Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to remove Backdoor.Tidserv!inf on XP SP3


  • This topic is locked This topic is locked
14 replies to this topic

#1 donatojoe

donatojoe

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 03 February 2015 - 06:19 PM

My Norton Antivirus found Backdoor.Tidserv!inf on my laptop running XP SP3 and said that I manually have to remove it.  Any help is appreciated.



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:49 PM

Posted 04 February 2015 - 06:53 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 donatojoe

donatojoe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 04 February 2015 - 02:03 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015
Ran by muttman (administrator) on YOUR-0CDC4F5844 on 04-02-2015 11:58:13
Running from F:\
Loaded Profiles: muttman (Available profiles: El Syd & muttman & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqtgsvc.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [RecGuard] => C:\Windows\SMINST\RecGuard.exe [1187840 2005-10-11] ()
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Cpqset] => C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [40960 2006-05-30] ()
HKU\S-1-5-21-2919299021-1752564192-30280018-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-2919299021-1752564192-30280018-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Vongo Tray.lnk
ShortcutTarget: Vongo Tray.lnk -> C:\Program Files\Vongo\Tray.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
ShortcutTarget: AutoUpdate Monitor.lnk -> C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk
ShortcutTarget: Vongo Tray.lnk -> C:\Program Files\Vongo\Tray.exe (No File)
Startup: C:\Documents and Settings\Syd Moore\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKU\S-1-5-21-2919299021-1752564192-30280018-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-2919299021-1752564192-30280018-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2919299021-1752564192-30280018-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=pavilion&pf=laptop
SearchScopes: HKU\S-1-5-21-2919299021-1752564192-30280018-1006 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=US&ver=2014&locale=en_US&gct=sb&qsrc=2869
BHO: Yahoo! Toolbar Helper -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: CNavExtBho Class -> {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -> c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll No File
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2919299021-1752564192-30280018-1006 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-2919299021-1752564192-30280018-1006 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\muttman\Application Data\Mozilla\Firefox\Profiles\hs55izim.default
FF DefaultSearchEngine: eBay
FF SelectedSearchEngine: eBay
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll (CNN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npViewpoint.dll ()
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2015-02-04]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2015-02-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-12] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
R2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-05-18] (Hewlett-Packard Company) [File not signed]
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2009-06-22] (Microsoft Corporation) [File not signed]
R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2009-06-22] (Microsoft Corporation) [File not signed]
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-05] (Symantec Corporation)
S3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 5U870CAP_VID_1262&PID_25FD; C:\WINDOWS\System32\Drivers\5U870CAP.sys [61952 2006-06-06] (Ricoh)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-19] (Advanced Micro Devices)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [429184 2006-04-28] (Broadcom Corporation)
R1 BHDrvx86; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys [1164504 2015-01-06] (Symantec Corporation)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [57320 2006-05-12] (Broadcom Corporation.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ccSet_NAV; C:\WINDOWS\system32\drivers\NAV\1506000.020\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\WINDOWS\system32\drivers\NST\7DE06000.01B\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
R1 eabfiltr; C:\WINDOWS\System32\DRIVERS\eabfiltr.sys [7808 2005-09-19] (Hewlett-Packard Development Company, L.P.)
S3 eabusb; C:\WINDOWS\System32\DRIVERS\eabusb.sys [5760 2005-09-19] (Hewlett-Packard Development Company, L.P.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2015-02-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2015-02-03] (Symantec Corporation)
R3 HdAudAddService; C:\WINDOWS\System32\drivers\CHDAud.sys [572928 2006-06-01] (Conexant Systems Inc.)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [208000 2006-04-19] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [995712 2006-04-19] (Conexant Systems, Inc.)
S4 iaStor; C:\WINDOWS\system32\DRIVERS\iaStor.sys [874240 2005-10-13] (Intel Corporation) [File not signed]
R3 IDSxpx86; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20150131.003\IDSxpx86.sys [475792 2015-01-31] (Symantec Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [91776 2009-06-22] (Microsoft Corporation) [File not signed]
R3 NAVENG; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150203.034\NAVENG.SYS [95704 2015-02-03] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150203.034\NAVEX15.SYS [1636696 2015-02-03] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [99584 2006-01-26] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34176 2006-03-02] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13056 2006-03-02] (NVIDIA Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-06-20] (Sonic Solutions) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NAV\1506000.020\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NAV\1506000.020\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NAV\1506000.020\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NAV\1506000.020\SYMEFA.SYS [936152 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2015-02-03] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NAV\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\NAV\1506000.020\SYMTDI.SYS [423256 2014-08-25] (Symantec Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 11:57 - 2015-02-04 11:58 - 00000000 ____D () C:\FRST
2015-02-04 10:14 - 2015-02-04 10:14 - 00001054 _____ () C:\WINDOWS\medblker.Log
2015-02-04 10:14 - 2015-02-04 10:14 - 00000233 _____ () C:\WINDOWS\wmsetup.log
2015-02-04 10:14 - 2015-02-04 10:14 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-02-04 10:14 - 2015-02-04 10:14 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-02-04 09:55 - 2015-02-04 09:55 - 00043275 _____ () C:\WINDOWS\KB2387149.log
2015-02-04 09:55 - 2015-02-04 09:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2015-02-04 09:55 - 2015-02-04 09:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2015-02-04 09:55 - 2015-02-04 09:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2659262$
2015-02-04 09:55 - 2015-02-04 09:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2387149$
2015-02-04 09:54 - 2015-02-04 09:55 - 00040692 _____ () C:\WINDOWS\KB2659262.log
2015-02-04 09:54 - 2015-02-04 09:54 - 00040065 _____ () C:\WINDOWS\KB2564958.log
2015-02-04 09:54 - 2015-02-04 09:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2619340$
2015-02-04 09:54 - 2015-02-04 09:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2015-02-04 09:50 - 2015-02-04 09:50 - 00039141 _____ () C:\WINDOWS\KB2934207.log
2015-02-04 09:50 - 2015-02-04 09:50 - 00038669 _____ () C:\WINDOWS\KB2834886.log
2015-02-04 09:50 - 2015-02-04 09:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2015-02-04 09:50 - 2015-02-04 09:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2015-02-04 09:50 - 2015-02-04 09:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2015-02-04 09:50 - 2015-02-04 09:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2544893-v2$
2015-02-04 09:50 - 2015-02-04 09:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478971$
2015-02-04 09:50 - 2015-02-04 09:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2015-02-04 09:49 - 2015-02-04 09:50 - 00041167 _____ () C:\WINDOWS\KB2536276-v2.log
2015-02-04 09:49 - 2015-02-04 09:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2536276-v2$
2015-02-04 09:49 - 2015-02-04 09:49 - 00039194 _____ () C:\WINDOWS\KB2964358-IE8.log
2015-02-04 09:49 - 2015-02-04 09:49 - 00038188 _____ () C:\WINDOWS\KB2296011.log
2015-02-04 09:49 - 2015-02-04 09:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2631813$
2015-02-04 09:49 - 2015-02-04 09:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2585542$
2015-02-04 09:49 - 2015-02-04 09:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2296011$
2015-02-04 09:48 - 2015-02-04 09:48 - 00039250 _____ () C:\WINDOWS\KB975558.log
2015-02-04 09:48 - 2015-02-04 09:48 - 00037542 _____ () C:\WINDOWS\KB2900986.log
2015-02-04 09:48 - 2015-02-04 09:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975558_WM8$
2015-02-04 09:48 - 2015-02-04 09:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2015-02-04 09:48 - 2015-02-04 09:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2015-02-04 09:48 - 2015-02-04 09:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2015-02-04 09:48 - 2015-02-04 09:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2115168$
2015-02-04 09:41 - 2015-02-04 09:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-04 09:39 - 2015-02-04 09:39 - 00039159 _____ () C:\WINDOWS\KB2378111.log
2015-02-04 09:39 - 2015-02-04 09:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2378111_WM9$
2015-02-04 09:38 - 2015-02-04 09:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951978$
2015-02-04 09:38 - 2015-02-04 09:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2655992$
2015-02-04 09:38 - 2015-02-04 09:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2443105$
2015-02-04 09:37 - 2015-02-04 09:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2015-02-04 09:37 - 2015-02-04 09:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$
2015-02-04 09:37 - 2015-02-04 09:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2485663$
2015-02-04 09:37 - 2015-02-04 09:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2481109$
2015-02-04 09:36 - 2015-02-04 09:37 - 00039163 _____ () C:\WINDOWS\KB2485663.log
2015-02-04 09:36 - 2015-02-04 09:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2598479$
2015-02-04 09:31 - 2015-02-04 09:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2015-02-04 09:25 - 2015-02-04 09:26 - 00039249 _____ () C:\WINDOWS\KB2686509.log
2015-02-04 09:25 - 2015-02-04 09:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2015-02-04 09:23 - 2015-02-04 09:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982132$
2015-02-04 09:22 - 2015-02-04 09:22 - 00037215 _____ () C:\WINDOWS\KB2862335.log
2015-02-04 09:22 - 2015-02-04 09:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2015-02-04 09:22 - 2015-02-04 09:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2015-02-04 09:22 - 2015-02-04 09:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2507938$
2015-02-04 09:21 - 2015-02-04 09:21 - 00036633 _____ () C:\WINDOWS\KB2904266.log
2015-02-04 09:21 - 2015-02-04 09:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2015-02-04 09:20 - 2015-02-04 09:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2015-02-04 09:20 - 2015-02-04 09:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2347290$
2015-02-04 09:19 - 2015-02-04 09:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979687$
2015-02-04 09:19 - 2015-02-04 09:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2483185$
2015-02-04 09:18 - 2015-02-04 09:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2015-02-04 09:18 - 2015-02-04 09:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2015-02-04 09:17 - 2015-02-04 09:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2719985$
2015-02-04 09:15 - 2015-02-04 09:15 - 00028615 _____ () C:\WINDOWS\KB2592799.log
2015-02-04 09:15 - 2015-02-04 09:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2015-02-04 09:15 - 2015-02-04 09:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2015-02-04 09:15 - 2015-02-04 09:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2592799$
2015-02-04 09:14 - 2015-02-04 09:14 - 00028690 _____ () C:\WINDOWS\KB2535512.log
2015-02-04 09:14 - 2015-02-04 09:14 - 00024125 _____ () C:\WINDOWS\KB2834905-v2.log
2015-02-04 09:14 - 2015-02-04 09:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2015-02-04 09:14 - 2015-02-04 09:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2015-02-04 09:14 - 2015-02-04 09:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2015-02-04 09:14 - 2015-02-04 09:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834905-v2_MCEUR2$
2015-02-04 09:14 - 2015-02-04 09:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$
2015-02-04 09:13 - 2015-02-04 09:13 - 00027875 _____ () C:\WINDOWS\KB2807986.log
2015-02-04 09:13 - 2015-02-04 09:13 - 00027176 _____ () C:\WINDOWS\KB2570947.log
2015-02-04 09:13 - 2015-02-04 09:13 - 00025879 _____ () C:\WINDOWS\KB2868038.log
2015-02-04 09:13 - 2015-02-04 09:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2015-02-04 09:13 - 2015-02-04 09:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2015-02-04 09:13 - 2015-02-04 09:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2015-02-04 09:13 - 2015-02-04 09:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2742607$
2015-02-04 09:13 - 2015-02-04 09:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2570947$
2015-02-04 09:12 - 2015-02-04 09:13 - 00033590 _____ () C:\WINDOWS\KB2742607.log
2015-02-04 09:12 - 2015-02-04 09:12 - 00026691 _____ () C:\WINDOWS\KB2603381.log
2015-02-04 09:12 - 2015-02-04 09:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2015-02-04 09:12 - 2015-02-04 09:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
2015-02-04 09:12 - 2015-02-04 09:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2653956$
2015-02-04 09:12 - 2015-02-04 09:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2015-02-04 09:12 - 2015-02-04 09:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2508429$
2015-02-04 09:12 - 2015-02-04 09:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2419632$
2015-02-04 09:11 - 2015-02-04 09:11 - 00020049 _____ () C:\WINDOWS\KB2698365.log
2015-02-04 09:11 - 2015-02-04 09:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971029$
2015-02-04 09:11 - 2015-02-04 09:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2015-02-04 09:11 - 2015-02-04 09:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2015-02-04 09:11 - 2015-02-04 09:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219-v2$
2015-02-04 09:11 - 2015-02-04 09:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2015-02-04 09:11 - 2015-02-04 09:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2506212$
2015-02-04 09:10 - 2015-02-04 09:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2015-02-04 09:10 - 2015-02-04 09:10 - 00017635 _____ () C:\WINDOWS\KB981997.log
2015-02-04 09:10 - 2015-02-04 09:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981997$
2015-02-04 09:08 - 2015-02-04 09:09 - 00017919 _____ () C:\WINDOWS\KB2723135-v2.log
2015-02-04 09:08 - 2015-02-04 09:08 - 00019790 _____ () C:\WINDOWS\KB2904878.log
2015-02-04 09:08 - 2015-02-04 09:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904878$
2015-02-04 09:08 - 2015-02-04 09:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2015-02-04 09:08 - 2015-02-04 09:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2015-02-04 09:08 - 2015-02-04 09:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2015-02-04 09:07 - 2015-02-04 09:54 - 00018173 _____ () C:\WINDOWS\updspapi.log
2015-02-04 09:07 - 2015-02-04 09:07 - 00013601 _____ () C:\WINDOWS\KB2909210-IE8.log
2015-02-04 09:07 - 2015-02-04 09:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2015-02-04 09:07 - 2015-02-04 09:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2509553$
2015-02-04 09:06 - 2015-02-04 09:07 - 00015970 _____ () C:\WINDOWS\KB2936068-IE8.log
2015-02-04 09:06 - 2015-02-04 09:06 - 00013016 _____ () C:\WINDOWS\KB2393802.log
2015-02-04 09:06 - 2015-02-04 09:06 - 00011758 _____ () C:\WINDOWS\KB2510531-IE8.log
2015-02-04 09:06 - 2015-02-04 09:06 - 00010707 _____ () C:\WINDOWS\KB2566454.log
2015-02-04 09:06 - 2015-02-04 09:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982665$
2015-02-04 09:06 - 2015-02-04 09:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2620712$
2015-02-04 09:06 - 2015-02-04 09:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2566454$
2015-02-04 09:06 - 2015-02-04 09:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478960$
2015-02-04 09:06 - 2015-02-04 09:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2393802$
2015-02-04 09:05 - 2015-02-04 10:14 - 00050472 _____ () C:\WINDOWS\MedCtrOC.log
2015-02-04 09:05 - 2015-02-04 10:14 - 00003358 _____ () C:\WINDOWS\spupdsvc.log
2015-02-04 09:05 - 2015-02-04 09:55 - 00593507 _____ () C:\WINDOWS\iis6.log
2015-02-04 09:05 - 2015-02-04 09:55 - 00562628 _____ () C:\WINDOWS\FaxSetup.log
2015-02-04 09:05 - 2015-02-04 09:55 - 00268996 _____ () C:\WINDOWS\ocgen.log
2015-02-04 09:05 - 2015-02-04 09:55 - 00256711 _____ () C:\WINDOWS\tsoc.log
2015-02-04 09:05 - 2015-02-04 09:55 - 00186336 _____ () C:\WINDOWS\comsetup.log
2015-02-04 09:05 - 2015-02-04 09:55 - 00143172 _____ () C:\WINDOWS\msmqinst.log
2015-02-04 09:05 - 2015-02-04 09:55 - 00112947 _____ () C:\WINDOWS\ntdtcsetup.log
2015-02-04 09:05 - 2015-02-04 09:55 - 00098553 _____ () C:\WINDOWS\netfxocm.log
2015-02-04 09:05 - 2015-02-04 09:55 - 00062699 _____ () C:\WINDOWS\plusoc.log
2015-02-04 09:05 - 2015-02-04 09:55 - 00031122 _____ () C:\WINDOWS\ocmsn.log
2015-02-04 09:05 - 2015-02-04 09:55 - 00030758 _____ () C:\WINDOWS\ehOCGen.log
2015-02-04 09:05 - 2015-02-04 09:55 - 00028301 _____ () C:\WINDOWS\tabletoc.log
2015-02-04 09:05 - 2015-02-04 09:55 - 00028119 _____ () C:\WINDOWS\msgsocm.log
2015-02-04 09:05 - 2015-02-04 09:55 - 00001355 _____ () C:\WINDOWS\imsins.log
2015-02-04 09:05 - 2015-02-04 09:55 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2015-02-04 09:05 - 2015-02-04 09:05 - 00010499 _____ () C:\WINDOWS\KB2661637.log
2015-02-04 09:05 - 2015-02-04 09:05 - 00009079 _____ () C:\WINDOWS\KB2628259.log
2015-02-04 09:05 - 2015-02-04 09:05 - 00008306 _____ () C:\WINDOWS\KB2914368.log
2015-02-04 09:05 - 2015-02-04 09:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2015-02-04 09:05 - 2015-02-04 09:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2661637$
2015-02-04 09:05 - 2015-02-04 09:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2628259$
2015-02-04 09:05 - 2015-02-04 09:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$
2015-02-04 09:05 - 2015-02-04 09:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2423089$
2015-02-04 09:05 - 2015-02-04 09:05 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-04 09:05 - 2015-02-04 09:05 - 00000000 _____ () C:\WINDOWS\setupact.log
2015-02-04 09:04 - 2015-02-04 09:05 - 00010668 _____ () C:\WINDOWS\KB2423089.log
2015-02-03 17:03 - 2015-02-04 09:55 - 00051561 _____ () C:\WINDOWS\KB2712808.log
2015-02-03 17:03 - 2015-02-04 09:55 - 00049611 _____ () C:\WINDOWS\KB2922229.log
2015-02-03 17:03 - 2015-02-04 09:50 - 00050018 _____ () C:\WINDOWS\KB2478971.log
2015-02-03 17:03 - 2015-02-04 09:50 - 00049381 _____ () C:\WINDOWS\KB2544893-v2.log
2015-02-03 17:03 - 2015-02-04 09:50 - 00048305 _____ () C:\WINDOWS\KB2916036.log
2015-02-03 17:03 - 2015-02-04 09:04 - 00008003 _____ () C:\WINDOWS\KB2868626.log
2015-02-03 17:03 - 2014-02-25 18:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2015-02-03 17:03 - 2014-02-25 18:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2015-02-03 17:03 - 2010-09-17 23:53 - 00954368 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mfc40.dll
2015-02-03 17:03 - 2010-09-17 23:53 - 00953856 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mfc40u.dll
2015-02-03 17:02 - 2015-02-04 09:50 - 00049586 _____ () C:\WINDOWS\KB2345886.log
2015-02-03 17:02 - 2015-02-04 09:49 - 00049323 _____ () C:\WINDOWS\KB2585542.log
2015-02-03 17:02 - 2015-02-04 09:49 - 00049142 _____ () C:\WINDOWS\KB2691442.log
2015-02-03 17:02 - 2015-02-04 09:49 - 00048651 _____ () C:\WINDOWS\KB2631813.log
2015-02-03 17:02 - 2015-02-04 09:48 - 00047861 _____ () C:\WINDOWS\KB2115168.log
2015-02-03 17:02 - 2015-02-04 09:48 - 00045906 _____ () C:\WINDOWS\KB2847311.log
2015-02-03 17:02 - 2015-02-04 09:39 - 00048633 _____ () C:\WINDOWS\KB951978.log
2015-02-03 17:02 - 2015-02-04 09:38 - 00048018 _____ () C:\WINDOWS\KB2655992.log
2015-02-03 17:02 - 2015-02-04 09:38 - 00047687 _____ () C:\WINDOWS\KB2443105.log
2015-02-03 17:02 - 2015-02-04 09:37 - 00047316 _____ () C:\WINDOWS\KB2802968.log
2015-02-03 17:02 - 2010-08-23 09:12 - 00617472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\comctl32.dll
2015-02-03 17:01 - 2015-02-04 09:37 - 00048300 _____ () C:\WINDOWS\KB2481109.log
2015-02-03 17:01 - 2015-02-04 09:37 - 00045359 _____ () C:\WINDOWS\KB2898715.log
2015-02-03 17:01 - 2015-02-04 09:36 - 00047375 _____ () C:\WINDOWS\KB2598479.log
2015-02-03 17:01 - 2015-02-04 09:33 - 00044032 _____ () C:\WINDOWS\KB2929961.log
2015-02-03 17:01 - 2015-02-04 09:24 - 00046012 _____ () C:\WINDOWS\KB982132.log
2015-02-03 17:01 - 2015-02-04 09:22 - 00045895 _____ () C:\WINDOWS\KB2780091.log
2015-02-03 17:01 - 2015-02-04 09:22 - 00045835 _____ () C:\WINDOWS\KB2507938.log
2015-02-03 17:01 - 2015-02-04 09:20 - 00046355 _____ () C:\WINDOWS\KB2483185.log
2015-02-03 17:01 - 2015-02-04 09:20 - 00044123 _____ () C:\WINDOWS\KB2876217.log
2015-02-03 17:01 - 2015-02-04 09:19 - 00045761 _____ () C:\WINDOWS\KB979687.log
2015-02-03 17:01 - 2015-02-04 09:19 - 00042801 _____ () C:\WINDOWS\KB2930275.log
2015-02-03 17:01 - 2015-02-04 09:18 - 00042311 _____ () C:\WINDOWS\KB2864063.log
2015-02-03 17:01 - 2015-02-04 09:17 - 00044182 _____ () C:\WINDOWS\KB2719985.log
2015-02-03 17:01 - 2015-02-04 09:16 - 00033506 _____ () C:\WINDOWS\KB2862152.log
2015-02-03 17:01 - 2013-07-02 19:12 - 00025088 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2015-02-03 16:59 - 2015-02-04 09:14 - 00032882 _____ () C:\WINDOWS\KB2850869.log
2015-02-03 16:58 - 2015-02-04 09:14 - 00033238 _____ () C:\WINDOWS\KB2859537.log
2015-02-03 16:58 - 2015-02-04 09:14 - 00032269 _____ () C:\WINDOWS\KB2876331.log
2015-02-03 16:58 - 2015-02-04 09:13 - 00034074 _____ () C:\WINDOWS\KB2820917.log
2015-02-03 16:58 - 2013-07-16 17:58 - 00123008 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2015-02-03 16:58 - 2013-07-16 17:58 - 00060160 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2015-02-03 16:58 - 2013-07-16 17:58 - 00046848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2015-02-03 16:58 - 2013-02-11 17:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2015-02-03 16:58 - 2013-02-11 17:32 - 00012928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys
2015-02-03 16:58 - 2011-04-21 06:37 - 00105472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mup.sys
2015-02-03 16:57 - 2015-02-04 09:12 - 00034659 _____ () C:\WINDOWS\KB2419632.log
2015-02-03 16:57 - 2015-02-04 09:12 - 00033261 _____ () C:\WINDOWS\KB2757638.log
2015-02-03 16:57 - 2015-02-04 09:12 - 00031263 _____ () C:\WINDOWS\KB2893294.log
2015-02-03 16:57 - 2015-02-04 09:12 - 00027927 _____ () C:\WINDOWS\KB2508429.log
2015-02-03 16:57 - 2015-02-04 09:12 - 00027196 _____ () C:\WINDOWS\KB2653956.log
2015-02-03 16:57 - 2015-02-04 09:11 - 00026798 _____ () C:\WINDOWS\KB2749655.log
2015-02-03 16:56 - 2015-02-04 09:11 - 00026445 _____ () C:\WINDOWS\KB971029.log
2015-02-03 16:56 - 2015-02-04 09:11 - 00025112 _____ () C:\WINDOWS\KB2506212.log
2015-02-03 16:56 - 2015-02-04 09:11 - 00024855 _____ () C:\WINDOWS\KB2705219-v2.log
2015-02-03 16:56 - 2015-02-04 09:11 - 00023209 _____ () C:\WINDOWS\KB2727528.log
2015-02-03 16:56 - 2015-02-04 09:11 - 00022609 _____ () C:\WINDOWS\KB2892075.log
2015-02-03 16:56 - 2015-02-04 09:07 - 00024346 _____ () C:\WINDOWS\KB2509553.log
2015-02-03 16:56 - 2013-08-08 17:55 - 00144128 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2015-02-03 16:56 - 2013-08-08 17:55 - 00005376 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2015-02-03 16:56 - 2012-07-04 07:05 - 00139784 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rdpwd.sys
2015-02-03 16:56 - 2012-05-28 11:16 - 00536576 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msado15.dll
2015-02-03 16:56 - 2009-03-18 04:02 - 00030336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2015-02-03 16:55 - 2015-02-04 09:08 - 00024551 _____ () C:\WINDOWS\KB2813345.log
2015-02-03 16:55 - 2015-02-04 09:07 - 00025226 _____ () C:\WINDOWS\KB2676562.log
2015-02-03 16:55 - 2014-03-06 10:59 - 00522240 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2015-02-03 16:54 - 2015-02-04 09:06 - 00016586 _____ () C:\WINDOWS\KB982665.log
2015-02-03 16:54 - 2015-02-04 09:06 - 00016132 _____ () C:\WINDOWS\KB2620712.log
2015-02-03 16:54 - 2013-11-27 13:21 - 00040960 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndproxy.sys
2015-02-03 16:54 - 2012-01-11 12:06 - 00003072 ____N () C:\WINDOWS\system32\iacenc.dll
2015-02-03 16:54 - 2012-01-11 12:06 - 00003072 ____N () C:\WINDOWS\system32\dllcache\iacenc.dll
2015-02-03 16:54 - 2011-07-08 07:02 - 00010496 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndistapi.sys
2015-02-03 16:53 - 2015-02-04 09:05 - 00015657 _____ () C:\WINDOWS\KB2584146.log
2015-02-03 16:53 - 2010-10-11 07:59 - 00045568 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wab.exe
2015-02-03 14:01 - 2015-02-04 09:15 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NST
2015-02-03 14:01 - 2015-02-03 14:34 - 00001885 _____ () C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
2015-02-03 14:01 - 2015-02-03 14:01 - 00142936 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2015-02-03 14:01 - 2015-02-03 14:01 - 00008194 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT.CAT
2015-02-03 14:01 - 2015-02-03 14:01 - 00000000 ____D () C:\Program Files\Symantec
2015-02-03 14:01 - 2015-02-03 14:01 - 00000000 ____D () C:\Program Files\Norton Identity Safe
2015-02-03 14:01 - 2015-02-03 14:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Identity Safe
2015-02-03 14:01 - 2015-02-03 14:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NCOTEMP
2015-02-03 13:59 - 2015-02-03 14:34 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NAV
2015-02-03 13:59 - 2015-02-03 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
2015-02-03 13:59 - 2015-02-03 13:59 - 00000000 ____D () C:\Program Files\Norton AntiVirus
2015-02-03 13:47 - 2015-02-03 14:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2015-02-03 13:47 - 2015-02-03 13:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCSettings
2015-02-03 13:31 - 2015-02-03 13:31 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-03 13:31 - 2015-02-03 13:31 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-02-03 13:31 - 2015-02-03 13:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-03 11:03 - 2015-02-03 11:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-02-03 11:03 - 2015-02-03 11:03 - 00000000 ____D () C:\Documents and Settings\muttman\Local Settings\Application Data\MFAData
2015-02-03 11:03 - 2015-02-03 11:03 - 00000000 ____D () C:\Documents and Settings\muttman\Local Settings\Application Data\Avg2015
2015-02-03 10:40 - 2015-02-04 11:53 - 00060486 _____ () C:\WINDOWS\setupapi.log
2015-02-03 10:35 - 2015-02-03 10:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-02-03 09:33 - 2015-02-03 16:24 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-03 09:31 - 2015-02-03 09:31 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-03 09:31 - 2015-02-03 09:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-03 09:31 - 2015-02-03 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-03 09:31 - 2015-02-03 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-02-03 09:31 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-03 09:31 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-03 09:23 - 2015-02-03 09:24 - 00000000 ____D () C:\Program Files\Defraggler
2015-02-03 09:23 - 2015-02-03 09:23 - 00001580 _____ () C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
2015-02-03 09:23 - 2015-02-03 09:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
2015-02-03 09:16 - 2015-02-03 09:16 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-02-03 09:16 - 2015-02-03 09:16 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-03 09:16 - 2015-02-03 09:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-02-03 09:02 - 2015-02-03 11:14 - 00002481 _____ () C:\Documents and Settings\muttman\Desktop\Microsoft Excel.lnk
2015-02-03 09:02 - 2015-02-03 11:14 - 00002469 _____ () C:\Documents and Settings\muttman\Desktop\Microsoft PowerPoint.lnk
2015-02-03 09:02 - 2015-02-03 11:13 - 00002483 _____ () C:\Documents and Settings\muttman\Desktop\Microsoft Word.lnk
2015-02-03 08:59 - 2015-02-03 08:59 - 00002046 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
2015-02-03 08:59 - 2015-02-03 08:59 - 00002030 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-02-03 08:59 - 2015-02-03 08:59 - 00002022 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-02-03 08:59 - 2015-02-03 08:59 - 00002002 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
2015-02-03 08:59 - 2015-02-03 08:59 - 00002002 _____ () C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk
2015-02-03 08:59 - 2015-02-03 08:59 - 00001992 _____ () C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk
2015-02-03 08:59 - 2015-02-03 08:59 - 00000000 ____D () C:\Program Files\Microsoft ActiveSync
2015-02-03 08:59 - 2015-02-03 08:59 - 00000000 ____D () C:\Program Files\Common Files\Designer
2015-02-03 08:59 - 2015-02-03 08:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
2015-02-02 16:10 - 2015-02-03 08:59 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-02-02 16:08 - 2015-02-03 09:10 - 00000000 ____D () C:\Documents and Settings\muttman\Desktop\Unused Desktop Shortcuts
2015-02-02 16:04 - 2015-02-02 16:04 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2015-02-02 15:47 - 2015-02-02 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 11:58 - 2006-01-07 23:22 - 00000000 ____D () C:\Documents and Settings\muttman\Local Settings\Temp
2015-02-04 10:33 - 2006-06-29 11:27 - 00453442 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-04 10:32 - 2006-09-19 16:04 - 00000000 ____D () C:\Program Files\Common Files\LightScribe
2015-02-04 10:31 - 2006-06-29 12:18 - 01937656 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-04 10:14 - 2006-09-19 14:01 - 00051048 _____ () C:\WINDOWS\system32\nvapps.xml
2015-02-04 10:13 - 2006-06-29 12:18 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-04 10:13 - 2006-06-29 11:18 - 00254272 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-04 10:13 - 2006-06-29 04:04 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-04 10:13 - 2006-06-29 04:04 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-02-04 10:12 - 2006-06-29 12:18 - 00032328 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-04 10:11 - 2006-01-07 23:22 - 00000178 ___SH () C:\Documents and Settings\muttman\ntuser.ini
2015-02-04 09:55 - 2006-09-19 13:58 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2015-02-04 09:49 - 2010-10-09 21:43 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-02-04 09:21 - 2010-08-08 03:05 - 00010608 _____ () C:\WINDOWS\system32\TZLog.log
2015-02-04 09:10 - 2006-09-19 13:58 - 00000000 ____D () C:\Program Files\Movie Maker
2015-02-04 09:05 - 2006-09-19 13:58 - 00000000 ____D () C:\Program Files\Outlook Express
2015-02-03 16:48 - 2006-09-19 13:58 - 00000000 ____D () C:\WINDOWS\Help
2015-02-03 14:47 - 2008-08-27 10:07 - 00000000 ____D () C:\Documents and Settings\Syd Moore\Local Settings\Temp
2015-02-03 14:34 - 2006-09-19 13:58 - 00000000 ____D () C:\WINDOWS\Registration
2015-02-03 14:04 - 2006-09-19 15:13 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-02-03 13:36 - 2006-01-01 00:13 - 00000000 __HDC () C:\WINDOWS\$NtServicePackUninstall$
2015-02-03 13:31 - 2008-08-27 10:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-03 10:34 - 2006-09-19 15:05 - 00065296 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-02-03 10:26 - 2008-08-29 17:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946648$
2015-02-03 09:23 - 2006-01-01 03:54 - 00000000 ____D () C:\Program Files\Google
2015-02-03 09:18 - 2009-08-22 01:42 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-03 09:17 - 2006-01-07 23:22 - 00000000 ____D () C:\Documents and Settings\muttman
2015-02-03 09:09 - 2006-09-19 15:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\My HP Games
2015-02-03 09:00 - 2006-09-19 15:34 - 00000376 _____ () C:\WINDOWS\ODBC.INI
2015-02-03 09:00 - 2006-06-29 11:13 - 00000573 _____ () C:\WINDOWS\win.ini
2015-02-03 08:59 - 2006-09-19 13:58 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-02 16:10 - 2006-09-19 15:32 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-02 16:10 - 2006-09-19 13:58 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-02 16:08 - 2006-09-19 13:58 - 00000000 ____D () C:\WINDOWS\system
2015-02-02 16:07 - 2006-06-29 12:18 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-02 16:04 - 2006-09-19 15:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2015-02-02 16:04 - 2006-09-19 13:58 - 00000000 ____D () C:\WINDOWS\pchealth

==================== Files in the root of some directories =======

2006-01-07 23:22 - 2006-09-19 16:15 - 0000000 _____ () C:\Documents and Settings\muttman\Local Settings\Application Data\AtStart.txt
2006-01-07 23:22 - 2006-09-19 16:15 - 0000000 _____ () C:\Documents and Settings\muttman\Local Settings\Application Data\DSwitch.txt
2006-01-07 23:22 - 2006-09-19 15:05 - 0000136 _____ () C:\Documents and Settings\muttman\Local Settings\Application Data\fusioncache.dat
2006-01-07 23:22 - 2006-09-19 16:15 - 0000000 _____ () C:\Documents and Settings\muttman\Local Settings\Application Data\QSwitch.txt

Some content of TEMP:
====================
C:\Documents and Settings\El Syd\Local Settings\Temp\FP_PL_PFS_INSTALLER.exe
C:\Documents and Settings\El Syd\Local Settings\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih[1].exe
C:\Documents and Settings\El Syd\Local Settings\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih[1]_1.exe
C:\Documents and Settings\Syd Moore\Local Settings\Temp\drm_dyndata_7330012.dll
C:\Documents and Settings\Syd Moore\Local Settings\Temp\MFPL7014.DLL
C:\Documents and Settings\Syd Moore\Local Settings\Temp\mPlayer.cu.dll
C:\Documents and Settings\Syd Moore\Local Settings\Temp\progupd.dll
C:\Documents and Settings\Syd Moore\Local Settings\Temp\setup_wm.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-02-2015
Ran by muttman at 2015-02-04 11:59:31
Running from F:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton AntiVirus (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Reader 7.0.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70500000002}) (Version: 7.0.5 - Adobe Systems Incorporated)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )
BufferChm (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version:  - )
CP_AtenaShokunin1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_LightScribeConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Variety1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
cp_UpdateProjectsConfig (Version: 60.0.155.000 - Hewlett-Packard) Hidden
CueTour (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Destinations (Version: 60.0.155.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)
Easy Internet Sign-up (HKLM\...\InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}) (Version: FE UI-4.1.0.1680 - Hewlett-Packard)
Easy Internet Sign-up (Version: FE UI-4.1.0.1680 - Hewlett-Packard) Hidden
ESPNMotion (HKLM\...\ESPNMotion) (Version: 2.1.6.0011 - ESPN Internet Ventures)
Final Drive Nitro from Hewlett-Packard Laptops (remove only) (HKLM\...\320F055A-570F-4335-B026-16A836DB9549) (Version:  - WildTangent)
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version:  - )
HP Game Console and games (HKLM\...\HP Game Console) (Version:  - WildTangent)
HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 4.2.0012 - HPQ)
HP Imaging Device Functions 6.0 (HKLM\...\HP Imaging Device Functions) (Version: 6.0 - HP)
HP Photosmart Premier Software 6.0 (HKLM\...\HP Photo & Imaging) (Version: 6.0 - HP)
HP Quick Launch Buttons 6.10 A2 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.10 A2 - Hewlett-Packard Company)
HP QuickPlay 2.3 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP Rhapsody (HKLM\...\HP Rhapsody) (Version:  - )
HP Update (HKLM\...\{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}) (Version: 4.000.000.004 - Hewlett-Packard)
HP User Guides 0031 (HKLM\...\{13BCF6CB-2F54-4962-9B11-32F07048ACF3}) (Version: 1.06.0000 - HP)
HP Wireless Assistant 2.00 G2 (HKLM\...\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}) (Version: 2.00 G2 - Hewlett-Packard Company)
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
InstantShareDevices (Version: 60.0.155.000 - Hewlett-Packard) Hidden
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
LightScribe  1.4.97.1 (Version: 1.4.97.1 - http://www.lightscribe.com) Hidden
Macromedia Flash Player 8 (HKLM\...\{6815FCDD-401D-481E-BA88-31B4754C2B46}) (Version: 8.0.22.0 - Macromedia)
Macromedia Shockwave Player (HKLM\...\{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}) (Version: 10.1.1.016 - Macromedia, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft Money 2006 (HKLM\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office XP Professional with FrontPage (HKLM\...\{40280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2606.0 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 5.0 (HKLM\...\{FB09F05F-85C6-4205-B28D-5BF071D276C3}) (Version: 5.00.050 - muvee Technologies)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.37 - BVRP Software, Inc)
Norton AntiVirus (HKLM\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
Norton Identity Safe (HKLM\...\NST) (Version: 2014.6.0.27 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Office 2003 Trial Assistant (HKLM\...\{47D2103B-FD51-4017-9C20-DD408B17D726}) (Version: 1.0.0 - Microsoft)
OptionalContentQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
PhotoGallery (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Quicken 2006 (HKLM\...\{2818095F-FB6C-42C8-827E-0A406CC9AFF5}) (Version: 15.1.4.5 - Intuit)
RandMap (Version: 60.0.155.000 - Hewlett-Packard) Hidden
SkinsHP1 (Version: 60.0.155.000 - Hewlett-Packard) Hidden
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m) (Version:  - )
Sonic Audio Module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Sonic Solutions)
Sonic Copy Module (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Sonic Solutions)
Sonic Data Module (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Sonic Solutions)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.0.0 - Sonic Solutions)
Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.2.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (Version: 60.0.155.000 - Hewlett-Packard) Hidden
SonicAC3Encoder (HKLM\...\{52FBAE98-D389-4281-8C14-21B4046CCB4E}) (Version: 1.00.0000 - Sonic Solutions)
SonicMPEGEncoder (HKLM\...\{B16AF568-A644-483C-A6DA-5028CD019C8C}) (Version: 1.00.0000 - Sonic Solutions)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.23.0 - Synaptics)
TourSetup (HKLM\...\{A01FC76F-CC09-4658-9E37-5C2F635EE708}) (Version: 1.0.0 - Microsoft)
Unload (Version: 6.0.0 - Hewlett-Packard) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
Vongo (HKLM\...\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}) (Version: 1.31.02 - Starz)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (HKLM\...\WGA) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Connect (HKLM\...\WMCSetup) (Version:  - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB912067 (HKLM\...\KB912067) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB915381 (HKLM\...\KB915381) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wireless Home Network Setup (HKLM\...\{09D8492A-C8E2-421E-927D-46800FB327A3}) (Version: 1.1.153.2 - Hewlett-Packard)
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version:  - )
Yahoo! Toolbar for Internet Explorer (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32 -> c:\WINDOWS\system32\macromed\Director\SwDir.dll (Macromedia, Inc.)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-2919299021-1752564192-30280018-1006_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

==================== Restore Points  =========================

02-02-2015 16:03:58 Removed Microsoft Office Standard Edition 2003
02-02-2015 16:09:40 Installed Microsoft Office XP Professional with FrontPage
03-02-2015 09:05:41 Removed Office 2003 Trial Assistant
03-02-2015 09:07:09 Removed Vongo
04-02-2015 09:04:39 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-03-15 21:00 - 2006-03-15 21:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk => C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^El Syd^Start Menu^Programs^StartUp^OpenOffice.org 2.4.lnk => C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^El Syd^Start Menu^Programs^StartUp^Vongo Tray.lnk => C:\WINDOWS\pss\Vongo Tray.lnkStartup
MSCONFIG\startupreg: ccApp => "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
MSCONFIG\startupreg: Cpqset => C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: ehTray => C:\WINDOWS\ehome\ehtray.exe
MSCONFIG\startupreg: High Definition Audio Property Page Shortcut => CHDAudPropShortcut.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpWirelessAssistant => C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
MSCONFIG\startupreg: MsmqIntCert => regsvr32 /s mqrt.dll
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: nwiz => nwiz.exe /installquiet /nodetect
MSCONFIG\startupreg: QlbCtrl => %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QPService => "C:\Program Files\HP\QuickPlay\QPService.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2919299021-1752564192-30280018-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-2919299021-1752564192-30280018-1003 - Limited - Enabled)
El Syd (S-1-5-21-2919299021-1752564192-30280018-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\El Syd
Guest (S-1-5-21-2919299021-1752564192-30280018-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2919299021-1752564192-30280018-1004 - Limited - Disabled)
muttman (S-1-5-21-2919299021-1752564192-30280018-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\muttman
SUPPORT_388945a0 (S-1-5-21-2919299021-1752564192-30280018-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 01:35:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application NMain.exe, version 104.0.1.17, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/03/2015 10:44:12 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (02/03/2015 10:44:12 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (02/03/2015 10:43:21 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (02/03/2015 10:43:20 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (02/03/2015 10:32:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application NMain.exe, version 104.0.1.17, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/03/2015 08:57:56 AM) (Source: MsiInstaller) (EventID: 11305) (User: YOUR-0CDC4F5844)
Description: Product: Microsoft Office XP Professional with FrontPage -- Error 1305. Setup cannot read file E:\FILES\PFILES\MSOFFICE\OFFICE10\OUTLMIME.DLL.  Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see E:\FILES\PFILES\MSOFFICE\OFFICE10\1033\SETUP.HLP.

Error: (02/02/2015 04:48:03 PM) (Source: MsiInstaller) (EventID: 11305) (User: YOUR-0CDC4F5844)
Description: Product: Microsoft Office XP Professional with FrontPage -- Error 1305. Setup cannot read file E:\FILES\PFILES\MSOFFICE\OFFICE10\OUTLMIME.DLL.  Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see E:\FILES\PFILES\MSOFFICE\OFFICE10\1033\SETUP.HLP.

Error: (02/02/2015 04:43:04 PM) (Source: MsiInstaller) (EventID: 11305) (User: YOUR-0CDC4F5844)
Description: Product: Microsoft Office XP Professional with FrontPage -- Error 1305. Setup cannot read file E:\FILES\PFILES\MSOFFICE\OFFICE10\OUTLMIME.DLL.  Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see E:\FILES\PFILES\MSOFFICE\OFFICE10\1033\SETUP.HLP.

Error: (02/02/2015 04:38:09 PM) (Source: MsiInstaller) (EventID: 11305) (User: YOUR-0CDC4F5844)
Description: Product: Microsoft Office XP Professional with FrontPage -- Error 1305. Setup cannot read file E:\FILES\PFILES\MSOFFICE\OFFICE10\OUTLMIME.DLL.  Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see E:\FILES\PFILES\MSOFFICE\OFFICE10\1033\SETUP.HLP.

System errors:
=============
Error: (02/03/2015 01:37:25 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (02/03/2015 01:37:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AliIde
IntelIde
Pcmcia
ViaIde

Error: (02/03/2015 10:27:45 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AliIde
IntelIde
Pcmcia
ViaIde

Error: (02/03/2015 10:27:45 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (02/02/2015 04:52:55 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\CdRom0

Error: (02/02/2015 04:52:49 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\CdRom0

Error: (02/02/2015 04:52:43 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\CdRom0

Error: (02/02/2015 04:52:37 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\CdRom0

Error: (02/02/2015 04:52:31 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\CdRom0

Error: (02/02/2015 04:52:25 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\CdRom0

Microsoft Office Sessions:
=========================
Error: (02/03/2015 01:35:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NMain.exe104.0.1.17hungapp0.0.0.000000000

Error: (02/03/2015 10:44:12 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (02/03/2015 10:44:12 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

Error: (02/03/2015 10:43:21 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (02/03/2015 10:43:20 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

Error: (02/03/2015 10:32:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NMain.exe104.0.1.17hungapp0.0.0.000000000

Error: (02/03/2015 08:57:56 AM) (Source: MsiInstaller) (EventID: 11305) (User: YOUR-0CDC4F5844)
Description: Product: Microsoft Office XP Professional with FrontPage -- Error 1305. Setup cannot read file E:\FILES\PFILES\MSOFFICE\OFFICE10\OUTLMIME.DLL.  Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see E:\FILES\PFILES\MSOFFICE\OFFICE10\1033\SETUP.HLP.(NULL)(NULL)(NULL)

Error: (02/02/2015 04:48:03 PM) (Source: MsiInstaller) (EventID: 11305) (User: YOUR-0CDC4F5844)
Description: Product: Microsoft Office XP Professional with FrontPage -- Error 1305. Setup cannot read file E:\FILES\PFILES\MSOFFICE\OFFICE10\OUTLMIME.DLL.  Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see E:\FILES\PFILES\MSOFFICE\OFFICE10\1033\SETUP.HLP.(NULL)(NULL)(NULL)

Error: (02/02/2015 04:43:04 PM) (Source: MsiInstaller) (EventID: 11305) (User: YOUR-0CDC4F5844)
Description: Product: Microsoft Office XP Professional with FrontPage -- Error 1305. Setup cannot read file E:\FILES\PFILES\MSOFFICE\OFFICE10\OUTLMIME.DLL.  Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see E:\FILES\PFILES\MSOFFICE\OFFICE10\1033\SETUP.HLP.(NULL)(NULL)(NULL)

Error: (02/02/2015 04:38:09 PM) (Source: MsiInstaller) (EventID: 11305) (User: YOUR-0CDC4F5844)
Description: Product: Microsoft Office XP Professional with FrontPage -- Error 1305. Setup cannot read file E:\FILES\PFILES\MSOFFICE\OFFICE10\OUTLMIME.DLL.  Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see E:\FILES\PFILES\MSOFFICE\OFFICE10\1033\SETUP.HLP.(NULL)(NULL)(NULL)

==================== Memory info ===========================

Processor: AMD Turion™ 64 X2 Mobile Technology TL-50
Percentage of memory in use: 67%
Total physical RAM: 990.54 MB
Available physical RAM: 323.29 MB
Total Pagefile: 2386.41 MB
Available Pagefile: 1700.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:61.96 GB) (Free:16.62 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.53 GB) (Free:1.21 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive f: () (Removable) (Total:3.8 GB) (Free:3.8 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: 282D282D)
Partition 1: (Active) - (Size=62 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.6 GB) - (Type=0C)
Partition 3: (Not Active) - (Size=1 GB) - (Type=D7)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 002293F0)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0B)

==================== End Of Log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:49 PM

Posted 04 February 2015 - 02:14 PM

Hi,

windows_xp_logo.jpg Windows XP notes

I've noticed that you're a Windows XP user. I need to tell you that my canned speeches (texts I use to present instructions) are designed for newer systems in first place. Therefore, whenever you will see a request to Run as Administrator, please ignore it and instead run the tool just by a double-click on the aforementioned icon.

warning.gif Windows XP end of support warning!

As 8th of April 2014 has passed, this Operating System is not longer supported by the Microsoft.
Any patches, updates or security releases are ceased for this System.This is just an information for you if not aware.
 
 
Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.
tdss.gif

Edited by deeprybka, 04 February 2015 - 02:15 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 donatojoe

donatojoe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 04 February 2015 - 02:40 PM

It says no threats found.

12:35:00.0625 0x0988 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:35:08.0296 0x0988 ============================================================
12:35:08.0296 0x0988 Current date / time: 2015/02/04 12:35:08.0296
12:35:08.0296 0x0988 SystemInfo:
12:35:08.0296 0x0988
12:35:08.0296 0x0988 OS Version: 5.1.2600 ServicePack: 3.0
12:35:08.0296 0x0988 Product type: Workstation
12:35:08.0296 0x0988 ComputerName: YOUR-0CDC4F5844
12:35:08.0296 0x0988 UserName: muttman
12:35:08.0296 0x0988 Windows directory: C:\WINDOWS
12:35:08.0296 0x0988 System windows directory: C:\WINDOWS
12:35:08.0296 0x0988 Processor architecture: Intel x86
12:35:08.0296 0x0988 Number of processors: 2
12:35:08.0296 0x0988 Page size: 0x1000
12:35:08.0296 0x0988 Boot type: Normal boot
12:35:08.0296 0x0988 ============================================================
12:35:09.0468 0x0988 KLMD registered as C:\WINDOWS\system32\drivers\65396690.sys
12:35:13.0359 0x0988 System UUID: {E0961020-C895-2BC2-9088-3B1845901965}
12:35:17.0843 0x0988 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:35:17.0890 0x0988 Drive \Device\Harddisk1\DR6 - Size: 0xF3C00000 ( 3.81 Gb ), SectorSize: 0x200, Cylinders: 0x1F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:35:17.0890 0x0988 ============================================================
12:35:17.0890 0x0988 \Device\Harddisk0\DR0:
12:35:17.0890 0x0988 MBR partitions:
12:35:17.0890 0x0988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7BEE01A
12:35:17.0890 0x0988 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x7BF1F1A, BlocksNum 0x171A8E4
12:35:17.0890 0x0988 \Device\Harddisk1\DR6:
12:35:17.0890 0x0988 MBR partitions:
12:35:17.0890 0x0988 \Device\Harddisk1\DR6\Partition1: MBR, Type 0xB, StartLBA 0xB08, BlocksNum 0x79D4F8
12:35:17.0890 0x0988 ============================================================
12:35:18.0000 0x0988 C: <-> \Device\Harddisk0\DR0\Partition1
12:35:18.0015 0x0988 D: <-> \Device\Harddisk0\DR0\Partition2
12:35:18.0015 0x0988 ============================================================
12:35:18.0015 0x0988 Initialize success
12:35:18.0015 0x0988 ============================================================
12:36:17.0671 0x0f4c ============================================================
12:36:17.0671 0x0f4c Scan started
12:36:17.0671 0x0f4c Mode: Manual; SigCheck; TDLFS;
12:36:17.0671 0x0f4c ============================================================
12:36:17.0671 0x0f4c KSN ping started
12:36:20.0515 0x0f4c KSN ping finished: true
12:36:21.0375 0x0f4c ================ Scan system memory ========================
12:36:21.0375 0x0f4c System memory - ok
12:36:21.0375 0x0f4c ================ Scan services =============================
12:36:21.0515 0x0f4c [ D2142FEE659D97B2B05820F21594BFE2, 7F148907A6A5C898FD7DCB5F34E119C1CA070BE119D53B2A5BFAA067D3AB1B54 ] 5U870CAP_VID_1262&PID_25FD C:\WINDOWS\system32\Drivers\5U870CAP.sys
12:36:22.0031 0x0f4c 5U870CAP_VID_1262&PID_25FD - ok
12:36:22.0203 0x0f4c Abiosdsk - ok
12:36:22.0218 0x0f4c [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:36:23.0015 0x0f4c abp480n5 - ok
12:36:23.0078 0x0f4c [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:36:23.0375 0x0f4c ACPI - ok
12:36:23.0406 0x0f4c [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:36:23.0562 0x0f4c ACPIEC - ok
12:36:23.0656 0x0f4c [ 746742588C07DB53731143229E2EE450, EB38EB49E104DA83ECA0C5F6A7157ADAEDB0CE72CE4659DBCF24AFC773CE1B3B ] AddFiltr C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
12:36:23.0703 0x0f4c AddFiltr - detected UnsignedFile.Multi.Generic ( 1 )
12:36:26.0453 0x0f4c Detect skipped due to KSN trusted
12:36:26.0453 0x0f4c AddFiltr - ok
12:36:26.0500 0x0f4c [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:36:26.0781 0x0f4c adpu160m - ok
12:36:26.0812 0x0f4c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:36:27.0000 0x0f4c aec - ok
12:36:27.0031 0x0f4c [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:36:27.0109 0x0f4c AFD - ok
12:36:27.0140 0x0f4c [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:36:27.0312 0x0f4c agp440 - ok
12:36:27.0328 0x0f4c [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:36:27.0515 0x0f4c agpCPQ - ok
12:36:27.0578 0x0f4c [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:36:27.0656 0x0f4c Aha154x - ok
12:36:27.0687 0x0f4c [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:36:27.0875 0x0f4c aic78u2 - ok
12:36:27.0890 0x0f4c [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:36:28.0062 0x0f4c aic78xx - ok
12:36:28.0093 0x0f4c [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:36:28.0265 0x0f4c Alerter - ok
12:36:28.0265 0x0f4c [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
12:36:28.0437 0x0f4c ALG - ok
12:36:28.0453 0x0f4c [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
12:36:28.0640 0x0f4c AliIde - ok
12:36:28.0671 0x0f4c [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:36:28.0812 0x0f4c alim1541 - ok
12:36:28.0859 0x0f4c [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:36:29.0000 0x0f4c amdagp - ok
12:36:29.0015 0x0f4c [ 0A4D13B388C814560BD69C3A496ECFA8, 71ADD4C4A5C6465EA27F572DE608C348896C4C557D136718CCDD9919144F7986 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:36:29.0078 0x0f4c AmdK8 - ok
12:36:29.0093 0x0f4c [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
12:36:29.0187 0x0f4c amsint - ok
12:36:29.0234 0x0f4c [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:36:29.0406 0x0f4c AppMgmt - ok
12:36:29.0437 0x0f4c [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:36:29.0609 0x0f4c Arp1394 - ok
12:36:29.0640 0x0f4c [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
12:36:29.0828 0x0f4c asc - ok
12:36:29.0843 0x0f4c [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:36:29.0921 0x0f4c asc3350p - ok
12:36:29.0953 0x0f4c [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:36:30.0125 0x0f4c asc3550 - ok
12:36:30.0203 0x0f4c [ E1A1206A4FB19B675E947B29CCD25FBA, A9855FAB141E327DBC05B845939304749175B78F883B7FEC24552D96DA15609F ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
12:36:30.0218 0x0f4c aspnet_state - detected UnsignedFile.Multi.Generic ( 1 )
12:36:32.0906 0x0f4c Detect skipped due to KSN trusted
12:36:32.0906 0x0f4c aspnet_state - ok
12:36:32.0937 0x0f4c [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:36:33.0140 0x0f4c AsyncMac - ok
12:36:33.0171 0x0f4c [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:36:33.0328 0x0f4c atapi - ok
12:36:33.0328 0x0f4c Atdisk - ok
12:36:33.0359 0x0f4c [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:36:33.0515 0x0f4c Atmarpc - ok
12:36:33.0562 0x0f4c [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:36:33.0718 0x0f4c AudioSrv - ok
12:36:33.0750 0x0f4c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:36:33.0937 0x0f4c audstub - ok
12:36:34.0000 0x0f4c [ 114234FAFEC7060392195170E1C4D45E, F525181EDD378A3E4C713A02CC6A9DBE7B6D6BECF4DF72A3D803C6B950E7EC2D ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
12:36:34.0078 0x0f4c BCM43XX - ok
12:36:34.0093 0x0f4c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:36:34.0281 0x0f4c Beep - ok
12:36:34.0546 0x0f4c [ 41DB47F3AFB2D058307A0289E30CEE48, A05F2119BF5CE1087FBD03AD73378975CEC63844B5CBFCEDC4F8376F9770C549 ] BHDrvx86 C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys
12:36:35.0265 0x0f4c BHDrvx86 - ok
12:36:35.0359 0x0f4c [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
12:36:35.0687 0x0f4c BITS - ok
12:36:35.0734 0x0f4c [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
12:36:35.0796 0x0f4c Browser - ok
12:36:35.0843 0x0f4c [ 4272BAB9291D26DA5AC913BC79C3CE85, D237660433483B4C78E633D97C5C994BE0F2972888CF6E5DB2FDA0E86E1471F4 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
12:36:35.0843 0x0f4c BTWUSB - detected UnsignedFile.Multi.Generic ( 1 )
12:36:38.0515 0x0f4c Detect skipped due to KSN trusted
12:36:38.0515 0x0f4c BTWUSB - ok
12:36:38.0578 0x0f4c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:36:38.0828 0x0f4c cbidf - ok
12:36:38.0843 0x0f4c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:36:39.0000 0x0f4c cbidf2k - ok
12:36:39.0031 0x0f4c [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:36:39.0187 0x0f4c CCDECODE - ok
12:36:39.0312 0x0f4c [ 56C2811FD0D7B727808A69407B5BFAE0, 5F84A29A9E6D8F566F95399F3B41A82DD128EA69678BBBCF75AD914DE70D9A74 ] ccSet_NAV C:\WINDOWS\system32\drivers\NAV\1506000.020\ccSetx86.sys
12:36:39.0343 0x0f4c ccSet_NAV - ok
12:36:39.0390 0x0f4c [ 56C2811FD0D7B727808A69407B5BFAE0, 5F84A29A9E6D8F566F95399F3B41A82DD128EA69678BBBCF75AD914DE70D9A74 ] ccSet_NST C:\WINDOWS\system32\drivers\NST\7DE06000.01B\ccSetx86.sys
12:36:39.0421 0x0f4c ccSet_NST - ok
12:36:39.0453 0x0f4c [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:36:39.0515 0x0f4c cd20xrnt - ok
12:36:39.0546 0x0f4c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:36:39.0718 0x0f4c Cdaudio - ok
12:36:39.0750 0x0f4c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:36:39.0890 0x0f4c Cdfs - ok
12:36:39.0906 0x0f4c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:36:40.0078 0x0f4c Cdrom - ok
12:36:40.0078 0x0f4c Changer - ok
12:36:40.0109 0x0f4c [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:36:40.0265 0x0f4c CiSvc - ok
12:36:40.0281 0x0f4c [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:36:40.0453 0x0f4c ClipSrv - ok
12:36:40.0484 0x0f4c [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:36:40.0640 0x0f4c CmBatt - ok
12:36:40.0671 0x0f4c [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:36:40.0859 0x0f4c CmdIde - ok
12:36:40.0859 0x0b10 Object required for P2P: [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac
12:36:40.0875 0x0f4c [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:36:41.0031 0x0f4c Compbatt - ok
12:36:41.0031 0x0f4c COMSysApp - ok
12:36:41.0078 0x0f4c [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:36:41.0250 0x0f4c Cpqarray - ok
12:36:41.0296 0x0f4c [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:36:41.0453 0x0f4c CryptSvc - ok
12:36:41.0484 0x0f4c [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:36:41.0671 0x0f4c dac2w2k - ok
12:36:41.0703 0x0f4c [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:36:41.0875 0x0f4c dac960nt - ok
12:36:41.0937 0x0f4c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:36:42.0031 0x0f4c DcomLaunch - ok
12:36:42.0078 0x0f4c [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:36:42.0234 0x0f4c Dhcp - ok
12:36:42.0265 0x0f4c [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:36:42.0406 0x0f4c Disk - ok
12:36:42.0421 0x0f4c dmadmin - ok
12:36:42.0500 0x0f4c [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:36:42.0750 0x0f4c dmboot - ok
12:36:42.0781 0x0f4c [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:36:42.0953 0x0f4c dmio - ok
12:36:42.0984 0x0f4c [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:36:43.0156 0x0f4c dmload - ok
12:36:43.0187 0x0f4c [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
12:36:43.0343 0x0f4c dmserver - ok
12:36:43.0375 0x0f4c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:36:43.0515 0x0f4c DMusic - ok
12:36:43.0578 0x0f4c [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:36:43.0703 0x0f4c Dnscache - ok
12:36:43.0750 0x0f4c [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:36:43.0906 0x0f4c Dot3svc - ok
12:36:43.0937 0x0f4c [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:36:44.0125 0x0f4c dpti2o - ok
12:36:44.0156 0x0f4c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:36:44.0312 0x0f4c drmkaud - ok
12:36:44.0328 0x0f4c [ B5CB3084046146FD2587D8C9B219FEB4, 8233F47FDD9DB112CEEB62EED755648E3B35032DFABAD2DCD3F6C6952D0D7D42 ] eabfiltr C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
12:36:44.0375 0x0f4c eabfiltr - ok
12:36:44.0390 0x0f4c [ 231F4547AE1E4B3E60ECA66C3A96D218, FE13CB79024F3C1DFBD26AC4DE8AB2A00FF36D5805C7EF300B7AF2D24B3A2B92 ] eabusb C:\WINDOWS\system32\DRIVERS\eabusb.sys
12:36:44.0421 0x0f4c eabusb - ok
12:36:44.0453 0x0f4c [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:36:44.0593 0x0f4c EapHost - ok
12:36:44.0703 0x0f4c [ F289F7EDE8375C33450CBFCF07CDF0CD, 23FBCC2D1750559247E296A8EAB46A7E838189D5425AADD7C1C946BCC2DD1DAD ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:36:44.0750 0x0f4c eeCtrl - ok
12:36:44.0812 0x0f4c [ D039A0C347632622934906BD59A4E1EA, ED2C84C4F80295B1738FBF4CDF1C8D7E2EEF3312F6DF7099BF4FC7BF49C0E556 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
12:36:44.0875 0x0f4c ehRecvr - ok
12:36:44.0906 0x0f4c [ A53243709439AC2A4C216B817F8D7411, AF4624EEA9B165DE873B7D104D1EA3BE9A14BBC5B4CABE26544F90B78689EEF9 ] ehSched C:\WINDOWS\eHome\ehSched.exe
12:36:44.0937 0x0f4c ehSched - ok
12:36:45.0000 0x0f4c [ 8DE31E848D20C6873A6AC10D9B7C1524, 7FF63C19FCC1B6D6FEDBFDE13EBE139885BEE0D5F6BEF50B37FC3B64980A1F93 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:36:45.0015 0x0f4c EraserUtilRebootDrv - ok
12:36:45.0046 0x0f4c [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:36:45.0203 0x0f4c ERSvc - ok
12:36:45.0250 0x0f4c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
12:36:45.0312 0x0f4c Eventlog - ok
12:36:45.0375 0x0f4c [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
12:36:45.0421 0x0f4c EventSystem - ok
12:36:45.0468 0x0f4c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:36:45.0625 0x0f4c Fastfat - ok
12:36:45.0671 0x0f4c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:36:45.0718 0x0f4c FastUserSwitchingCompatibility - ok
12:36:45.0750 0x0f4c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:36:45.0890 0x0f4c Fdc - ok
12:36:45.0906 0x0f4c [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:36:46.0062 0x0f4c Fips - ok
12:36:46.0078 0x0f4c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:36:46.0234 0x0f4c Flpydisk - ok
12:36:46.0265 0x0f4c [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:36:46.0421 0x0f4c FltMgr - ok
12:36:46.0453 0x0f4c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:36:46.0640 0x0f4c Fs_Rec - ok
12:36:46.0671 0x0f4c [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:36:46.0843 0x0f4c Ftdisk - ok
12:36:46.0890 0x0f4c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:36:47.0046 0x0f4c Gpc - ok
12:36:47.0078 0x0f4c [ 4D4D97671C63C3AF869B3518E6054204, 2163373A69DDF2A6E63B20003B1D6E5ECC775D8D6A426BE81CEDE9A5A79E872E ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
12:36:47.0093 0x0f4c HBtnKey - ok
12:36:47.0156 0x0f4c [ 2A6E9A118DA2DD0439551A7EB3A8F65E, 5FE172FAFC7A20166FADE865A2AE39AC05671FD146F07EB254EA70476F762716 ] HdAudAddService C:\WINDOWS\system32\drivers\CHDAud.sys
12:36:47.0265 0x0f4c HdAudAddService - ok
12:36:47.0296 0x0f4c [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:36:47.0453 0x0f4c HDAudBus - ok
12:36:47.0500 0x0f4c [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:36:47.0656 0x0f4c helpsvc - ok
12:36:47.0687 0x0f4c [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:36:47.0828 0x0f4c HidServ - ok
12:36:47.0859 0x0f4c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:36:48.0015 0x0f4c HidUsb - ok
12:36:48.0046 0x0f4c [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:36:48.0203 0x0f4c hkmsvc - ok
12:36:48.0234 0x0f4c [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
12:36:48.0390 0x0f4c hpn - ok
12:36:48.0421 0x0f4c [ 04C1DCBB226C6AE647B794833CE3CEB6, 7C89908766962169FA877D1A78C3628EDBAE2B25A3BBEE6DBB1D19C272A428D0 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
12:36:48.0453 0x0f4c hpqwmiex - detected UnsignedFile.Multi.Generic ( 1 )
12:36:50.0984 0x0f4c Detect skipped due to KSN trusted
12:36:50.0984 0x0f4c hpqwmiex - ok
12:36:51.0046 0x0f4c [ 448C0FD272FE1B80046F4767DB21EB8D, 5A1A48F1DDBA00670453749C124B7CE592DF2333B440EB6593B25A3AC72B1221 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
12:36:51.0125 0x0f4c HSFHWAZL - ok
12:36:51.0265 0x0f4c [ 2715A27DE9C17BDBAF6D6C79989A7B12, D7C2A25F9762F68AB2877F5A3F3179202C506A8888F71132446308B4B54E36C1 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:36:51.0437 0x0f4c HSF_DPV - ok
12:36:51.0500 0x0f4c [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:36:51.0531 0x0f4c HTTP - ok
12:36:51.0578 0x0f4c [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:36:51.0734 0x0f4c HTTPFilter - ok
12:36:51.0796 0x0f4c [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
12:36:51.0937 0x0f4c i2omgmt - ok
12:36:51.0953 0x0f4c [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:36:52.0109 0x0f4c i2omp - ok
12:36:52.0140 0x0f4c [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:36:52.0296 0x0f4c i8042prt - ok
12:36:52.0375 0x0f4c [ 309C4D86D989FB1FCF64BD30DC81C51B, 90412120B005D5178E27EFD09D52005BE6CE1965E5CBB59612EAD02C5896A8A7 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
12:36:52.0484 0x0f4c iaStor - detected UnsignedFile.Multi.Generic ( 1 )
12:36:54.0984 0x0f4c Object required for P2P: [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor
12:36:57.0750 0x0f4c Object send P2P result: true
12:36:57.0750 0x0f4c Detect skipped due to KSN trusted
12:36:57.0750 0x0f4c iaStor - ok
12:36:57.0843 0x0f4c [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:36:57.0875 0x0f4c IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
12:36:58.0796 0x0980 Object required for P2P: [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc
12:37:00.0609 0x0f4c Detect skipped due to KSN trusted
12:37:00.0609 0x0f4c IDriverT - ok
12:37:00.0875 0x0b10 Object send P2P result: false
12:37:00.0875 0x0b10 Object required for P2P: [ 574738F61FCA2935F5265DC4E5691314 ] BITS
12:37:01.0000 0x0f4c [ 5B48758C516AF1F5A5BE6B00258E84E6, BBA979C8E1DA34DC35E33F49C4F70CDE87B34B9D3F8A0C1C874419F8E4A86AE3 ] IDSxpx86 C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20150131.003\IDSxpx86.sys
12:37:01.0109 0x0f4c IDSxpx86 - ok
12:37:01.0140 0x0f4c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:37:01.0312 0x0f4c Imapi - ok
12:37:01.0359 0x0f4c [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
12:37:01.0515 0x0f4c ImapiService - ok
12:37:01.0531 0x0980 Object send P2P result: true
12:37:01.0546 0x0f4c [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:37:01.0687 0x0f4c ini910u - ok
12:37:01.0734 0x0f4c [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:37:01.0890 0x0f4c IntelIde - ok
12:37:01.0921 0x0f4c [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:37:02.0078 0x0f4c Ip6Fw - ok
12:37:02.0109 0x0f4c [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:37:02.0250 0x0f4c IpFilterDriver - ok
12:37:02.0281 0x0f4c [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:37:02.0421 0x0f4c IpInIp - ok
12:37:02.0453 0x0f4c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:37:02.0609 0x0f4c IpNat - ok
12:37:02.0640 0x0f4c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:37:02.0781 0x0f4c IPSec - ok
12:37:02.0812 0x0f4c [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:37:02.0953 0x0f4c IRENUM - ok
12:37:02.0968 0x0f4c [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:37:03.0125 0x0f4c isapnp - ok
12:37:03.0156 0x0f4c [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:37:03.0312 0x0f4c Kbdclass - ok
12:37:03.0328 0x0f4c [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:37:03.0468 0x0f4c kbdhid - ok
12:37:03.0500 0x0f4c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:37:03.0656 0x0f4c kmixer - ok
12:37:03.0687 0x0f4c [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:37:03.0703 0x0b10 Object send P2P result: true
12:37:03.0765 0x0f4c KSecDD - ok
12:37:03.0796 0x0f4c [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:37:03.0843 0x0f4c lanmanserver - ok
12:37:03.0890 0x0f4c [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:37:03.0937 0x0f4c lanmanworkstation - ok
12:37:03.0953 0x0f4c lbrtfdc - ok
12:37:04.0015 0x0f4c [ 86E8BCAA91FC2ACFACD99CF2BF9F1F47, 4A7B5C5FEA515E113D8031AC132004F58723B9EC1651376731EC831F87734D06 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:37:04.0031 0x0f4c LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
12:37:06.0734 0x0f4c Detect skipped due to KSN trusted
12:37:06.0734 0x0f4c LightScribeService - ok
12:37:06.0796 0x0f4c [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:37:07.0015 0x0f4c LmHosts - ok
12:37:07.0046 0x0f4c [ DF0A511F38F16016BF658FCA0090CB87, 6D2F6360A4E1D369607F2F394B4A8C6EE8EEE9FA46A67394769E9C0044529B6C ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
12:37:07.0109 0x0f4c McrdSvc - ok
12:37:07.0140 0x0f4c [ 74F4372AF97A587ECEC527EC34955712, E83873382E84E596562E8A4E9726015B79C17D2276738A57CA7E6FDCE6BA8A6D ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:37:07.0156 0x0f4c mdmxsdk - ok
12:37:07.0171 0x0f4c [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:37:07.0328 0x0f4c Messenger - ok
12:37:07.0359 0x0f4c [ B7521F69C0A9B29D356157229376FB21, A77C89BDC181038DD0F9A8AC0F7164B10EF9C54B0C57D8BAB8BC27932EBF890B ] MHN C:\WINDOWS\System32\mhn.dll
12:37:07.0375 0x0f4c MHN - detected UnsignedFile.Multi.Generic ( 1 )
12:37:08.0781 0x06bc Object required for P2P: [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM
12:37:09.0859 0x0f4c Detect skipped due to KSN trusted
12:37:09.0859 0x0f4c MHN - ok
12:37:09.0921 0x0f4c [ 7F2F1D2815A6449D346FCCCBC569FBD6, 1C5A321CE95CE4D9AA2CB5A00E9B7E711521A6BBB25D36F7F49A397C361585C6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:37:09.0937 0x0f4c MHNDRV - detected UnsignedFile.Multi.Generic ( 1 )
12:37:11.0531 0x06bc Object send P2P result: true
12:37:12.0656 0x0f4c Detect skipped due to KSN trusted
12:37:12.0656 0x0f4c MHNDRV - ok
12:37:12.0718 0x0f4c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:37:12.0937 0x0f4c mnmdd - ok
12:37:12.0984 0x0f4c [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:37:13.0125 0x0f4c mnmsrvc - ok
12:37:13.0156 0x0f4c [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:37:13.0296 0x0f4c Modem - ok
12:37:13.0328 0x0f4c [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:37:13.0468 0x0f4c Mouclass - ok
12:37:13.0500 0x0f4c [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:37:13.0656 0x0f4c mouhid - ok
12:37:13.0671 0x0f4c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:37:13.0828 0x0f4c MountMgr - ok
12:37:13.0875 0x0f4c [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:37:13.0906 0x0f4c MozillaMaintenance - ok
12:37:13.0937 0x0f4c [ EEE50BF24CAEEDB515A8F3B22756D3BB, 8A647730B65AEDB822B498ECC214DA78C14DF548B7FC68CC5F6C732EAB6F54A4 ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
12:37:13.0953 0x0f4c MQAC - detected UnsignedFile.Multi.Generic ( 1 )
12:37:16.0609 0x0f4c Detect skipped due to KSN trusted
12:37:16.0625 0x0f4c MQAC - ok
12:37:16.0671 0x0f4c [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:37:16.0890 0x0f4c mraid35x - ok
12:37:16.0921 0x0f4c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:37:17.0078 0x0f4c MRxDAV - ok
12:37:17.0156 0x0f4c [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:37:17.0234 0x0f4c MRxSmb - ok
12:37:17.0296 0x0f4c [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:37:17.0453 0x0f4c MSDTC - ok
12:37:17.0468 0x0f4c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:37:17.0625 0x0f4c Msfs - ok
12:37:17.0625 0x0f4c MSIServer - ok
12:37:17.0656 0x0f4c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:37:17.0796 0x0f4c MSKSSRV - ok
12:37:17.0828 0x0f4c [ E9B5F354AE80325283FD5C1C05217B01, 387E01D40CE3A32CCABFB8F34057B2B5159F3C2BDFB97F43EA85EEC337FA3DC1 ] MSMQ C:\WINDOWS\system32\mqsvc.exe
12:37:17.0828 0x0f4c MSMQ - detected UnsignedFile.Multi.Generic ( 1 )
12:37:20.0515 0x0f4c Detect skipped due to KSN trusted
12:37:20.0515 0x0f4c MSMQ - ok
12:37:20.0562 0x0f4c [ 10E6B9022B0A5C9C41E2DA6AEAE5D404, 9B3CC7DA125DE036D530A8E465BB12C5CC8E220035FFD5CB687980B07132F826 ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe
12:37:20.0593 0x0f4c MSMQTriggers - detected UnsignedFile.Multi.Generic ( 1 )
12:37:23.0375 0x0f4c Detect skipped due to KSN trusted
12:37:23.0375 0x0f4c MSMQTriggers - ok
12:37:23.0406 0x0f4c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:37:23.0640 0x0f4c MSPCLOCK - ok
12:37:23.0671 0x0f4c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:37:23.0828 0x0f4c MSPQM - ok
12:37:23.0859 0x0f4c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:37:23.0984 0x0f4c mssmbios - ok
12:37:24.0000 0x0f4c [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:37:24.0156 0x0f4c MSTEE - ok
12:37:24.0203 0x0f4c [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:37:24.0250 0x0f4c Mup - ok
12:37:24.0281 0x0f4c [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:37:24.0421 0x0f4c NABTSFEC - ok
12:37:24.0468 0x0f4c [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:37:24.0640 0x0f4c napagent - ok
12:37:24.0875 0x0f4c [ B64F54D5D7C531A03214B835C5DF7C18, 38C9EFF739C55CB4C7529E73AAB412E7CF590D61FB207945F7AE97396FF3E7BC ] NAV C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\NAV.exe
12:37:24.0906 0x0f4c NAV - ok
12:37:25.0015 0x0f4c [ 80FBA3EED69BCA4B82555B21AA0AD902, FE4BBF045E31757CC3E6D9234F39EF4F586CE14A1399DC705875CD45F87AC971 ] NAVENG C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150203.034\NAVENG.SYS
12:37:25.0046 0x0f4c NAVENG - ok
12:37:25.0156 0x0f4c [ 3F96C4FA47BDB31680088FA4126E191F, E8712D86B5A5AB3D7AF20D8384EBC4863877D424A560ED8A1C5500EA27E38E8E ] NAVEX15 C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150203.034\NAVEX15.SYS
12:37:25.0375 0x0f4c NAVEX15 - ok
12:37:25.0515 0x0f4c [ 3E3A97C7C7E79DF8F08F22F0666D9E03, 2E0F79BEA0E5DEC8C6A9184D97970307D2F5E996084CC5FFE35230BDE3A76813 ] NCO C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
12:37:25.0562 0x0f4c NCO - ok
12:37:25.0625 0x0f4c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:37:25.0843 0x0f4c NDIS - ok
12:37:25.0875 0x0f4c [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:37:26.0031 0x0f4c NdisIP - ok
12:37:26.0078 0x0f4c [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:37:26.0109 0x0f4c NdisTapi - ok
12:37:26.0125 0x0f4c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:37:26.0312 0x0f4c Ndisuio - ok
12:37:26.0343 0x0f4c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:37:26.0484 0x0f4c NdisWan - ok
12:37:26.0515 0x0f4c [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:37:26.0562 0x0f4c NDProxy - ok
12:37:26.0593 0x0f4c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:37:26.0750 0x0f4c NetBIOS - ok
12:37:26.0781 0x0f4c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:37:26.0937 0x0f4c NetBT - ok
12:37:26.0984 0x0f4c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
12:37:27.0140 0x0f4c NetDDE - ok
12:37:27.0156 0x0f4c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:37:27.0296 0x0f4c NetDDEdsdm - ok
12:37:27.0328 0x0f4c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:37:27.0484 0x0f4c Netlogon - ok
12:37:27.0515 0x0f4c [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
12:37:27.0687 0x0f4c Netman - ok
12:37:27.0718 0x0f4c [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:37:27.0859 0x0f4c NIC1394 - ok
12:37:27.0921 0x0f4c [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
12:37:28.0000 0x0f4c Nla - ok
12:37:28.0031 0x0f4c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:37:28.0171 0x0f4c Npfs - ok
12:37:28.0250 0x0f4c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:37:28.0437 0x0f4c Ntfs - ok
12:37:28.0453 0x0f4c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:37:28.0593 0x0f4c NtLmSsp - ok
12:37:28.0656 0x0f4c [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:37:28.0843 0x0f4c NtmsSvc - ok
12:37:28.0875 0x0f4c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
12:37:29.0015 0x0f4c Null - ok
12:37:29.0281 0x0f4c [ BBB8AB2FFD7A79CD9D7751008E3DE579, F54D294340CEFE4E72D5E60143A31FFD60F68BF953CBC616669564918FCC2381 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:37:29.0656 0x0f4c nv - ok
12:37:29.0703 0x0f4c [ 3AC5EEDD35B7437D53960F3998BFA462, 2C7298D6D2597259F8653A941785B2913287CA9E8846D241BF5D2DF3AD45DA79 ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
12:37:29.0734 0x0f4c nvata - ok
12:37:29.0781 0x0f4c [ 22EEDB34C4D7613A25B10C347C6C4C21, B8F3025B308CC63CD1C9604C0E6568006051AF5B96326CE8E1C8DB166D10A1AF ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:37:29.0828 0x0f4c NVENETFD - ok
12:37:29.0859 0x0f4c [ 5E3F6AD5CAD0F12D3CCCD06FD964087A, FACEA3DC09214BF02115BBF6F0667C8F1536B41D9A27178E20782EEE734149AB ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:37:29.0890 0x0f4c nvnetbus - ok
12:37:29.0921 0x0f4c [ E0F76FAB86FEC98778047D0C7C39CBB9, 2EF0016A0C90140753E955CBBC1A1A41BB80AD9346CA8F7A01B46315B3D4CA40 ] nvsmu C:\WINDOWS\system32\DRIVERS\nvsmu.sys
12:37:29.0953 0x0f4c nvsmu - ok
12:37:29.0984 0x0f4c [ A323E7DD1A00898B1C40B9B5B340C0DB, 4C8BB49C637A4DA30C25FA17DE3F393E0510F54BA2682BDE976F263391ACE790 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
12:37:30.0031 0x0f4c NVSvc - ok
12:37:30.0062 0x0f4c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:37:30.0234 0x0f4c NwlnkFlt - ok
12:37:30.0250 0x0f4c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:37:30.0421 0x0f4c NwlnkFwd - ok
12:37:30.0437 0x0f4c [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:37:30.0593 0x0f4c ohci1394 - ok
12:37:30.0625 0x0f4c [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:37:30.0765 0x0f4c Parport - ok
12:37:30.0781 0x0f4c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:37:30.0937 0x0f4c PartMgr - ok
12:37:30.0968 0x0f4c [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:37:31.0125 0x0f4c ParVdm - ok
12:37:31.0140 0x0f4c [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:37:31.0312 0x0f4c PCI - ok
12:37:31.0312 0x0f4c PCIDump - ok
12:37:31.0328 0x0f4c [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:37:31.0468 0x0f4c PCIIde - ok
12:37:31.0484 0x0f4c [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:37:31.0625 0x0f4c Pcmcia - ok
12:37:31.0640 0x0f4c PDCOMP - ok
12:37:31.0640 0x0f4c PDFRAME - ok
12:37:31.0656 0x0f4c PDRELI - ok
12:37:31.0671 0x0f4c PDRFRAME - ok
12:37:31.0703 0x0f4c [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
12:37:31.0859 0x0f4c perc2 - ok
12:37:31.0890 0x0f4c [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:37:32.0031 0x0f4c perc2hib - ok
12:37:32.0078 0x0f4c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
12:37:32.0125 0x0f4c PlugPlay - ok
12:37:32.0187 0x0f4c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:37:32.0312 0x0f4c PolicyAgent - ok
12:37:32.0343 0x0f4c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:37:32.0484 0x0f4c PptpMiniport - ok
12:37:32.0484 0x0f4c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:37:32.0625 0x0f4c ProtectedStorage - ok
12:37:32.0656 0x0f4c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:37:32.0828 0x0f4c PSched - ok
12:37:32.0859 0x0f4c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:37:33.0015 0x0f4c Ptilink - ok
12:37:33.0031 0x0f4c [ 86724469CD077901706854974CD13C3E, 23C6B45928E43AC2893033DFC4265C2C87B3D185CB20553B9EAB818A46FB8C18 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:37:33.0062 0x0f4c PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 )
12:37:35.0734 0x0f4c Detect skipped due to KSN trusted
12:37:35.0734 0x0f4c PxHelp20 - ok
12:37:35.0781 0x0f4c [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:37:36.0015 0x0f4c ql1080 - ok
12:37:36.0046 0x0f4c [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:37:36.0218 0x0f4c Ql10wnt - ok
12:37:36.0234 0x0f4c [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:37:36.0375 0x0f4c ql12160 - ok
12:37:36.0390 0x0f4c [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:37:36.0546 0x0f4c ql1240 - ok
12:37:36.0562 0x0f4c [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:37:36.0703 0x0f4c ql1280 - ok
12:37:36.0734 0x0f4c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:37:36.0859 0x0f4c RasAcd - ok
12:37:36.0890 0x0f4c [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:37:37.0046 0x0f4c RasAuto - ok
12:37:37.0078 0x0f4c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:37:37.0234 0x0f4c Rasl2tp - ok
12:37:37.0265 0x0f4c [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:37:37.0406 0x0f4c RasMan - ok
12:37:37.0437 0x0f4c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:37:37.0593 0x0f4c RasPppoe - ok
12:37:37.0640 0x0f4c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:37:37.0781 0x0f4c Raspti - ok
12:37:37.0828 0x0f4c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:37:37.0968 0x0f4c Rdbss - ok
12:37:37.0984 0x0f4c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:37:38.0125 0x0f4c RDPCDD - ok
12:37:38.0187 0x0f4c [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:37:38.0359 0x0f4c rdpdr - ok
12:37:38.0390 0x0f4c [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:37:38.0468 0x0f4c RDPWD - ok
12:37:38.0500 0x0f4c [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:37:38.0656 0x0f4c RDSessMgr - ok
12:37:38.0687 0x0f4c [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:37:38.0828 0x0f4c redbook - ok
12:37:38.0859 0x0f4c [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:37:39.0031 0x0f4c RemoteAccess - ok
12:37:39.0062 0x0f4c [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:37:39.0218 0x0f4c RemoteRegistry - ok
12:37:39.0234 0x0f4c [ 7A6648B61661B1421FFAB762E391E33F, D1CDEE8C53EF3D6E72DB4C1D9DD351BFE9804BB0BE1419245B4ABE16679FC5A2 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
12:37:39.0296 0x0f4c rimmptsk - ok
12:37:39.0312 0x0f4c [ 8F7012D1B6A71EE9C23CE93DCDBF9F4B, 71A5931EF081A0D905E1D93D79B051FFE89817B4765C81B66F35A87BC6FEAF55 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
12:37:39.0359 0x0f4c rimsptsk - ok
12:37:39.0406 0x0f4c [ 3AC17802740C3A4764DC9750E92E6233, E71D2B1096756BEF2CC67BD167753499CE98FB147D2DD2B2F907A656912A5EE7 ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
12:37:39.0468 0x0f4c rismxdp - ok
12:37:39.0515 0x0f4c [ 96F7A9A7BF0C9C0440A967440065D33C, E3B0A0337BE05E48C7BD9E6D5A08173F1E5FAAC89526DAC3D87D21D1B55D524E ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys
12:37:39.0562 0x0f4c RMCAST - ok
12:37:39.0609 0x0f4c [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:37:39.0750 0x0f4c RpcLocator - ok
12:37:39.0796 0x0f4c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:37:39.0859 0x0f4c RpcSs - ok
12:37:39.0906 0x0f4c [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:37:40.0062 0x0f4c RSVP - ok
12:37:40.0078 0x0f4c [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:37:40.0156 0x0f4c rtl8139 - ok
12:37:40.0187 0x0f4c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
12:37:40.0312 0x0f4c SamSs - ok
12:37:40.0343 0x0f4c [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:37:40.0500 0x0f4c SCardSvr - ok
12:37:40.0546 0x0f4c [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:37:40.0703 0x0f4c Schedule - ok
12:37:40.0750 0x0f4c [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:37:40.0890 0x0f4c sdbus - ok
12:37:40.0906 0x0f4c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:37:41.0062 0x0f4c Secdrv - ok
12:37:41.0078 0x0f4c [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:37:41.0234 0x0f4c seclogon - ok
12:37:41.0250 0x0f4c [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
12:37:41.0406 0x0f4c SENS - ok
12:37:41.0421 0x0f4c [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:37:41.0593 0x0f4c Serial - ok
12:37:41.0609 0x0f4c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:37:41.0750 0x0f4c Sfloppy - ok
12:37:41.0796 0x0f4c [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:37:42.0000 0x0f4c SharedAccess - ok
12:37:42.0031 0x0f4c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:37:42.0062 0x0f4c ShellHWDetection - ok
12:37:42.0078 0x0f4c Simbad - ok
12:37:42.0093 0x0f4c [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:37:42.0234 0x0f4c sisagp - ok
12:37:42.0265 0x0f4c [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:37:42.0421 0x0f4c SLIP - ok
12:37:42.0453 0x0f4c [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:37:42.0531 0x0f4c Sparrow - ok
12:37:42.0546 0x0f4c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:37:42.0703 0x0f4c splitter - ok
12:37:42.0750 0x0f4c [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:37:42.0781 0x0f4c Spooler - ok
12:37:42.0812 0x0f4c [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:37:42.0953 0x0f4c sr - ok
12:37:42.0984 0x0f4c [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
12:37:43.0140 0x0f4c srservice - ok
12:37:43.0250 0x0f4c [ 7A3F8D98848D08E8C6E2C2BAA0764CBE, 778DCBB4AF43C370E015BF79FF8EAC6C878F549F8D6C7736780A163DB3E5F3E0 ] SRTSP C:\WINDOWS\System32\Drivers\NAV\1506000.020\SRTSP.SYS
12:37:43.0312 0x0f4c SRTSP - ok
12:37:43.0343 0x0f4c [ D3EE2801E382ED0B37169B2AF153E3A0, 70921DBBC948B043D0FD1321C87CBE4E24BB073E0C3E2C984DF2CEA294E41805 ] SRTSPX C:\WINDOWS\system32\drivers\NAV\1506000.020\SRTSPX.SYS
12:37:43.0359 0x0f4c SRTSPX - ok
12:37:43.0421 0x0f4c [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:37:43.0515 0x0f4c Srv - ok
12:37:43.0531 0x0f4c [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:37:43.0687 0x0f4c SSDPSRV - ok
12:37:43.0750 0x0f4c [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:37:43.0937 0x0f4c stisvc - ok
12:37:43.0968 0x0f4c [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:37:44.0125 0x0f4c streamip - ok
12:37:44.0140 0x0f4c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:37:44.0296 0x0f4c swenum - ok
12:37:44.0312 0x0f4c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:37:44.0468 0x0f4c swmidi - ok
12:37:44.0468 0x0f4c SwPrv - ok
12:37:44.0531 0x0f4c [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
12:37:44.0671 0x0f4c symc810 - ok
12:37:44.0703 0x0f4c [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:37:44.0843 0x0f4c symc8xx - ok
12:37:44.0906 0x0f4c [ 4C3DEF736D3857570166DE5C858600F5, 45613D3F1935AFDDB1DFE3A427222A0B38430ABF15F9110A35E7C55CDADF1D43 ] SymDS C:\WINDOWS\system32\drivers\NAV\1506000.020\SYMDS.SYS
12:37:44.0953 0x0f4c SymDS - ok
12:37:45.0046 0x0f4c [ B70A98F20B4180F2751CFD7656116342, F4BB1904DC4818CE012AA264A7714AA9977F06255CF857FDB3E55B0DBA3D8A9C ] SymEFA C:\WINDOWS\system32\drivers\NAV\1506000.020\SYMEFA.SYS
12:37:45.0140 0x0f4c SymEFA - ok
12:37:45.0187 0x0f4c [ E987A9CB539147527F56943BB34B7375, 4627C3E237549587B53CBD0D89AC2CEFF03C04F7624E2868936BCE5D70496AFD ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:37:45.0218 0x0f4c SymEvent - ok
12:37:45.0281 0x0f4c [ 164B4870B45A5BFD9535A62E857F066B, 33BFE1169271F31F1A69A3B84B4E6165CE60AD5CEAD87F69EAE0C1EDD4A57C28 ] SymIRON C:\WINDOWS\system32\drivers\NAV\1506000.020\Ironx86.SYS
12:37:45.0312 0x0f4c SymIRON - ok
12:37:45.0359 0x0f4c [ D602FFD15F577256770C82DD2D07214F, 29F1DF9BF1C415B22B8B3E9866E72C74EF0E57B0E7DBE3D42008E9D6647D6120 ] SYMTDI C:\WINDOWS\System32\Drivers\NAV\1506000.020\SYMTDI.SYS
12:37:45.0406 0x0f4c SYMTDI - ok
12:37:45.0437 0x0f4c [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:37:45.0609 0x0f4c sym_hi - ok
12:37:45.0640 0x0f4c [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:37:45.0765 0x0f4c sym_u3 - ok
12:37:45.0796 0x0f4c [ 60CB9F7C95791FE56A6E86868F4467BA, 64710B60BEEE0F94EEF3989F7DFFB43CDF6735342332297F54B482A6D5471B3C ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:37:45.0875 0x0f4c SynTP - ok
12:37:45.0906 0x0f4c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:37:46.0062 0x0f4c sysaudio - ok
12:37:46.0093 0x0f4c [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:37:46.0250 0x0f4c SysmonLog - ok
12:37:46.0281 0x0f4c [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:37:46.0453 0x0f4c TapiSrv - ok
12:37:46.0515 0x0f4c [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:37:46.0593 0x0f4c Tcpip - ok
12:37:46.0625 0x0f4c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:37:46.0781 0x0f4c TDPIPE - ok
12:37:46.0796 0x0f4c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:37:46.0953 0x0f4c TDTCP - ok
12:37:46.0984 0x0f4c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:37:47.0140 0x0f4c TermDD - ok
12:37:47.0203 0x0f4c [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
12:37:47.0375 0x0f4c TermService - ok
12:37:47.0406 0x0f4c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
12:37:47.0437 0x0f4c Themes - ok
12:37:47.0453 0x0f4c [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:37:47.0609 0x0f4c TlntSvr - ok
12:37:47.0640 0x0f4c [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
12:37:47.0796 0x0f4c TosIde - ok
12:37:47.0828 0x0f4c [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:37:47.0984 0x0f4c TrkWks - ok
12:37:48.0015 0x0f4c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:37:48.0187 0x0f4c Udfs - ok
12:37:48.0187 0x0f4c UIUSys - ok
12:37:48.0218 0x0f4c [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
12:37:48.0312 0x0f4c ultra - ok
12:37:48.0343 0x0f4c [ 9651E5D850B6F6BD7C77C70AA06F02BF, 746B9948BD77FE332991C08959908B5E613CE4A358B00BB67B3F8AB13FFD27C8 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
12:37:48.0406 0x0f4c UMWdf - ok
12:37:48.0453 0x0f4c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:37:48.0625 0x0f4c Update - ok
12:37:48.0656 0x0f4c [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
12:37:48.0812 0x0f4c upnphost - ok
12:37:48.0828 0x0f4c [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
12:37:48.0984 0x0f4c UPS - ok
12:37:49.0031 0x0f4c [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:37:49.0078 0x0f4c usbccgp - ok
12:37:49.0109 0x0f4c [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:37:49.0156 0x0f4c usbehci - ok
12:37:49.0187 0x0f4c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:37:49.0359 0x0f4c usbhub - ok
12:37:49.0375 0x0f4c [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:37:49.0515 0x0f4c usbohci - ok
12:37:49.0546 0x0f4c [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:37:49.0593 0x0f4c usbscan - ok
12:37:49.0625 0x0f4c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:37:49.0781 0x0f4c USBSTOR - ok
12:37:49.0796 0x0f4c [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:37:49.0937 0x0f4c usbuhci - ok
12:37:49.0968 0x0f4c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:37:50.0109 0x0f4c VgaSave - ok
12:37:50.0140 0x0f4c [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:37:50.0281 0x0f4c viaagp - ok
12:37:50.0312 0x0f4c [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
12:37:50.0453 0x0f4c ViaIde - ok
12:37:50.0484 0x0f4c [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:37:50.0640 0x0f4c VolSnap - ok
12:37:50.0703 0x0f4c [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
12:37:50.0843 0x0f4c VSS - ok
12:37:50.0875 0x0f4c [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
12:37:51.0046 0x0f4c W32Time - ok
12:37:51.0062 0x0f4c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:37:51.0218 0x0f4c Wanarp - ok
12:37:51.0218 0x0f4c WDICA - ok
12:37:51.0250 0x0f4c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:37:51.0406 0x0f4c wdmaud - ok
12:37:51.0437 0x0f4c [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
12:37:51.0593 0x0f4c WebClient - ok
12:37:51.0671 0x0f4c [ 7FE372B1AB60736CC67E8EB6F1FB1F5B, 04D5B0B2328B35501BD909BD55A9954ACCCA42A7E718785406E6417B1CF8B82B ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:37:51.0765 0x0f4c winachsf - ok
12:37:51.0812 0x0f4c [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:37:51.0968 0x0f4c winmgmt - ok
12:37:52.0078 0x0f4c [ CD99C9FEAE87C1963273F6B150251E33, 8EADA8A4156F23A861EE2180145485C073A0DDEBD924452CAFFC65188577A1D1 ] WMConnectCDS C:\Program Files\Windows Media Connect 2\wmccds.exe
12:37:52.0171 0x0f4c WMConnectCDS - detected UnsignedFile.Multi.Generic ( 1 )
12:37:54.0656 0x0f4c Detect skipped due to KSN trusted
12:37:54.0656 0x0f4c WMConnectCDS - ok
12:37:54.0718 0x0f4c [ B9715B9C18BC6C8F4B66733D208CC9F7, 1F1298810AB5BA0B669091481ECC6D545B4ADBB2D80C8EFB257439E3818A9A84 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:37:54.0828 0x0f4c WmdmPmSN - ok
12:37:54.0937 0x0f4c [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:37:55.0140 0x0f4c Wmi - ok
12:37:55.0171 0x0f4c [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:37:55.0312 0x0f4c WmiAcpi - ok
12:37:55.0359 0x0f4c [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:37:55.0515 0x0f4c WmiApSrv - ok
12:37:55.0562 0x0f4c [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:37:55.0718 0x0f4c wscsvc - ok
12:37:55.0734 0x0f4c [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:37:55.0890 0x0f4c WSTCODEC - ok
12:37:55.0921 0x0f4c [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:37:56.0062 0x0f4c wuauserv - ok
12:37:56.0125 0x0f4c [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:37:56.0328 0x0f4c WZCSVC - ok
12:37:56.0359 0x0f4c [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:37:56.0531 0x0f4c xmlprov - ok
12:37:56.0546 0x0f4c ================ Scan global ===============================
12:37:56.0562 0x0f4c [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
12:37:56.0625 0x0f4c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
12:37:56.0656 0x0f4c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
12:37:56.0687 0x0f4c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
12:37:56.0687 0x0f4c [ Global ] - ok
12:37:56.0687 0x0f4c ================ Scan MBR ==================================
12:37:56.0718 0x0f4c [ 665277635DC8BA83DEAE12EADEDB75A0 ] \Device\Harddisk0\DR0
12:37:56.0968 0x0f4c \Device\Harddisk0\DR0 - ok
12:37:56.0968 0x0f4c [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR6
12:37:57.0203 0x0f40 Object required for P2P: [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde
12:37:57.0421 0x0f4c \Device\Harddisk1\DR6 - ok
12:37:57.0421 0x0f4c ================ Scan VBR ==================================
12:37:57.0421 0x0f4c [ B6B223B66437DEEBEB275CA25051A6FB ] \Device\Harddisk0\DR0\Partition1
12:37:57.0421 0x0f4c \Device\Harddisk0\DR0\Partition1 - ok
12:37:57.0437 0x0f4c [ 35F6445CD5737F17D090D0B4B7BCF6FE ] \Device\Harddisk0\DR0\Partition2
12:37:57.0437 0x0f4c \Device\Harddisk0\DR0\Partition2 - ok
12:37:57.0437 0x0f4c [ 86F8F5DAC232AF4CD568F4560DD23B3C ] \Device\Harddisk1\DR6\Partition1
12:37:57.0453 0x0f4c \Device\Harddisk1\DR6\Partition1 - ok
12:37:57.0453 0x0f4c ================ Scan generic autorun ======================
12:37:57.0500 0x0f4c [ 1C46FC1AB600766B8554580204806E84, 015A5ABFBED6D2A6C22B30805B5529AC5F33E0542D8C97AFD3350214778B8333 ] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
12:37:57.0562 0x0f4c ISUSPM Startup - detected UnsignedFile.Multi.Generic ( 1 )
12:37:59.0906 0x0f40 Object send P2P result: true
12:37:59.0921 0x0f40 Object required for P2P: [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice
12:38:00.0062 0x0f4c Detect skipped due to KSN trusted
12:38:00.0062 0x0f4c ISUSPM Startup - ok
12:38:00.0109 0x0f4c [ 7D58C9BDF9C0A3955BDCDE7387AD12AC, 89A6C99CF8B0DB1C6455E4C5610ED78F4C095BCA39DFA8E9496C44CBD8C3E1B1 ] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
12:38:00.0140 0x0f4c ISUSScheduler - detected UnsignedFile.Multi.Generic ( 1 )
12:38:02.0812 0x0f4c Detect skipped due to KSN trusted
12:38:02.0812 0x0f4c ISUSScheduler - ok
12:38:03.0015 0x0f4c [ C764F15F0AE8A02DF1523CB24F355B22, 114391DD4134124CC29D5A6A20EF8F882A23FA84F2060645806F30D77E809280 ] C:\Windows\SMINST\RecGuard.exe
12:38:03.0171 0x0f4c RecGuard - detected UnsignedFile.Multi.Generic ( 1 )
12:38:05.0921 0x0f4c Detect skipped due to KSN trusted
12:38:05.0921 0x0f4c RecGuard - ok
12:38:05.0937 0x0f4c NvCplDaemon - ok
12:38:05.0984 0x0f40 Object send P2P result: true
12:38:06.0000 0x0f4c [ 99F6A49A51D6045152F935EEF0BE235F, 97C43CE8FA054BB248D1862F118154E212806CADE133F778ECD1E22DA28B2439 ] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
12:38:06.0031 0x0f4c Cpqset - detected UnsignedFile.Multi.Generic ( 1 )
12:38:08.0765 0x0f4c Detect skipped due to KSN trusted
12:38:08.0765 0x0f4c Cpqset - ok
12:38:08.0812 0x0f4c [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
12:38:09.0031 0x0f4c ctfmon.exe - ok
12:38:09.0187 0x0f4c [ 3E930C641079443D4DE036167A69CAA2, DEBA83978850F17B33A3C4C06C5E707B9A3FACA30FE0DFC5A9425EF2CA592473 ] C:\Program Files\Messenger\msmsgs.exe
12:38:09.0468 0x0f4c MSMSGS - ok
12:38:09.0468 0x0f4c [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
12:38:09.0609 0x0f4c ctfmon.exe - ok
12:38:09.0984 0x0f4c [ 9A1F3AEA8D61AA67D90F1B336C00984E, CE652BB13364BAA585340CD44E884F51BA314056B9E8221D34848C0B0C52F19A ] C:\Program Files\CCleaner\CCleaner.exe
12:38:10.0453 0x0f4c CCleaner Monitoring - ok
12:38:10.0609 0x0f4c [ 3E930C641079443D4DE036167A69CAA2, DEBA83978850F17B33A3C4C06C5E707B9A3FACA30FE0DFC5A9425EF2CA592473 ] C:\Program Files\Messenger\msmsgs.exe
12:38:10.0843 0x0f4c MSMSGS - ok
12:38:10.0843 0x0f4c Waiting for KSN requests completion. In queue: 5
12:38:11.0843 0x0f4c Waiting for KSN requests completion. In queue: 5
12:38:12.0843 0x0f4c Waiting for KSN requests completion. In queue: 5
12:38:14.0156 0x0f4c AV detected via SS1: Norton AntiVirus, 21.1.0.18, enabled, updated
12:38:14.0156 0x0f4c Win FW state via NFM: enabled
12:38:16.0718 0x0f4c ============================================================
12:38:16.0718 0x0f4c Scan finished
12:38:16.0718 0x0f4c ============================================================
12:38:16.0750 0x0988 Detected object count: 0
12:38:16.0750 0x0988 Actual detected object count: 0

#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:49 PM

Posted 04 February 2015 - 02:51 PM

Is there anything like strange symptoms or alarms from your antivirus program that makes you fear you're infected?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 donatojoe

donatojoe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 04 February 2015 - 03:16 PM

I ran the latest Norton Antivirus and it removed 21 viruses from the system. It was runniing bad before the viruses were removed. It still says that I have the Backdoor.Tidserv!inf virus although the computer seems to be running fine now. I just did not want to leave this virus on the system.

Just a note: I did not enter the computer from the Administrator login. I'm waiting for the password for that. This is a friends computer. Should this make a difference on the reports?

#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:49 PM

Posted 04 February 2015 - 03:20 PM

I did not enter the computer from the Administrator login

Ran by muttman (administrator)

It's Ok.
 
 

it removed 21 viruses from the system.

 
Can you please post that Norton log?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 donatojoe

donatojoe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 04 February 2015 - 04:08 PM

My Malware Bytes did not pick this up.  Just the Norton did.  Here is the Norton report.

 

 

Filename: bwtxtuwops.tmp
Threat name: Backdoor.Tidserv!infFull Path: c:\documents and settings\syd moore\local settings\temp\bwtxtuwops.tmp

____________________________

Details
Very Few Users,  Mature,  Risk High

Origin
Downloaded from
 Unknown

Activity
Actions performed: 4

____________________________

On computers as of 2/4/2015 at 1:54:25 PM
Last Used 2/4/2015 at 1:56:25 PM
Startup Item No
Launched No

____________________________

Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Mature
This file was released more than 31 days 5 years ago.

High
This file risk is high.

Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.

____________________________

Source: External Media

Source File:
bwtxtuwops.tmp

____________________________

File Actions

Infected file: c:\documents and settings\syd moore\local settings\Temp\bwtxtuwops.tmp
Remove Failed
Infected file: c:\documents and settings\syd moore\local settings\Temp\UACc0b1.tmp
No fix attempted
Infected file: c:\documents and settings\syd moore\local settings\Temp\UAC5b56.tmp
No fix attempted
Infected file: c:\documents and settings\syd moore\local settings\Temp\UACba45.tmp
No fix attempted
____________________________

File Thumbprint - SHA:
995bd2d3030a5c6fd08920206d7c230a042c33fc6fe060366ac56355bd073bd2
File Thumbprint - MD5:
Not available



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:49 PM

Posted 04 February 2015 - 04:17 PM

Step 1

Please download tfc.pngTFC (by Oldtimer) and save it to your Desktop.
  • Start TFC.exe with administrator privileges.
  • Close all other running programs.
  • Click on Start.
  • Allow a reboot if one is requested.
Afterwards, please run a scan with Norton.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 donatojoe

donatojoe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 04 February 2015 - 05:11 PM

Worked perfectly.  Thanks fo ryour help!



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:49 PM

Posted 04 February 2015 - 05:15 PM

But we're not done yet. :)


Let's do a final check up:

Step 1


Don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 donatojoe

donatojoe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 05 February 2015 - 02:57 PM

[code=auto:0]
HitmanPro 3.7.9.234
www.hitmanpro.com

   Computer name . . . . : YOUR-0CDC4F5844
   Windows . . . . . . . : 5.1.3.2600.X86/2
   User name . . . . . . : YOUR-0CDC4F5844\El Syd
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2015-02-04
16:41:50

   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 6s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 11

   Objects scanned . . . : 557,266
   Files scanned . . . . : 12,160
   Remnants scanned  . . : 148,574 files / 396,532 keys

Suspicious files ____________________________________________________________

   C:\Documents and Settings\muttman\Local Settings\Temporary Internet Files\Content.IE5\82X3A8E0\FRST[1].exe
      Size . . . . . . . : 1,123,328 bytes
      Age  . . . . . . . : 0.2 days (2015-02-04
11:54:36)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 24579916D6B73365E8BDC5C01BB2C3B2E1FCF66281E349D4320E5F0762CA4659
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -33.6s C:\Documents and Settings\muttman\Local Settings\Temporary Internet Files\Content.IE5\HXRYV0MU\farbar-recovery-scan-tool[1].htm
         -32.5s C:\Documents and Settings\muttman\Local Settings\Temporary Internet Files\Content.IE5\DD1JEM87\share[1]
         -30.9s C:\Documents and Settings\muttman\Local Settings\Temporary Internet Files\Content.IE5\NVHU1T73\share[3]
         -4.0s C:\Documents and Settings\muttman\Local Settings\Temporary Internet Files\Content.IE5\HXRYV0MU\81[1].htm
          0.0s C:\Documents and Settings\muttman\Local Settings\Temporary Internet Files\Content.IE5\82X3A8E0\FRST[1].exe


Potential Unwanted Programs _________________________________________________

   ask.com
   C:\Documents and Settings\El Syd\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data

 

 

ESET Online scan

C:\Documents and Settings\muttman\Local Settings\Temporary Internet Files\Content.IE5\dfsetup218[2].exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:49 PM

Posted 05 February 2015 - 03:10 PM

:thumbup2:

 

Please try to post the ESET log as instructed.


Edited by deeprybka, 05 February 2015 - 03:11 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:49 PM

Posted 10 February 2015 - 01:10 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users