192D62FA31E3A9B0FC445 ] FTSER2K         C:\WINDOWS\system32\drivers\ftser2k.sys
08:59:02.0578 0x1040  FTSER2K - ok
08:59:02.0656 0x1040  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:59:02.0671 0x1040  GEARAspiWDM - ok
08:59:02.0750 0x1040  [ 77EBF3E9386DAA51551AF429052D88D0, 94C3294BB9E14B07448734AE65B37801D3FF15BEC987D182A929A017FEF7B276 ] giveio          C:\WINDOWS\system32\giveio.sys
08:59:02.0765 0x1040  giveio - ok
08:59:02.0843 0x1040  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:59:02.0859 0x1040  Gpc - ok
08:59:02.0937 0x1040  [ 6003BC70F1A8307262BD3C941BDA0B7E, E820EB4B7099687831A67D37F6004A58968D3B89BF7F964848191455E4DA3AF0 ] grmnusb         C:\WINDOWS\system32\drivers\grmnusb.sys
08:59:02.0953 0x1040  grmnusb - ok
08:59:03.0109 0x1040  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
08:59:03.0156 0x1040  gupdate - ok
08:59:03.0218 0x1040  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
08:59:03.0265 0x1040  gupdatem - ok
08:59:03.0375 0x1040  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:59:03.0421 0x1040  HDAudBus - ok
08:59:03.0578 0x1040  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:59:03.0593 0x1040  helpsvc - ok
08:59:03.0671 0x1040  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
08:59:03.0687 0x1040  HidServ - ok
08:59:03.0781 0x1040  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:59:03.0781 0x1040  HidUsb - ok
08:59:03.0859 0x1040  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
08:59:03.0890 0x1040  hkmsvc - ok
08:59:03.0937 0x1040  hpn - ok
08:59:04.0109 0x1040  [ 1C8CAA80E91FB71864E9426F9EED048D, 2D5AC07A984235E5E01604A64740D1E96F16F0CB09F2D6331CF4B5871C6FABBA ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
08:59:04.0171 0x1040  HSFHWAZL - ok
08:59:04.0640 0x1040  [ E8EC1767EA315A39A0DD8989952CA0E9, E7586CF0D4F2898E551E51035D7979B6EAF5E20B40FDDFA6297B84E171DB9016 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
08:59:05.0015 0x1040  HSF_DPV - ok
08:59:05.0125 0x1040  [ 61478FA42EE04562E7F11F4DCA87E9C8, 3F54BE008E0D109B00BC2B069B5D509FE784D399B0F5E856E651B12021F0DBA0 ] HSXHWAZL        C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
08:59:05.0187 0x1040  HSXHWAZL - ok
08:59:05.0359 0x1040  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
08:59:05.0484 0x1040  HTTP - ok
08:59:05.0593 0x1040  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
08:59:05.0609 0x1040  HTTPFilter - ok
08:59:05.0656 0x1040  i2omgmt - ok
08:59:05.0703 0x1040  i2omp - ok
08:59:05.0812 0x1040  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:59:05.0843 0x1040  i8042prt - ok
08:59:07.0921 0x1040  [ E8C7CC369C2FB657E0792AF70DF529E6, 2EDE19EE792A3222DAEEBE36B223715D5A81EB9C3354E3C7AF405D4C950B8E92 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:59:09.0890 0x1040  ialm - ok
08:59:10.0171 0x1040  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
08:59:10.0203 0x1040  IDriverT - ok
08:59:10.0640 0x1040  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:59:10.0921 0x1040  idsvc - ok
08:59:11.0109 0x1040  [ DB3C22745C0DA4666F3BE31F1AF36B2F, 2FE9A0F157AF9FB3CA03B8D4E706213E63E388206A8C04EF4A84E0D7A364A3A6 ] IISADMIN        C:\WINDOWS\system32\inetsrv\inetinfo.exe
08:59:11.0109 0x1040  IISADMIN - ok
08:59:11.0203 0x1040  [ 552B6B3B889020B8A2D5525068A494B4, CCDB625F247F34323C39E597C0C8445B4C76309748AC64AA3319F92B0567C0A2 ] imagedrv        C:\WINDOWS\system32\Drivers\imagedrv.sys
08:59:11.0218 0x1040  imagedrv - ok
08:59:11.0312 0x1040  [ 1BE72919F1B489FB8C06AE7CEF45C659, 2A83B66C3FBE0912E8D17653A15D22BE76E85E0974361F473E40C9647CD9CEF4 ] imagesrv        C:\WINDOWS\system32\DRIVERS\imagesrv.sys
08:59:11.0343 0x1040  imagesrv - ok
08:59:11.0437 0x1040  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
08:59:11.0453 0x1040  Imapi - ok
08:59:11.0593 0x1040  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
08:59:11.0656 0x1040  ImapiService - ok
08:59:11.0734 0x1040  ini910u - ok
08:59:11.0796 0x1040  IntelIde - ok
08:59:11.0906 0x1040  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:59:11.0921 0x1040  intelppm - ok
08:59:12.0000 0x1040  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:59:12.0015 0x1040  Ip6Fw - ok
08:59:12.0109 0x1040  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:59:12.0125 0x1040  IpFilterDriver - ok
08:59:12.0187 0x1040  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:59:12.0203 0x1040  IpInIp - ok
08:59:12.0328 0x1040  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:59:12.0375 0x1040  IpNat - ok
08:59:12.0640 0x1040  [ 4D800977F7EB0C310AF04BF5B517985A, DD4EC347D4759AC401BD08739DE012E5F1903DF2EDEBEA17CCD3C19FF1F6005E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:59:12.0796 0x1040  iPod Service - ok
08:59:12.0921 0x1040  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:59:12.0953 0x1040  IPSec - ok
08:59:13.0015 0x1040  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
08:59:13.0031 0x1040  IRENUM - ok
08:59:13.0125 0x1040  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:59:13.0140 0x1040  isapnp - ok
08:59:13.0234 0x1040  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:59:13.0234 0x1040  Kbdclass - ok
08:59:13.0312 0x1040  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:59:13.0328 0x1040  kbdhid - ok
08:59:13.0437 0x1040  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
08:59:13.0500 0x1040  kmixer - ok
08:59:13.0578 0x1040  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
08:59:13.0609 0x1040  KSecDD - ok
08:59:13.0718 0x1040  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
08:59:13.0781 0x1040  LanmanServer - ok
08:59:13.0906 0x1040  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:59:13.0984 0x1040  lanmanworkstation - ok
08:59:14.0015 0x1040  Lavasoft Kernexplorer - ok
08:59:14.0078 0x1040  lbrtfdc - ok
08:59:14.0218 0x1040  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
08:59:14.0234 0x1040  LmHosts - ok
08:59:14.0328 0x1040  [ 1A7DB7A00A4B0D8DA24CD691A4547291, 604E29E827841EA06313172D9063FD946CE592BF844CEA8D10173CAA397704F8 ] LVPr2Mon        C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
08:59:14.0328 0x1040  LVPr2Mon - ok
08:59:14.0484 0x1040  [ 0DDFDCAA92C7F553328DB06BA599BEA9, DB779E38B1CF1CAD69193857043F8ED8BBEB603E97363CD798F6699431D94A41 ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
08:59:14.0531 0x1040  LVPrcSrv - ok
08:59:14.0640 0x1040  [ FFB32E70D735146F5630DC7A96B6E1A8, DE1A8CF40FB077FA9AB04D4C292DBD8E42643A822CA5C4B90EC992802EF6765E ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
08:59:14.0671 0x1040  mbamchameleon - ok
08:59:14.0875 0x1040  [ 8FD868E32459ECE2A1BB0169F513D31E, F28E47FBEC8EC8424FFFB359668E0FEEA66A69E9D737D75472934FAC39770390 ] mcdbus          C:\WINDOWS\system32\DRIVERS\mcdbus.sys
08:59:14.0921 0x1040  mcdbus - ok
08:59:15.0015 0x1040  [ E246A32C445056996074A397DA56E815, 5CD5B22840151CAC1FC990C3E468E5382DCC3F89EFD8CE422B9B10B5BEB6F990 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:59:15.0031 0x1040  mdmxsdk - ok
08:59:15.0140 0x1040  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
08:59:15.0156 0x1040  Messenger - ok
08:59:15.0265 0x1040  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
08:59:15.0265 0x1040  mnmdd - ok
08:59:15.0375 0x1040  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
08:59:15.0390 0x1040  mnmsrvc - ok
08:59:15.0468 0x1040  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
08:59:15.0484 0x1040  Modem - ok
08:59:15.0531 0x1040  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:59:15.0546 0x1040  Mouclass - ok
08:59:15.0625 0x1040  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:59:15.0625 0x1040  mouhid - ok
08:59:15.0687 0x1040  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
08:59:15.0703 0x1040  MountMgr - ok
08:59:15.0843 0x1040  [ 9E587AFE2AD4873C809F1E0C598AB435, 0B0ECFF265120BCBAC37CF9B53B18462725AB991D00B90DBEE8DD9375121DA4F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:59:15.0906 0x1040  MozillaMaintenance - ok
08:59:15.0953 0x1040  mraid35x - ok
08:59:16.0093 0x1040  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:59:16.0171 0x1040  MRxDAV - ok
08:59:16.0515 0x1040  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:59:16.0718 0x1040  MRxSmb - ok
08:59:16.0828 0x1040  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
08:59:16.0843 0x1040  MSDTC - ok
08:59:16.0968 0x1040  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
08:59:16.0984 0x1040  Msfs - ok
08:59:17.0078 0x1040  MSIServer - ok
08:59:17.0203 0x1040  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:59:17.0203 0x1040  MSKSSRV - ok
08:59:17.0265 0x1040  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:59:17.0281 0x1040  MSPCLOCK - ok
08:59:17.0359 0x1040  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
08:59:17.0359 0x1040  MSPQM - ok
08:59:17.0484 0x1040  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:59:17.0500 0x1040  mssmbios - ok
08:59:17.0609 0x1040  MSSQL$MSSMLBIZ - ok
08:59:17.0671 0x1040  [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
08:59:17.0687 0x1040  MSSQLServerADHelper - ok
08:59:17.0781 0x1040  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
08:59:17.0781 0x1040  MSTEE - ok
08:59:17.0921 0x1040  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
08:59:17.0968 0x1040  Mup - ok
08:59:18.0093 0x1040  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:59:18.0125 0x1040  NABTSFEC - ok
08:59:18.0187 0x1040  [ 8DB3CEED224782195B5CAF6ED58F1EA8, A2571531C6B384003BAD06003BE01E75FCD489B7B2D04C3D072B10F08F50B33B ] NAL             C:\WINDOWS\system32\Drivers\iqvw32.sys
08:59:18.0203 0x1040  NAL - ok
08:59:18.0359 0x1040  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
08:59:18.0484 0x1040  napagent - ok
08:59:18.0890 0x1040  [ B498A14133BD09AD0817590ACE4470AD, 14CCC922C6596C97A5CF580209C4AFB6138A8FFD3A0E60CD506810DFCBC43A1A ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
08:59:19.0140 0x1040  NBService - ok
08:59:19.0281 0x1040  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
08:59:19.0343 0x1040  NDIS - ok
08:59:19.0484 0x1040  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:59:19.0500 0x1040  NdisIP - ok
08:59:19.0578 0x1040  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:59:19.0578 0x1040  NdisTapi - ok
08:59:19.0687 0x1040  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:59:19.0703 0x1040  Ndisuio - ok
08:59:19.0812 0x1040  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:59:19.0843 0x1040  NdisWan - ok
08:59:19.0953 0x1040  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
08:59:19.0968 0x1040  NDProxy - ok
08:59:20.0062 0x1040  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
08:59:20.0078 0x1040  NetBIOS - ok
08:59:20.0203 0x1040  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
08:59:20.0265 0x1040  NetBT - ok
08:59:20.0390 0x1040  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
08:59:20.0453 0x1040  NetDDE - ok
08:59:20.0515 0x1040  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
08:59:20.0562 0x1040  NetDDEdsdm - ok
08:59:20.0625 0x1040  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
08:59:20.0640 0x1040  Netlogon - ok
08:59:20.0750 0x1040  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
08:59:20.0843 0x1040  Netman - ok
08:59:20.0953 0x1040  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:59:21.0000 0x1040  NetTcpPortSharing - ok
08:59:21.0265 0x1040  [ C82DCFCC00C10B91346ABB953FF79EE8, 93E3C26350E4CDD96A7823DEA27F76B188EE1AA7E2100385C76A84CE908DF921 ] NICCONFIGSVC    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
08:59:21.0421 0x1040  NICCONFIGSVC - ok
08:59:21.0578 0x1040  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
08:59:21.0671 0x1040  Nla - ok
08:59:21.0906 0x1040  [ A328A46D87BB92CE4D8A4528E9D84787, D3245ED700151111592BA82FB675B284DA7FCE52B07A7F68352F64A402CAB37C ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
08:59:22.0031 0x1040  NMIndexingService - ok
08:59:22.0140 0x1040  [ 25401B0C9576C8456B3E0BBD74FF0771, BB569C99360A631850537DC2EDA0BF85D091CC30BD98B3FD2AC9DABDFB7741DA ] NPF             C:\WINDOWS\system32\drivers\npf.sys
08:59:22.0156 0x1040  NPF - ok
08:59:22.0250 0x1040  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
08:59:22.0265 0x1040  Npfs - ok
08:59:22.0531 0x1040  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
08:59:22.0718 0x1040  Ntfs - ok
08:59:22.0828 0x1040  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
08:59:22.0859 0x1040  NtLmSsp - ok
08:59:23.0093 0x1040  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
08:59:23.0234 0x1040  NtmsSvc - ok
08:59:23.0312 0x1040  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
08:59:23.0328 0x1040  Null - ok
08:59:23.0406 0x1040  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:59:23.0421 0x1040  NwlnkFlt - ok
08:59:23.0468 0x1040  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:59:23.0484 0x1040  NwlnkFwd - ok
08:59:23.0734 0x1040  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:59:23.0906 0x1040  odserv - ok
08:59:24.0265 0x1040  [ 23C174EC55755A42D8AA896019B8EB35, 7DC7D965AA960DFFA61240B3545E33EEFA8693AE9E97BDE38F0931AA440A2147 ] oneuport        C:\WINDOWS\system32\DRIVERS\oneuport.sys
08:59:24.0562 0x1040  oneuport - ok
08:59:24.0703 0x1040  [ 31AAADB396E389F49BE0E9E7A49A7942, F0DEDC96F8781B0160F72B5A103B44A00A312E9C00EDB3E1BDB3577635EA23F0 ] OpenVPNService  C:\Program Files\OpenVPN\bin\openvpnserv.exe
08:59:24.0718 0x1040  OpenVPNService - ok
08:59:24.0828 0x1040  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:59:24.0890 0x1040  ose - ok
08:59:25.0062 0x1040  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
08:59:25.0093 0x1040  Parport - ok
08:59:25.0140 0x1040  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
08:59:25.0156 0x1040  PartMgr - ok
08:59:25.0234 0x1040  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
08:59:25.0234 0x1040  ParVdm - ok
08:59:25.0281 0x1040  PCASp50 - ok
08:59:25.0375 0x1040  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
08:59:25.0406 0x1040  PCI - ok
08:59:25.0453 0x1040  PCIDump - ok
08:59:25.0531 0x1040  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
08:59:25.0546 0x1040  PCIIde - ok
08:59:25.0640 0x1040  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
08:59:25.0687 0x1040  Pcmcia - ok
08:59:25.0734 0x1040  PDCOMP - ok
08:59:25.0796 0x1040  PDFRAME - ok
08:59:25.0875 0x1040  PDRELI - ok
08:59:25.0968 0x1040  PDRFRAME - ok
08:59:26.0031 0x1040  perc2 - ok
08:59:26.0109 0x1040  perc2hib - ok
08:59:26.0453 0x1040  [ D2D2FA02B722336960EEAE0AE7107891, 540281F30827787A94466EAE675208D5989D28B389153E1C7F18972B56233AB8 ] PID_0928        C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
08:59:26.0625 0x1040  PID_0928 - ok
08:59:26.0718 0x1040  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
08:59:26.0781 0x1040  PlugPlay - ok
08:59:26.0828 0x1040  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
08:59:26.0843 0x1040  PolicyAgent - ok
08:59:26.0906 0x1040  PORTIO - ok
08:59:27.0000 0x1040  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:59:27.0015 0x1040  PptpMiniport - ok
08:59:27.0093 0x1040  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:59:27.0109 0x1040  ProtectedStorage - ok
08:59:27.0218 0x1040  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
08:59:27.0250 0x1040  PSched - ok
08:59:27.0359 0x1040  [ 05A0C2744CEAC6F1B723EC469B650EF0, D9F2E0E4431217C6A7CDE38D36362CD5A06E93B9F45F92638120EF151089B370 ] PSKMAD          C:\WINDOWS\system32\DRIVERS\PSKMAD.sys
08:59:27.0375 0x1040  PSKMAD - ok
08:59:27.0421 0x1040  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:59:27.0421 0x1040  Ptilink - ok
08:59:27.0500 0x1040  ql1080 - ok
08:59:27.0562 0x1040  Ql10wnt - ok
08:59:27.0625 0x1040  ql12160 - ok
08:59:27.0687 0x1040  ql1240 - ok
08:59:27.0734 0x1040  ql1280 - ok
08:59:27.0828 0x1040  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:59:27.0843 0x1040  RasAcd - ok
08:59:27.0953 0x1040  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
08:59:28.0000 0x1040  RasAuto - ok
08:59:28.0062 0x1040  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:59:28.0093 0x1040  Rasl2tp - ok
08:59:28.0218 0x1040  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
08:59:28.0312 0x1040  RasMan - ok
08:59:28.0375 0x1040  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:59:28.0390 0x1040  RasPppoe - ok
08:59:28.0453 0x1040  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
08:59:28.0453 0x1040  Raspti - ok
08:59:28.0593 0x1040  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:59:28.0656 0x1040  Rdbss - ok
08:59:28.0765 0x1040  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:59:28.0781 0x1040  RDPCDD - ok
08:59:28.0921 0x1040  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:59:29.0000 0x1040  rdpdr - ok
08:59:29.0125 0x1040  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
08:59:29.0171 0x1040  RDPWD - ok
08:59:29.0312 0x1040  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
08:59:29.0375 0x1040  RDSessMgr - ok
08:59:29.0484 0x1040  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
08:59:29.0500 0x1040  redbook - ok
08:59:29.0609 0x1040  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
08:59:29.0640 0x1040  RemoteAccess - ok
08:59:29.0734 0x1040  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
08:59:29.0781 0x1040  RemoteRegistry - ok
08:59:29.0906 0x1040  [ 851C30DF2807FCFA21E4C681A7D6440E, C2269B8ED4E831664B83F8F3BE33E5A340206A9E07F89CDF6707EAD8F280FBE9 ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
08:59:29.0921 0x1040  RFCOMM - ok
08:59:30.0000 0x1040  RimUsb - ok
08:59:30.0093 0x1040  [ 2C4FB2E9F039287767C384E46EE91030, 5290E9457256C007A3FCAE246D0C536179C54D9F4B365E3143B9D0764FCBFCDB ] RimVSerPort     C:\WINDOWS\system32\DRIVERS\RimSerial.sys
08:59:30.0109 0x1040  RimVSerPort - ok
08:59:30.0187 0x1040  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
08:59:30.0203 0x1040  ROOTMODEM - ok
08:59:30.0250 0x1040  RoxLiveShare9 - ok
08:59:30.0375 0x1040  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
08:59:30.0406 0x1040  rpcapd - ok
08:59:30.0484 0x1040  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
08:59:30.0515 0x1040  RpcLocator - ok
08:59:30.0703 0x1040  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
08:59:30.0906 0x1040  RpcSs - ok
08:59:31.0031 0x1040  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
08:59:31.0093 0x1040  RSVP - ok
08:59:31.0187 0x1040  [ F1813D9E031B0E2E090AC6489FFD1007, F99F25628F6529F9A3FC80F32522CF9B3DE549730DD04B1126C66CC79CA668C7 ] RT-USB          C:\WINDOWS\system32\drivers\RT-USB.SYS
08:59:31.0218 0x1040  RT-USB - ok
08:59:31.0250 0x1040  RTL8192cu - ok
08:59:31.0515 0x1040  [ 45F606823EAA469582318C722C76A29D, 1016FBE111638AE369F7C5FF6CA33178FD6CB06D361F3B488DE6C4D85A22253A ] RUBotSrv        C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
08:59:31.0656 0x1040  RUBotSrv - ok
08:59:31.0734 0x1040  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
08:59:31.0750 0x1040  SamSs - ok
08:59:31.0812 0x1040  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:59:31.0828 0x1040  SASDIFSV - ok
08:59:31.0890 0x1040  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:59:31.0921 0x1040  SASKUTIL - ok
08:59:32.0031 0x1040  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
08:59:32.0078 0x1040  SCardSvr - ok
08:59:32.0218 0x1040  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
08:59:32.0296 0x1040  Schedule - ok
08:59:32.0375 0x1040  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:59:32.0375 0x1040  Secdrv - ok
08:59:32.0468 0x1040  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
08:59:32.0500 0x1040  seclogon - ok
08:59:32.0546 0x1040  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
08:59:32.0593 0x1040  SENS - ok
08:59:32.0718 0x1040  [ A59E73BCB63F4F30183CF0A22C29FAF5, 93CF065D48B5110F7E49B7079736C7E7841B7303B89410AA4544725AE6C49497 ] Ser2pl          C:\WINDOWS\system32\DRIVERS\ser2pl.sys
08:59:32.0765 0x1040  Ser2pl - ok
08:59:32.0828 0x1040  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
08:59:32.0843 0x1040  serenum - ok
08:59:32.0921 0x1040  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
08:59:32.0953 0x1040  Serial - ok
08:59:33.0140 0x1040  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
08:59:33.0156 0x1040  Sfloppy - ok
08:59:33.0328 0x1040  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
08:59:33.0453 0x1040  SharedAccess - ok
08:59:33.0562 0x1040  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:59:33.0625 0x1040  ShellHWDetection - ok
08:59:33.0687 0x1040  Simbad - ok
08:59:33.0781 0x1040  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:59:33.0781 0x1040  SLIP - ok
08:59:33.0937 0x1040  [ DB3C22745C0DA4666F3BE31F1AF36B2F, 2FE9A0F157AF9FB3CA03B8D4E706213E63E388206A8C04EF4A84E0D7A364A3A6 ] SMTPSVC         C:\WINDOWS\system32\inetsrv\inetinfo.exe
08:59:33.0953 0x1040  SMTPSVC - ok
08:59:34.0062 0x1040  [ E78C98378A071CE4D48A7C514FA98FA1, 69F6345DA8D976C4535BFA338DF462A393E809115A58BC6F29F55A48C0A884C6 ] snapman         C:\WINDOWS\system32\DRIVERS\snapman.sys
08:59:34.0109 0x1040  snapman - ok
08:59:34.0203 0x1040  [ 60C377BE6B3CC83F6A8584934B181D2E, 58F94CAD0149F634BE2F630A39561073F9399A904E3E3143C0D0BEC348A0C3B2 ] SNMP            C:\WINDOWS\System32\snmp.exe
08:59:34.0234 0x1040  SNMP - ok
08:59:34.0281 0x1040  [ 80A050795A107A76C2B1CD4CFBE010E6, DA5BFB0E8E990BE998F1ED5991CA3318A99E0F252669CE9FAE2EF67C535140B8 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
08:59:34.0312 0x1040  SNMPTRAP - ok
08:59:34.0343 0x1040  Sparrow - ok
08:59:34.0406 0x1040  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
08:59:34.0406 0x1040  splitter - ok
08:59:34.0500 0x1040  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
08:59:34.0546 0x1040  Spooler - ok
08:59:34.0656 0x1040  [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
08:59:34.0734 0x1040  SQLBrowser - ok
08:59:34.0859 0x1040  [ D89083C4EB02DACA8F944B0E05E57F9D, F96416B5877C280B4EE088A83956E0202F82DC5EACDEEFF06D5979FFFAA9FA74 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:59:34.0890 0x1040  SQLWriter - ok
08:59:34.0968 0x1040  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
08:59:34.0984 0x1040  sr - ok
08:59:35.0171 0x1040  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
08:59:35.0250 0x1040  srservice - ok
08:59:35.0421 0x1040  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
08:59:35.0562 0x1040  Srv - ok
08:59:35.0656 0x1040  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
08:59:35.0703 0x1040  SSDPSRV - ok
08:59:35.0765 0x1040  [ 306521935042FC0A6988D528643619B3, 6FCC06EA71F5C83A8C3A8B7152E9FF48BCFBD35ED8C134A0879735F9135BB20C ] StarOpen        C:\WINDOWS\system32\drivers\StarOpen.sys
08:59:35.0765 0x1040  StarOpen - ok
08:59:36.0312 0x1040  [ 951801DFB54D86F611F0AF47825476F9, 96A4453AB42953E6FE57377D125AFEB98B18901E1D8450CA96CE3304FBF79A90 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
08:59:36.0718 0x1040  STHDA - ok
08:59:36.0812 0x1040  [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
08:59:36.0812 0x1040  StillCam - ok
08:59:36.0984 0x1040  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
08:59:37.0109 0x1040  stisvc - ok
08:59:37.0203 0x1040  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:59:37.0218 0x1040  streamip - ok
08:59:37.0281 0x1040  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
08:59:37.0296 0x1040  swenum - ok
08:59:37.0359 0x1040  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
08:59:37.0375 0x1040  swmidi - ok
08:59:37.0437 0x1040  SwPrv - ok
08:59:37.0484 0x1040  symc810 - ok
08:59:37.0546 0x1040  symc8xx - ok
08:59:37.0609 0x1040  sym_hi - ok
08:59:37.0687 0x1040  sym_u3 - ok
08:59:37.0765 0x1040  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
08:59:37.0796 0x1040  sysaudio - ok
08:59:37.0906 0x1040  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
08:59:37.0953 0x1040  SysmonLog - ok
08:59:38.0125 0x1040  [ 8CF6E2AE1707D82E904ECCA68CEF8B87, 623765F0E5521B9EDDDEF3A3683C2E4A1FB6D96E80CC7CD22426066FE0D4843A ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys
08:59:38.0140 0x1040  tap0901 - ok
08:59:38.0265 0x1040  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
08:59:38.0375 0x1040  TapiSrv - ok
08:59:38.0515 0x1040  [ 5D8C820E2D885C25FFC6BBC5D4FE073C, 1C2DB18B0727C816BED424AED629B07C2E94B121157528709A1386FF1AA8BC25 ] tbhsd           C:\WINDOWS\system32\drivers\tbhsd.sys
08:59:38.0531 0x1040  tbhsd - ok
08:59:38.0765 0x1040  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:59:38.0921 0x1040  Tcpip - ok
08:59:39.0000 0x1040  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
08:59:39.0015 0x1040  TDPIPE - ok
08:59:39.0062 0x1040  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
08:59:39.0078 0x1040  TDTCP - ok
08:59:39.0125 0x1040  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
08:59:39.0140 0x1040  TermDD - ok
08:59:39.0312 0x1040  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
08:59:39.0437 0x1040  TermService - ok
08:59:39.0562 0x1040  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
08:59:39.0625 0x1040  Themes - ok
08:59:39.0703 0x1040  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
08:59:39.0781 0x1040  TlntSvr - ok
08:59:39.0828 0x1040  TosIde - ok
08:59:39.0953 0x1040  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
08:59:40.0015 0x1040  TrkWks - ok
08:59:40.0140 0x1040  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
08:59:40.0171 0x1040  Udfs - ok
08:59:40.0250 0x1040  UIUSys - ok
08:59:40.0296 0x1040  ultra - ok
08:59:40.0531 0x1040  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
08:59:40.0656 0x1040  Update - ok
08:59:40.0796 0x1040  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
08:59:40.0890 0x1040  upnphost - ok
08:59:40.0937 0x1040  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
08:59:40.0968 0x1040  UPS - ok
08:59:41.0109 0x1040  [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
08:59:41.0140 0x1040  USBAAPL - ok
08:59:41.0250 0x1040  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
08:59:41.0281 0x1040  usbaudio - ok
08:59:41.0375 0x1040  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:59:41.0390 0x1040  usbccgp - ok
08:59:41.0468 0x1040  [ 2825E0E294686A26506690059E1F437A, 58FA57DA9077312142237DC8ADB5371B291255E9806CE76DB09380D767BC4114 ] USBCCID         C:\WINDOWS\system32\DRIVERS\usbccid.sys
08:59:41.0468 0x1040  USBCCID - ok
08:59:41.0562 0x1040  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:59:41.0578 0x1040  usbehci - ok
08:59:41.0671 0x1040  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:59:41.0703 0x1040  usbhub - ok
08:59:41.0796 0x1040  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:59:41.0812 0x1040  usbprint - ok
08:59:41.0875 0x1040  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:59:41.0890 0x1040  usbscan - ok
08:59:41.0984 0x1040  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:59:42.0000 0x1040  USBSTOR - ok
08:59:42.0062 0x1040  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:59:42.0078 0x1040  usbuhci - ok
08:59:42.0187 0x1040  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
08:59:42.0234 0x1040  usbvideo - ok
08:59:42.0375 0x1040  [ BFA4AE30B3AC10E9223830BF103F5A3F, B576A00FF42574B7247FF9D92FF12B2AE7D525769F964C0E0411799982A2BD11 ] vcdrom          C:\Downloads\Microsoft\Virtual CD\VCdRom.sys
08:59:42.0390 0x1040  vcdrom - ok
08:59:42.0437 0x1040  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
08:59:42.0437 0x1040  VgaSave - ok
08:59:42.0484 0x1040  ViaIde - ok
08:59:42.0578 0x1040  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
08:59:42.0609 0x1040  VolSnap - ok
08:59:42.0812 0x1040  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
08:59:42.0953 0x1040  VSS - ok
08:59:43.0140 0x1040  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
08:59:43.0203 0x1040  W32Time - ok
08:59:43.0296 0x1040  [ DB3C22745C0DA4666F3BE31F1AF36B2F, 2FE9A0F157AF9FB3CA03B8D4E706213E63E388206A8C04EF4A84E0D7A364A3A6 ] W3SVC           C:\WINDOWS\system32\inetsrv\inetinfo.exe
08:59:43.0296 0x1040  W3SVC - ok
08:59:43.0343 0x1040  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:59:43.0359 0x1040  Wanarp - ok
08:59:43.0484 0x1040  [ 949B71704FD641F3CC058F498BBA6E3B, 175A70A7563AEEE6EB2833918989D47381CF2ED0FCCB897C61C61BA2937D9FBF ] WDBtnMgrSvc.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
08:59:43.0531 0x1040  WDBtnMgrSvc.exe - ok
08:59:43.0812 0x1040  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
08:59:44.0015 0x1040  Wdf01000 - ok
08:59:44.0062 0x1040  WDICA - ok
08:59:44.0156 0x1040  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
08:59:44.0187 0x1040  wdmaud - ok
08:59:44.0250 0x1040  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
08:59:44.0296 0x1040  WebClient - ok
08:59:44.0593 0x1040  [ BA6B6FB242A6BA4068C8B763063BEB63, 424324919D018033D93A19F30C8CACF4F88808A79EA17B35284EA02BA8A7DD27 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
08:59:44.0796 0x1040  winachsf - ok
08:59:45.0046 0x1040  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
08:59:45.0109 0x1040  winmgmt - ok
08:59:45.0140 0x1040  WinRing0_1_2_0 - ok
08:59:45.0687 0x1040  [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
08:59:46.0078 0x1040  WinRM - ok
08:59:46.0859 0x1040  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:59:47.0343 0x1040  wlidsvc - ok
08:59:47.0421 0x1040  wltrysvc - ok
08:59:47.0500 0x1040  [ 051B1BDECD6DEE18C771B5D5EC7F044D, E9D4870C7E4E6119B274CF788D564BE9C48EA63790F5D6A2E987EB6DF7C93200 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
08:59:47.0531 0x1040  WmdmPmSN - ok
08:59:47.0843 0x1040  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
08:59:48.0109 0x1040  Wmi - ok
08:59:48.0187 0x1040  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:59:48.0203 0x1040  WmiAcpi - ok
08:59:48.0328 0x1040  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:59:48.0375 0x1040  WmiApSrv - ok
08:59:48.0781 0x1040  [ 6BAB4DC65515A098505F8B3D01FB6FE5, 52AA14777920753A8AF76072216A266F5D0036F112F671E7104E1F4C04AE499E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
08:59:49.0156 0x1040  WMPNetworkSvc - ok
08:59:49.0562 0x1040  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:59:49.0812 0x1040  WPFFontCache_v0400 - ok
08:59:49.0953 0x1040  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:59:49.0968 0x1040  WS2IFSL - ok
08:59:50.0078 0x1040  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
08:59:50.0140 0x1040  wscsvc - ok
08:59:50.0250 0x1040  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:59:50.0265 0x1040  WSTCODEC - ok
08:59:50.0390 0x1040  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
08:59:50.0421 0x1040  wuauserv - ok
08:59:50.0531 0x1040  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:59:50.0562 0x1040  WudfPf - ok
08:59:50.0640 0x1040  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:59:50.0671 0x1040  WudfRd - ok
08:59:50.0750 0x1040  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
08:59:50.0796 0x1040  WudfSvc - ok
08:59:51.0031 0x1040  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
08:59:51.0250 0x1040  WZCSVC - ok
08:59:51.0343 0x1040  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
08:59:51.0406 0x1040  xmlprov - ok
08:59:51.0765 0x1040  ================ Scan global ===============================
08:59:51.0859 0x1040  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
08:59:52.0031 0x1040  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
08:59:52.0281 0x1040  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
08:59:52.0484 0x1040  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
08:59:52.0531 0x1040  [ Global ] - ok
08:59:52.0546 0x1040  ================ Scan MBR ==================================
08:59:52.0578 0x1040  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:59:53.0203 0x1040  \Device\Harddisk0\DR0 - ok
08:59:53.0203 0x1040  ================ Scan VBR ==================================
08:59:53.0234 0x1040  [ B37BA6840D5A34544BF385230DB75E23 ] \Device\Harddisk0\DR0\Partition1
08:59:53.0281 0x1040  \Device\Harddisk0\DR0\Partition1 - ok
08:59:53.0281 0x1040  ================ Scan generic autorun ======================
08:59:54.0281 0x1040  [ AD57A806630E750BDD4768DBFA7510B9, C782E104703F2C273EEBA5F03590B861FAA296959C633B93A2027CB1474FCE9D ] C:\WINDOWS\system32\WLTRAY.exe
08:59:55.0140 0x1040  Broadcom Wireless Manager UI - ok
08:59:55.0343 0x1040  [ BDF765B33972A95AE8B5C5262D5E1325, 4BC295116BC9ED3E6B6EB339CB28C400768908158C3F4DE4AA5D7954CF5E0E51 ] C:\Program Files\Apoint\Apoint.exe
08:59:55.0406 0x1040  Apoint - ok
08:59:55.0453 0x1040  BluetoothAuthenticationAgent - ok
08:59:55.0593 0x1040  [ 09E60B4FE341A94A300830C008907099, 5F07868953FAA8FFA9E6477F6BAC52DEEDF3EA4A3F8AF5B4E15878D8240223AB ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
08:59:55.0625 0x1040  APSDaemon - ok
08:59:56.0484 0x1040  [ 99B83118C7A82C329529F1E11D556D56, 38D0C866A43E1726B9A65372DE4E68FD47AC2599B9EF00BABF35667E8DC564AD ] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
08:59:57.0203 0x1040  OSSelectorReinstall - ok
08:59:57.0625 0x1040  [ 38E330A28E034CE632F218AD2AD6452B, A0394688DD698A315EB1A40B0278B660D6EBB47E150A760649204945B703F640 ] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
08:59:58.0031 0x1040  Trend Micro RUBotted V2.0 Beta - ok
08:59:58.0312 0x1040  [ 247FD3171B3E08CFCC8ACB540818CA15, 7F1195A40187C04CEE532B258421A3422AACA16BE54FD55F12966DC00FDBDCC4 ] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
08:59:58.0453 0x1040  IJNetworkScannerSelectorEX - ok
08:59:58.0921 0x1040  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
08:59:59.0250 0x1040  Adobe ARM - ok
08:59:59.0390 0x1040  [ 0EF0822810009D58118CCDFD098FA9F4, 9FAA263057898BCDBCB0A064C463F48D149474AA339A3C4C47626CC118750D2D ] C:\Program Files\iTunes\iTunesHelper.exe
08:59:59.0437 0x1040  iTunesHelper - ok
08:59:59.0640 0x1040  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files\QuickTime\QTTask.exe
08:59:59.0781 0x1040  QuickTime Task - ok
09:00:00.0281 0x1040  [ 5515EB5E3A8B073F66CFC697EB0D4B55, 308B2996AC15268D4D2B5AECD91E6B5BBEBB9A659AC0188C781B8E3E414923CD ] C:\Program Files\Microsoft ActiveSync\wcescomm.exe
09:00:00.0750 0x1040  H/PC Connection Agent - ok
09:00:00.0921 0x1040  [ 7C0AA66E6352337EF923BA8B3AEB099D, C5498B7CBB6D8359BBFFBF998CF903626780D494B6AB88FC5951A7DE576DA3F6 ] C:\Documents and Settings\Markie\Application Data\mjusbsp\cdloader2.exe
09:00:00.0937 0x1040  cdloader - ok
09:00:01.0265 0x1040  [ 7E966C68D1E177B3DAA156F9B8956853, 003D59DBB924623FC5C318C84BF97CDD1723AFA76A2286249CA223F4071E98B9 ] C:\Documents and Settings\Markie\Application Data\DirectLife\ALconnect\ALconnect.exe
09:00:01.0484 0x1040  ALconnect - ok
09:00:01.0578 0x1040  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
09:00:01.0578 0x1040  ctfmon.exe - ok
09:00:01.0812 0x1040  [ 400EE3DA80EC50DFFB192FFF0B1775BC, A85F985273CE04E80FB3C5BBEDEB04629FA7DB46C348104EDF1BD5C0B112F772 ] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
09:00:01.0953 0x1040  WinPatrol - ok
09:00:04.0500 0x1040  [ 796B7EA3D8D1677EBA3710EC60400748, 2AC9DA53F56B633A561078850D037807AC7A0D74C7B8E2F92F397EDF45574369 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
09:00:06.0781 0x1040  SUPERAntiSpyware - ok
09:00:07.0062 0x1040  [ 86F0D0B3A07C142C81DAB47E8495A822, DA214C967FFE0B3E2BBCE99E7330DBB74EB0BB7F21833FE689277109B0FF92B5 ] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
09:00:07.0109 0x1040  BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - ok
09:00:09.0625 0x1040  [ 9A8532814D2D709EF54839A1A573AD3B, 23F4324AAF95F0D8F53AF71012D3729180A541DDA45C8F078BAC398C2D0037FC ] C:\Program Files\ASUS\Download Master Utility\DM2.exe
09:00:11.0906 0x1040  Download Master - ok
09:00:13.0875 0x1040  [ D6E2ED7F1F7BE7CCB8676491BF950B57, CBF07EE746F2C27ACC532E83ADC43FBE954DC3C598C4333F13B1A7615AEA9AD5 ] C:\Documents and Settings\Markie\Local Settings\Application Data\Akamai\netsession_win.exe
09:00:15.0390 0x1040  Akamai NetSession Interface - ok
09:00:17.0515 0x1040  [ 805210C8DB11D5799E7172923959BF98, A8DCB8A6FDE5ED583D329D6D8A5979FFD3E844046335529BB2E81A5D310E5894 ] C:\Program Files\CCleaner\CCleaner.exe
09:00:19.0640 0x1040  CCleaner Monitoring - ok
09:00:19.0828 0x1040  DellSystemDetect - ok
09:00:19.0828 0x1040  DellSupport - ok
09:00:19.0875 0x1040  [ A366AB4A25812A9296020358C785C3B8, 63E2072683ABBB11D9CA875E04815878B873F33237EEBD215122987A5B4C72B0 ] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
09:00:19.0890 0x1040  NeroHomeFirstStart - ok
09:00:19.0937 0x1040  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
09:00:19.0953 0x1040  ctfmon.exe - ok
09:00:20.0000 0x1040  [ A366AB4A25812A9296020358C785C3B8, 63E2072683ABBB11D9CA875E04815878B873F33237EEBD215122987A5B4C72B0 ] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
09:00:20.0015 0x1040  NeroHomeFirstStart - ok
09:00:20.0046 0x1040  Waiting for KSN requests completion. In queue: 3
09:00:21.0265 0x1040  AV detected via SS1: avast! Antivirus, 5.0.167774368, enabled, updated
09:00:21.0296 0x1040  Win FW state via NFM: enabled
09:00:21.0656 0x1040  ============================================================
09:00:21.0656 0x1040  Scan finished
09:00:21.0656 0x1040  ============================================================
09:00:21.0750 0x17d0  Detected object count: 0
09:00:21.0765 0x17d0  Actual detected object count: 0
 

Attached Files



#9 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 27 January 2015 - 06:50 PM

nasdaq,

 

Attachment error on my previous. MBR.dat renamed as MBR.txt because the portal wouldn't let me attach a .dat file.

Attached Files

  • Attached File  MBR.txt   512bytes   0 downloads


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 AM

Posted 28 January 2015 - 09:27 AM

On a slow computer I can understand that the scan could take sometime.
On the good side your Master Boot record is clean.

Do you have the installation disk for this computer?

If yes then try this. Should a file need to be replaced you will be asked for the disk.

Follow the instructions on this page and run the SFC.EXE tool as suggested.

Keep me posted.

#11 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 28 January 2015 - 12:02 PM

nasdaq,

 

Clean MBR is encouraging.

 

I don't see a link in your last message. Considering how intrusive SFC can be, I just want to be sure I have clear instructions in order to minimize damage.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 AM

Posted 29 January 2015 - 09:24 AM

To do this simply go to the Run box on the Start Menu and type in:

sfc /scannow

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem.

In an ideal world that would be the end of the story... Any corrupt, missing or incorrect files would be replaced by this process.

However, things can go wrong and the following guide should help!

The #1 complaint with scannow sfc is that is sometimes asks for the original installation disc for Windows XP.

#13 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 01 February 2015 - 05:57 PM

nasdaq,

 

Took me a few days to back my machine up in case SFC cause any nasty results. I didn't sit here to watch, but it did on initial scan request my XP disc, which I inserted and left the test to run on it's own. I would check status about every 30 minutes, and after about 2 hours, the scan was done.

 

To be on the safe side, I am currently running Windows update to reinstall anything that was removed or needs to be updated from the sfc scan. I'll report back when this is complete, and/or advise of anything else you would recommned for me to do next. I have not sat at the machine long enough to determine if there is improved performance, besides any improvements the Windows Update will implement.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:47 AM

Posted 02 February 2015 - 08:46 AM

Hope everything goes well.

#15 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 AM

Posted 02 February 2015 - 09:04 AM

Thanks nasdaq!

 

Windows update only applied 1 update, and that was for a driver for my printer, so apparently whatever/if anything was changed it was negligible or had not been impacted by an update. Either that or with MS's dropping support for XP, has removed any capability to detect update needs for that OS.

 

CPU activity is down, running from 25-55%. But there still seems to be some sluggish response. As I type this, there is delay between when I type the letters and their display on the screen, something I don't recall occurring before.

 

Any other thoughts or directives of things to do/look at would be appreciated.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users