View Full Version : Trojan.FakeMoz.ED (Necurs?) re-infection
Last month, I hit a problem with what turned out to be a Necurs Rootkit infection, which was successfully solved via this thread here - http://forums.spybot.info/showthread.php?71440-Possible-Trojan-infection-FakeMoz-ED. It seems that I've now been hit again, as similar symptoms have have just happened once more. However, this time, AVG seems unaffected (so far), and it is just the firewall that is down. Tried a manual restart of the firewall, followed by a reboot, and the firewall went down again, so it is similar to what happened before apart from not touching AVG this time.
As soon as I got the alert that the firewall was down, I suspected I knew what the issue was and ran MBAM, and it reported 5 detections of FakeMoz.ED, which I was told last time was actually Necurs. As soon as I saw those, I aborted the scan (as MBAM wasn't able to eliminate the problem last time), and went straight to the reporting procedure here. I successfully backed up the registry, but FRST hit a slight snag. It created FRST.txt, but then hung before reaching the end of the scan and wasn't able to finish FRST.txt or create addition.txt. I tried a couple of other times, but the same happened each time. So I ran aswMBR, and that seemed to go OK. I've posted what I've got in the way of logfiles, and hope that they are enough to diagnose the problem.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01
Ran by IBM (administrator) on THINKPAD on 08-12-2014 02:16:30
Running from C:\Documents and Settings\IBM\Desktop
Loaded Profile: IBM (Available profiles: IBM & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ATIModeChange] => C:\WINDOWS\system32\Ati2mdxx.exe [28672 2002-06-12] (ATI Technologies, Inc.)
HKLM\...\Run: [TrackPointSrv] => C:\WINDOWS\system32\tp4serv.exe [179200 2002-03-20] (IBM Corporation)
HKLM\...\Run: [TPTRAY] => C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE [48128 2002-03-26] (IBM Corp.)
HKLM\...\Run: [BMMGAG] => RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
HKLM\...\Run: [QCTRAY] => C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE [491520 2002-07-15] ()
HKLM\...\Run: [QCWLICON] => C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [49152 2002-07-15] ()
HKLM\...\Run: [TP4EX] => C:\WINDOWS\system32\tp4ex.exe [40960 2002-02-22] (IBM Corporation)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [69632 2002-05-30] ()
HKLM\...\Run: [UC_SMB] => [X]
HKLM\...\Run: [Tgcmd] => C:\Program Files\Support.com\bin\tgcmd.exe [1519616 2001-11-07] (Support.com, Inc.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2003-06-27] (Agere Systems)
HKLM\...\Run: [NeroCheck] => C:\WINDOWS\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\...\Run: [updateMgr] => "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\...\MountPoints2: {9e452150-6d2a-11dd-b2de-0018e7297566} - E:\LaunchU3.exe -a
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk
ShortcutTarget: Wireless Configuration Utility HW.15.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe ()
Startup: C:\Documents and Settings\IBM\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk
ShortcutTarget: Microsoft Office Fast Start.lnk -> C:\MSOffice\Office\FASTBOOT.EXE ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents/Links_07.htm
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> DefaultScope {2737D436-02AF-442D-87F4-70874E2A19E8} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> {2737D436-02AF-442D-87F4-70874E2A19E8} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer211.dll (Copernic Technologies Inc.)
Toolbar: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer211.dll (Copernic Technologies Inc.)
Toolbar: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166184064923
DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default
FF Homepage: file:///C:/Documents/Links_07.htm
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-247674877-3848448594-3852255402-1004: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: British English Dictionary - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2010-12-10]
FF Extension: external IP - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\externalip@erik.morlin [2010-01-25]
FF Extension: YouTube Unblocker - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\youtubeunblocker@unblocker.yt [2013-06-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: Media Converter - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2009-04-07]
FF Extension: DownloadHelper - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-23]
FF Extension: RightToClick - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e} [2012-01-23]
FF Extension: Adblock Plus - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012-01-06]
FF Extension: Block site - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-08-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-03-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009-06-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-08-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009-11-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-10-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-20]
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG9\Firefox [2009-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
Chrome:
=======
CHR HomePage: Default -> file:///C:/Documents/Links_07.htm
CHR StartupUrls: Default -> "file:///C:/Documents/Links_07.htm"
CHR Profile: C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-12]
CHR Extension: (Google Search) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-12]
CHR Extension: (Google Wallet) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Adblock Pro) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-01-19]
CHR Extension: (Gmail) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [131072 2002-06-12] ()
R2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 IBMPMSVC; C:\WINDOWS\system32\ibmpmsvc.exe [57344 2003-07-03] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
R2 QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [40960 2002-07-15] () [File not signed]
R2 syshost32; C:\WINDOWS\Installer\{F07CB50E-48C0-6B81-B4AF-6E15944F672B}\syshost.exe [99328 2014-12-08] (Mozilla Foundation) [File not signed]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2007-10-22] (Meetinghouse Data Communications) [File not signed]
R1 AvgLdx86; C:\WINDOWS\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [29712 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\WINDOWS\System32\Drivers\avgtdix.sys [243152 2011-05-06] (AVG Technologies CZ, s.r.o.)
R1 DSMBATT; C:\WINDOWS\System32\drivers\DSMBATT.SYS [9888 2002-04-05] () [File not signed]
R2 EGATHDRV; C:\WINDOWS\system32\EGATHDRV.SYS [11712 2006-06-29] (IBM Corporation)
R3 IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [11344 2003-07-03] (IBM Corp.)
R1 IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2295 2002-07-15] () [File not signed]
R2 PMEM; C:\WINDOWS\system32\drivers\PMEMNT.SYS [7012 2001-09-13] (Microsoft Corporation) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 rtl8185; C:\WINDOWS\System32\DRIVERS\rtl8185.sys [306304 2007-01-29] (Realtek Semiconductor Corporation ) [File not signed]
R1 Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [13824 2002-03-26] (Microsoft Corporation) [File not signed]
R1 TDSMAPI; C:\WINDOWS\System32\Drivers\TDSMAPI.SYS [7168 2002-03-26] () [File not signed]
R3 Tp4Track; C:\WINDOWS\System32\DRIVERS\tp4track.sys [14175 2002-03-20] (IBM Corporation)
R1 TPHKDRV; C:\WINDOWS\system32\Drivers\TPHKDRV.sys [11550 2002-01-28] (IBM Corporation) [File not signed]
R1 TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [12288 2002-03-26] (IBM Corp.) [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [7168 2002-03-26] () [File not signed]
S4 hpt3xx; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-08 02:16 - 2014-12-08 02:17 - 00017908 _____ () C:\Documents and Settings\IBM\Desktop\FRST.txt
2014-12-08 02:15 - 2014-12-08 02:16 - 00000000 ____D () C:\FRST
2014-12-08 02:12 - 2014-12-08 02:12 - 00001887 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
2014-12-08 02:12 - 2014-12-08 02:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-12-08 02:08 - 2014-12-08 02:08 - 05198336 _____ (AVAST Software) C:\Documents and Settings\IBM\Desktop\aswMBR.exe
2014-12-08 02:07 - 2014-12-08 02:07 - 01111040 _____ (Farbar) C:\Documents and Settings\IBM\Desktop\FRST.exe
2014-12-08 02:06 - 2014-12-08 02:06 - 04215584 _____ () C:\Documents and Settings\IBM\Desktop\tweaking.com_registry_backup_setup.exe
2014-12-05 20:09 - 2014-12-07 19:25 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\DHW fun posts
2014-11-24 15:40 - 2014-11-25 15:58 - 00002598 _____ () C:\Documents and Settings\IBM\Desktop\eBay print description.txt
2014-11-21 13:42 - 2014-11-21 13:42 - 00002311 _____ () C:\DelFix.txt
2014-11-20 01:47 - 2014-11-20 01:47 - 00128687 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\census.cache
2014-11-20 01:46 - 2014-11-20 01:46 - 00166168 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\ars.cache
2014-11-20 01:21 - 2014-11-20 01:21 - 00000036 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\housecall.guid.cache
2014-11-19 18:03 - 2014-11-19 18:03 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-16 00:23 - 2014-11-19 10:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-11-14 15:28 - 2014-11-14 15:28 - 00000000 ____D () C:\RegBackup
2014-11-14 15:26 - 2014-11-14 15:26 - 00000000 ____D () C:\Program Files\Tweaking.com
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-08 02:17 - 2006-12-15 18:03 - 00000000 ____D () C:\Documents and Settings\IBM\Local Settings\Temp
2014-12-08 02:13 - 2010-01-14 11:19 - 00258047 _____ () C:\WINDOWS\setupapi.log
2014-12-08 02:13 - 2006-12-04 23:46 - 00000000 ____D () C:\WINDOWS\Registration
2014-12-08 02:13 - 2006-12-04 23:37 - 00000000 ____D () C:\WINDOWS\repair
2014-12-08 01:55 - 2006-12-05 00:21 - 00000314 _____ () C:\WINDOWS\Tasks\BMMTask.job
2014-12-08 01:38 - 2012-12-12 16:25 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 01:00 - 2014-08-06 14:25 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-08 00:59 - 2014-08-06 14:24 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-08 00:59 - 2014-08-06 14:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-08 00:59 - 2014-08-06 14:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-08 00:06 - 2007-10-22 13:22 - 00013562 _____ () C:\WINDOWS\RTacDbg.txt
2014-12-08 00:06 - 2006-12-15 19:17 - 01313003 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-08 00:06 - 1980-01-01 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-08 00:05 - 2012-12-12 16:25 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 00:05 - 2006-12-04 23:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-08 00:05 - 2006-12-04 23:44 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-08 00:05 - 2006-12-04 23:44 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-12-07 20:45 - 2006-12-15 18:03 - 00000178 ___SH () C:\Documents and Settings\IBM\ntuser.ini
2014-12-07 20:45 - 2006-12-05 00:15 - 00032384 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-07 18:25 - 2009-11-15 02:09 - 00000000 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\prvlcl.dat
2014-12-07 14:34 - 2008-06-22 14:05 - 00000000 ____D () C:\WINDOWS\system32\Drivers\Avg
2014-12-07 00:10 - 2010-07-30 07:51 - 00000000 ____D () C:\Documents and Settings\IBM\Application Data\vlc
2014-12-06 22:43 - 2011-01-14 01:00 - 00000000 ____D () C:\Documents and Settings\IBM\Application Data\dvdcss
2014-12-06 19:47 - 2014-10-19 00:19 - 00029184 _____ () C:\Documents and Settings\IBM\Desktop\2015 Tour.xls
2014-12-06 19:47 - 2007-12-02 16:46 - 00000551 _____ () C:\WINDOWS\IBM.xlb
2014-12-04 02:18 - 2010-07-30 07:13 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\Desktop cleanup
2014-12-04 02:14 - 2014-08-30 15:18 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\Transpeak
2014-11-23 20:32 - 2013-06-02 14:26 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\Derbyshire Heritage Walks
2014-11-23 01:57 - 2006-12-15 19:06 - 00060832 _____ () C:\WINDOWS\wmsetup.log
2014-11-21 06:14 - 2014-08-06 14:24 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-08-06 14:24 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-20 15:29 - 2007-09-26 13:10 - 00086528 ___SH () C:\WINDOWS\Thumbs.db
2014-11-20 15:23 - 2009-01-22 16:14 - 00079576 _____ () C:\Documents and Settings\IBM\Application Data\ReplayConverterLog.log
2014-11-19 10:53 - 2006-12-05 00:15 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-19 10:52 - 2006-12-15 18:03 - 00000000 ____D () C:\Documents and Settings\IBM
2014-11-19 10:52 - 2006-12-05 00:15 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-19 10:52 - 2006-12-05 00:15 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-11-19 10:49 - 2006-12-04 23:47 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-11-14 01:34 - 2012-01-11 17:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2646524$
2014-11-08 00:11 - 2014-08-17 12:54 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\2014
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\Default User\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Default User\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Default User\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\IBM\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\IBM\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\IBM\Local Settings\Temp\{1ACB7F4D-5850-43BD-917E-D317FFF39891}-37.0.2062.124_37.0.2062.120_chrome_updater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-08 02:38:07
-----------------------------
02:38:07.758 OS Version: Windows 5.1.2600 Service Pack 3
02:38:07.758 Number of processors: 1 586 0x207
02:38:07.758 ComputerName: THINKPAD UserName: IBM
02:38:08.820 Initialize success
02:38:09.000 VM: initialized successfully
02:38:09.010 VM: Intel CPU virtualization not supported
02:44:31.109 AVAST engine defs: 14120702
02:45:08.543 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
02:45:08.543 Disk 0 Vendor: IC25N020ATCS04-0 CA2OA71A Size: 19077MB BusType: 3
02:45:08.553 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
02:45:08.553 Disk 1 Vendor: SAMSUNG_HM160HC LQ100-10 Size: 152627MB BusType: 3
02:45:08.884 Disk 0 MBR read successfully
02:45:08.894 Disk 0 MBR scan
02:45:09.064 Disk 0 unknown MBR code
02:45:09.074 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 17637 MB offset 63
02:45:09.084 Disk 0 unknown boot code
02:45:09.114 Disk 0 Partition 2 00 1C Hidd FAT32 LBA MSWIN4.1 1439 MB offset 36121680
02:45:09.124 Disk 0 statistics 281/0/0 @ 0.53 MB/s
02:45:09.544 Scan finished successfully
02:46:07.808 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\IBM\Desktop\MBR.dat"
02:46:07.818 The log file has been saved successfully to "C:\Documents and Settings\IBM\Desktop\aswMBR.txt"
So, having already been through this last month, should I simply follow the same procedure as in the other thread to save everyone's time, or is this a different infection that needs treating differently?
Hi lather,
Sorry to see you back for the same issue. Let's try a different approach this time around ...
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) TDSSKiller
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) - Extract it to your desktop
or from here >> http://www.bleepingcomputer.com/download/tdsskiller/
TDSSKiller.exe
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) rkill
Print out these instructions as we may need to close every window that is open later in the fix.
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
Do not reboot your computer after running rkill as the malware programs will start again.
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
You only need to get one of them to run, not all of them.
rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
Do not reboot your computer after running rkill as the malware programs will start again.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) (save it to your desktop).
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Select Scan tab.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)
Select type of scan to perform:
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMScanTab_zps2c5e74bd.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMScanTab_zps2c5e74bd.gif.html)
Threat Scan < --- Select this type of scan
Custom Scan
Hyper Scan
Next click the Scan button.
When the scan is complete, if no malicious items are found you can close the program.
If malicious items are found be sure that everything is checked, and click Quarantine .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) RogueKiller
Download to your desktop RogueKiller (http://www.bleepingcomputer.com/download/roguekiller/) (by tigzy)
http://i1269.photobucket.com/albums/jj590/OCD-WTT/RogueKiller_zps5799200f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/RogueKiller_zps5799200f.gif.html)
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Quit all programs
Wait until Prescan has finished ...
Click on Scan, Do Not Fix Anything at this point.
Click the Report button, save the report to your desktop
=========================
In your next post please provide the following:
TDSSKiller log
rKill log
MBAM log
RogueKiller log
OK, got the scans etc done, but did encounter a few problems, mainly with TDSSkiller. When it loaded, it asked for a reboot to run in advanced mode, but the reboot hung at the XP splash screen and I was only able to boot into Safe Mode. I was able to run TDSSkiller in Safe Mode, and it found Necurs and produced a log file. When the machine rebooted to complete the removal, it then booted back into normal mode, but TDSSkiller then started again. So I re-ran the scan just to be sure, and it found Necurs again and "removed" it once more. However, at the reboot following that, not only did the firewall not come back, but AVG went down as well, the same as the last infection. Rkill ran OK and produced a log, and MBAM then found and quarantined two items. At that re-boot, both the firewall and AVG refused to start again, and RogueKiller still shows Necurs to be present. So, at the moment, it seems like there's been no progress with elimination. When RogueKiller finished the scan, it came up with a webpage about Necurs elimination, which did mention working in off-line mode, and the machine was online at the time - could that have had an effect on the success of the other programs?
Anyway, here's the log files (including both safe and normal mode TDSSkiller logs, just for completeness):
14:43:59.0950 0x0350 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
14:44:04.0937 0x0350 ============================================================
14:44:04.0937 0x0350 Current date / time: 2014/12/08 14:44:04.0937
14:44:04.0937 0x0350 SystemInfo:
14:44:04.0937 0x0350
14:44:04.0937 0x0350 OS Version: 5.1.2600 ServicePack: 3.0
14:44:04.0937 0x0350 Product type: Workstation
14:44:04.0937 0x0350 ComputerName: THINKPAD
14:44:04.0937 0x0350 UserName: IBM
14:44:04.0937 0x0350 Windows directory: C:\WINDOWS
14:44:04.0937 0x0350 System windows directory: C:\WINDOWS
14:44:04.0937 0x0350 Processor architecture: Intel x86
14:44:04.0937 0x0350 Number of processors: 1
14:44:04.0937 0x0350 Page size: 0x1000
14:44:04.0937 0x0350 Boot type: Safe boot
14:44:04.0937 0x0350 ============================================================
14:44:13.0800 0x0350 KLMD registered as C:\WINDOWS\system32\drivers\67146974.sys
14:44:24.0035 0x0350 System UUID: {65C7A9CC-C291-863E-FB8C-E2EA3E48D80E}
14:44:26.0428 0x0350 !crdlk
14:44:26.0428 0x0350 Drive \Device\Harddisk0\DR0 - Size: 0x4A8530000 ( 18.63 Gb ), SectorSize: 0x200, Cylinders: 0xA18, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'A'
14:44:32.0306 0x0350 Drive \Device\Harddisk0\DR0 - Size: 0x4A8530000 ( 18.63 Gb ), SectorSize: 0x200, Cylinders: 0xA18, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'W'
14:44:32.0457 0x0350 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'A'
14:44:38.0285 0x0350 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'W'
14:44:38.0295 0x0350 ============================================================
14:44:38.0295 0x0350 \Device\Harddisk0\DR0:
14:44:38.0295 0x0350 MBR partitions:
14:44:38.0295 0x0350 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2272C11
14:44:38.0295 0x0350 \Device\Harddisk1\DR1:
14:44:38.0295 0x0350 MBR partitions:
14:44:38.0295 0x0350 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
14:44:38.0295 0x0350 ============================================================
14:44:38.0435 0x0350 C: <-> \Device\Harddisk0\DR0\Partition1
14:44:38.0796 0x0350 D: <-> \Device\Harddisk1\DR1\Partition1
14:44:38.0836 0x0350 ============================================================
14:44:38.0836 0x0350 Initialize success
14:44:38.0836 0x0350 ============================================================
14:44:44.0123 0x03b8 ============================================================
14:44:44.0123 0x03b8 Scan started
14:44:44.0123 0x03b8 Mode: Manual;
14:44:44.0123 0x03b8 ============================================================
14:44:44.0123 0x03b8 KSN ping started
14:44:44.0564 0x03b8 KSN ping finished: false
14:44:47.0859 0x03b8 ================ Scan system memory ========================
14:44:47.0859 0x03b8 System memory - ok
14:44:47.0879 0x03b8 ================ Scan services =============================
14:44:48.0810 0x03b8 27784469 - ok
14:44:48.0870 0x03b8 Suspicious service (NoAccess): 2d19a0fd877a76cc
14:44:49.0040 0x03b8 [ 2C41EEBB24C4AA8CA10A1AAD236BA2E1, 073CE628A8CF9BA88BEA4A99AEA35E5DD74E9F3ACE48CF96871E0F44DB6FEE31 ] 2d19a0fd877a76cc C:\WINDOWS\System32\Drivers\2d19a0fd877a76cc.sys
14:44:49.0040 0x03b8 Suspicious file ( NoAccess ): C:\WINDOWS\System32\Drivers\2d19a0fd877a76cc.sys. md5: 2C41EEBB24C4AA8CA10A1AAD236BA2E1, sha256: 073CE628A8CF9BA88BEA4A99AEA35E5DD74E9F3ACE48CF96871E0F44DB6FEE31
14:44:51.0013 0x03b8 2d19a0fd877a76cc - detected Rootkit.Win32.Necurs.gen ( 0 )
14:44:51.0484 0x03b8 2d19a0fd877a76cc ( Rootkit.Win32.Necurs.gen ) - infected
14:44:51.0484 0x03b8 Force sending object to P2P due to detect: 2d19a0fd877a76cc
14:44:51.0524 0x03b8 Object send P2P result: false
14:44:51.0704 0x03b8 Abiosdsk - ok
14:44:51.0835 0x03b8 abp480n5 - ok
14:44:52.0145 0x03b8 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:44:52.0155 0x03b8 ACPI - ok
14:44:52.0405 0x03b8 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:44:52.0405 0x03b8 ACPIEC - ok
14:44:52.0596 0x03b8 adpu160m - ok
14:44:52.0856 0x03b8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:44:52.0866 0x03b8 aec - ok
14:44:53.0096 0x03b8 [ 58A8273918EEF2BF9204B12ED171513A, 6C79AC93FBBD8B877DD71557A8B2A2B9C20277BBFCEDE6A1ECA7FFC650FC6143 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:44:53.0096 0x03b8 AegisP - ok
14:44:53.0347 0x03b8 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:44:53.0367 0x03b8 AFD - ok
14:44:54.0078 0x03b8 [ AFF071B6290776E1FA162837C35EAC78, 07F3CDB27C767BEDB9E8C82A4FE738AD408225C2A22428669F742EDF30410758 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:44:54.0138 0x03b8 AgereSoftModem - ok
14:44:54.0378 0x03b8 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
14:44:54.0378 0x03b8 agp440 - ok
14:44:54.0528 0x03b8 Aha154x - ok
14:44:54.0689 0x03b8 aic78u2 - ok
14:44:54.0829 0x03b8 aic78xx - ok
14:44:55.0059 0x03b8 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:44:55.0059 0x03b8 Alerter - ok
14:44:55.0320 0x03b8 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
14:44:55.0340 0x03b8 ALG - ok
14:44:55.0490 0x03b8 AliIde - ok
14:44:55.0630 0x03b8 amsint - ok
14:44:55.0930 0x03b8 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:44:56.0021 0x03b8 AppMgmt - ok
14:44:56.0151 0x03b8 asc - ok
14:44:56.0311 0x03b8 asc3350p - ok
14:44:56.0471 0x03b8 asc3550 - ok
14:44:56.0932 0x03b8 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:44:57.0192 0x03b8 aspnet_state - ok
14:44:57.0493 0x03b8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:44:57.0493 0x03b8 AsyncMac - ok
14:44:57.0743 0x03b8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:44:57.0743 0x03b8 atapi - ok
14:44:57.0923 0x03b8 Atdisk - ok
14:44:58.0164 0x03b8 [ 418CDC2888D01E1CD5CE297AF00807A3, 1DE3277683E0D3D2B1B83FF9D718C125E3D542477C1505063DDE8145C408391D ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
14:44:58.0234 0x03b8 Ati HotKey Poller - ok
14:44:58.0624 0x03b8 [ D1F804642C627782C6D213BCE0604F09, 43DB2A74835B5E5C796509990E0FCB4A4897A027D0117F5B6C8ECD37E80F7F28 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:44:58.0654 0x03b8 ati2mtag - ok
14:44:58.0825 0x03b8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:44:58.0835 0x03b8 Atmarpc - ok
14:44:59.0095 0x03b8 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:44:59.0105 0x03b8 AudioSrv - ok
14:44:59.0325 0x03b8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:44:59.0325 0x03b8 audstub - ok
14:45:00.0026 0x03b8 [ AA054CD537357F03D5BA6ABA7562B35F, F331D929920D38B53FEA464AF54DB59224882D386C55689CDDF6C6DC1473284E ] avg9emc C:\Program Files\AVG\AVG9\avgemc.exe
14:45:00.0407 0x03b8 avg9emc - ok
14:45:00.0837 0x03b8 [ C4D15594DB5BE042D3346EA58DF87D89, 8E24868518DE53F28C92C473A415BED613665287F338B815FEDE21D151F01962 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe
14:45:00.0948 0x03b8 avg9wd - ok
14:45:01.0258 0x03b8 [ A9F4D19DE72C738759330D10D35C4398, 46D760EBFBABF3FDCD02F4AC38180FBFFEFFA36F68C18602695A9FCB6C4C13DE ] AvgLdx86 C:\WINDOWS\System32\Drivers\avgldx86.sys
14:45:01.0288 0x03b8 AvgLdx86 - ok
14:45:01.0548 0x03b8 [ 80FF2B1B7EEDA966394F0BAA895BBF4B, D8F5C111837707DC37975C1E315FCD33BF96AB21D89874CB0290134A44C46BEF ] AvgMfx86 C:\WINDOWS\System32\Drivers\avgmfx86.sys
14:45:01.0548 0x03b8 AvgMfx86 - ok
14:45:01.0809 0x03b8 [ 9A7A93388F503A34E7339AE7F9997449, 9549146C19EAF65DB98314A7CCB0AB27503DC812B521444CBEA5493998ADAA80 ] AvgTdiX C:\WINDOWS\System32\Drivers\avgtdix.sys
14:45:01.0829 0x03b8 AvgTdiX - ok
14:45:02.0129 0x03b8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:45:02.0129 0x03b8 Beep - ok
14:45:02.0480 0x03b8 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
14:45:02.0940 0x03b8 BITS - ok
14:45:03.0251 0x03b8 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
14:45:03.0301 0x03b8 Browser - ok
14:45:03.0521 0x03b8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:45:03.0521 0x03b8 cbidf2k - ok
14:45:03.0682 0x03b8 cd20xrnt - ok
14:45:03.0852 0x03b8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:45:03.0852 0x03b8 Cdaudio - ok
14:45:04.0112 0x03b8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:45:04.0112 0x03b8 Cdfs - ok
14:45:04.0353 0x03b8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:45:04.0363 0x03b8 Cdrom - ok
14:45:04.0533 0x03b8 Changer - ok
14:45:04.0693 0x03b8 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] cisvc C:\WINDOWS\System32\cisvc.exe
14:45:04.0693 0x03b8 cisvc - ok
14:45:04.0873 0x03b8 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:45:04.0893 0x03b8 ClipSrv - ok
14:45:05.0124 0x03b8 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:45:05.0484 0x03b8 clr_optimization_v2.0.50727_32 - ok
14:45:05.0694 0x03b8 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:45:05.0694 0x03b8 CmBatt - ok
14:45:05.0855 0x03b8 CmdIde - ok
14:45:06.0005 0x03b8 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:45:06.0005 0x03b8 Compbatt - ok
14:45:06.0175 0x03b8 COMSysApp - ok
14:45:06.0446 0x03b8 Cpqarray - ok
14:45:06.0806 0x03b8 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:45:06.0816 0x03b8 CryptSvc - ok
14:45:06.0966 0x03b8 dac2w2k - ok
14:45:07.0126 0x03b8 dac960nt - ok
14:45:07.0557 0x03b8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:45:07.0687 0x03b8 DcomLaunch - ok
14:45:07.0998 0x03b8 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:45:08.0018 0x03b8 Dhcp - ok
14:45:08.0318 0x03b8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:45:08.0318 0x03b8 Disk - ok
14:45:08.0579 0x03b8 dmadmin - ok
14:45:09.0069 0x03b8 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:45:09.0129 0x03b8 dmboot - ok
14:45:09.0450 0x03b8 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:45:09.0450 0x03b8 dmio - ok
14:45:09.0690 0x03b8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:45:09.0690 0x03b8 dmload - ok
14:45:09.0931 0x03b8 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
14:45:09.0931 0x03b8 dmserver - ok
14:45:10.0131 0x03b8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:45:10.0141 0x03b8 DMusic - ok
14:45:10.0401 0x03b8 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:45:10.0401 0x03b8 Dnscache - ok
14:45:10.0702 0x03b8 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:45:10.0752 0x03b8 Dot3svc - ok
14:45:10.0902 0x03b8 dpti2o - ok
14:45:11.0102 0x03b8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:45:11.0102 0x03b8 drmkaud - ok
14:45:11.0353 0x03b8 [ 816AC73D056626333DD1D8F759F0AFAA, E41A12680088D927D011F84F1F173DB9D47444A7C7F701BCC39E7165A313B5A8 ] DSMBATT C:\WINDOWS\system32\drivers\DSMBATT.SYS
14:45:11.0353 0x03b8 DSMBATT - ok
14:45:11.0573 0x03b8 [ 81459BD6D8FEAADF2848AE88B3D02EC3, 240CEBFD1CDF824C43748362B3BDCE1B9D9CA238EDDC1E14051D006C6CCDFCF5 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:45:11.0583 0x03b8 E100B - ok
14:45:11.0853 0x03b8 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:45:11.0853 0x03b8 EapHost - ok
14:45:12.0054 0x03b8 [ 938F1EC77BA35858248E584B2D2E9776, E48E7C363F4AAF8601016E3AAAD50C5C99E83747733C6339D9E21D3C8DDDE7B5 ] EGATHDRV C:\WINDOWS\system32\EGATHDRV.SYS
14:45:12.0054 0x03b8 EGATHDRV - ok
14:45:12.0414 0x03b8 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:45:12.0424 0x03b8 ERSvc - ok
14:45:12.0725 0x03b8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
14:45:12.0745 0x03b8 Eventlog - ok
14:45:13.0065 0x03b8 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\System32\es.dll
14:45:13.0155 0x03b8 EventSystem - ok
14:45:13.0426 0x03b8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:45:13.0436 0x03b8 Fastfat - ok
14:45:13.0736 0x03b8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:45:13.0766 0x03b8 FastUserSwitchingCompatibility - ok
14:45:14.0016 0x03b8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:45:14.0016 0x03b8 Fdc - ok
14:45:14.0197 0x03b8 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:45:14.0207 0x03b8 Fips - ok
14:45:14.0467 0x03b8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:45:14.0467 0x03b8 Flpydisk - ok
14:45:14.0788 0x03b8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:45:14.0788 0x03b8 FltMgr - ok
14:45:15.0078 0x03b8 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:45:15.0148 0x03b8 FontCache3.0.0.0 - ok
14:45:15.0328 0x03b8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:45:15.0328 0x03b8 Fs_Rec - ok
14:45:15.0559 0x03b8 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:45:15.0559 0x03b8 Ftdisk - ok
14:45:15.0819 0x03b8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:45:15.0819 0x03b8 Gpc - ok
14:45:16.0149 0x03b8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:45:16.0200 0x03b8 gupdate - ok
14:45:16.0470 0x03b8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:45:16.0470 0x03b8 gupdatem - ok
14:45:16.0760 0x03b8 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:45:16.0770 0x03b8 helpsvc - ok
14:45:16.0971 0x03b8 HidServ - ok
14:45:17.0171 0x03b8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:45:17.0181 0x03b8 hidusb - ok
14:45:17.0391 0x03b8 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:45:17.0421 0x03b8 hkmsvc - ok
14:45:17.0582 0x03b8 hpn - ok
14:45:17.0732 0x03b8 hpt3xx - ok
14:45:18.0062 0x03b8 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:45:18.0082 0x03b8 HTTP - ok
14:45:18.0323 0x03b8 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:45:18.0393 0x03b8 HTTPFilter - ok
14:45:18.0613 0x03b8 i2omgmt - ok
14:45:18.0743 0x03b8 i2omp - ok
14:45:18.0953 0x03b8 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:45:18.0953 0x03b8 i8042prt - ok
14:45:19.0174 0x03b8 [ 293131C1DA5F53CB05F75D637739D79C, F5F1A03FB012101FA143A288BCBC048A652A285F7DF533D1D08279E3A4D24326 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
14:45:19.0184 0x03b8 IBMPMDRV - ok
14:45:19.0384 0x03b8 [ 91FA023C5203503776BCCC9CF96A0C59, A47C788A26E4D2A282DE2EC8A75E1544CAB17A2C5F4CF867026D3B95B3651D1D ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
14:45:19.0404 0x03b8 IBMPMSVC - ok
14:45:19.0624 0x03b8 [ 28DEEBA2E29CB0E91B641CA95F7740FD, 3E4D92E7211AA0CCD38561DB5F7CDC583C141A40D9077AA7D482336D3080369B ] IBMTPCHK C:\WINDOWS\system32\drivers\IBMBLDID.SYS
14:45:19.0624 0x03b8 IBMTPCHK - ok
14:45:19.0995 0x03b8 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:45:20.0035 0x03b8 IDriverT - ok
14:45:20.0736 0x03b8 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:45:21.0217 0x03b8 idsvc - ok
14:45:21.0537 0x03b8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:45:21.0537 0x03b8 Imapi - ok
14:45:21.0808 0x03b8 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\System32\imapi.exe
14:45:21.0858 0x03b8 ImapiService - ok
14:45:22.0088 0x03b8 ini910u - ok
14:45:22.0338 0x03b8 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:45:22.0338 0x03b8 IntelIde - ok
14:45:22.0539 0x03b8 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:45:22.0539 0x03b8 intelppm - ok
14:45:22.0719 0x03b8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:45:22.0719 0x03b8 ip6fw - ok
14:45:22.0949 0x03b8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:45:22.0949 0x03b8 IpFilterDriver - ok
14:45:23.0140 0x03b8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:45:23.0140 0x03b8 IpInIp - ok
14:45:23.0410 0x03b8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:45:23.0410 0x03b8 IpNat - ok
14:45:23.0690 0x03b8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:45:23.0690 0x03b8 IPSec - ok
14:45:23.0901 0x03b8 [ ACA5E7B54409F9CB5EED97ED0C81120E, 1E22F442EA77596F58D133F1A5887CDC4F3325DD0836D24A665E1D31287ABFF7 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
14:45:23.0911 0x03b8 irda - ok
14:45:24.0111 0x03b8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:45:24.0121 0x03b8 IRENUM - ok
14:45:24.0471 0x03b8 [ 49CC4533CE897CB2E93C1E84A818FDE5, F2AC81CDB971F630699616509748DCE133874EFC79B9D6230517B5A4DFBE193D ] Irmon C:\WINDOWS\System32\irmon.dll
14:45:24.0471 0x03b8 Irmon - ok
14:45:24.0812 0x03b8 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:45:24.0822 0x03b8 isapnp - ok
14:45:25.0233 0x03b8 [ DBDB1A25291B2D18C614F5CA963156A8, C8EA730A6A5BCBE7952AAA22F212C244014F206D2F4A274E29384C09F1F10A66 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:45:25.0323 0x03b8 JavaQuickStarterService - ok
14:45:25.0553 0x03b8 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:45:25.0553 0x03b8 Kbdclass - ok
14:45:25.0803 0x03b8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:45:25.0823 0x03b8 kmixer - ok
14:45:26.0094 0x03b8 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:45:26.0094 0x03b8 KSecDD - ok
14:45:26.0364 0x03b8 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:45:26.0404 0x03b8 lanmanserver - ok
14:45:26.0715 0x03b8 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:45:26.0745 0x03b8 lanmanworkstation - ok
14:45:26.0875 0x03b8 lbrtfdc - ok
14:45:27.0245 0x03b8 [ 31D8B705DCD5F2366186E731F87C7A71, D73DC732EF74C3C0EADD650B65BC6EEB44EA2C4E86BFD5BE989971A34FBA160A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:45:27.0275 0x03b8 LightScribeService - ok
14:45:27.0576 0x03b8 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:45:27.0586 0x03b8 LmHosts - ok
14:45:27.0836 0x03b8 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:45:27.0836 0x03b8 Messenger - ok
14:45:28.0007 0x03b8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:45:28.0017 0x03b8 mnmdd - ok
14:45:28.0227 0x03b8 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
14:45:28.0237 0x03b8 mnmsrvc - ok
14:45:28.0457 0x03b8 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:45:28.0457 0x03b8 Modem - ok
14:45:28.0718 0x03b8 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:45:28.0718 0x03b8 Mouclass - ok
14:45:28.0958 0x03b8 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:45:28.0958 0x03b8 mouhid - ok
14:45:29.0188 0x03b8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:45:29.0188 0x03b8 MountMgr - ok
14:45:29.0348 0x03b8 mraid35x - ok
14:45:29.0559 0x03b8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:45:29.0569 0x03b8 MRxDAV - ok
14:45:29.0949 0x03b8 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:45:29.0969 0x03b8 MRxSmb - ok
14:45:30.0160 0x03b8 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
14:45:30.0160 0x03b8 MSDTC - ok
14:45:30.0460 0x03b8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:45:30.0460 0x03b8 Msfs - ok
14:45:30.0630 0x03b8 MSIServer - ok
14:45:30.0770 0x03b8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:45:30.0770 0x03b8 MSKSSRV - ok
14:45:30.0981 0x03b8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:45:30.0981 0x03b8 MSPCLOCK - ok
14:45:31.0141 0x03b8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:45:31.0141 0x03b8 MSPQM - ok
14:45:31.0321 0x03b8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:45:31.0321 0x03b8 mssmbios - ok
14:45:31.0562 0x03b8 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:45:31.0562 0x03b8 Mup - ok
14:45:31.0912 0x03b8 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:45:32.0032 0x03b8 napagent - ok
14:45:32.0263 0x03b8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:45:32.0273 0x03b8 NDIS - ok
14:45:32.0513 0x03b8 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:45:32.0513 0x03b8 NdisTapi - ok
14:45:32.0703 0x03b8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:45:32.0703 0x03b8 Ndisuio - ok
14:45:32.0904 0x03b8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:45:32.0914 0x03b8 NdisWan - ok
14:45:33.0144 0x03b8 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:45:33.0154 0x03b8 NDProxy - ok
14:45:33.0374 0x03b8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:45:33.0384 0x03b8 NetBIOS - ok
14:45:33.0645 0x03b8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:45:33.0655 0x03b8 NetBT - ok
14:45:33.0925 0x03b8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
14:45:33.0965 0x03b8 NetDDE - ok
14:45:34.0185 0x03b8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:45:34.0195 0x03b8 NetDDEdsdm - ok
14:45:34.0386 0x03b8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\System32\lsass.exe
14:45:34.0396 0x03b8 Netlogon - ok
14:45:34.0776 0x03b8 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
14:45:34.0846 0x03b8 Netman - ok
14:45:35.0177 0x03b8 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:45:35.0217 0x03b8 NetTcpPortSharing - ok
14:45:35.0617 0x03b8 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
14:45:35.0708 0x03b8 Nla - ok
14:45:35.0948 0x03b8 NMIndexingService - ok
14:45:36.0178 0x03b8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:45:36.0188 0x03b8 Npfs - ok
14:45:36.0379 0x03b8 [ 2ADC0CA9945C65284B3D19BC18765974, A8E2B848E85A3B38350F4134DE9CA6749854B988F9A0087C60D97E19D474CBF3 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
14:45:36.0379 0x03b8 NSCIRDA - ok
14:45:36.0729 0x03b8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:45:36.0759 0x03b8 Ntfs - ok
14:45:36.0909 0x03b8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
14:45:36.0909 0x03b8 NtLmSsp - ok
14:45:37.0330 0x03b8 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:45:37.0490 0x03b8 NtmsSvc - ok
14:45:37.0690 0x03b8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
14:45:37.0700 0x03b8 Null - ok
14:45:37.0871 0x03b8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:45:37.0871 0x03b8 NwlnkFlt - ok
14:45:38.0011 0x03b8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:45:38.0011 0x03b8 NwlnkFwd - ok
14:45:38.0291 0x03b8 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:45:38.0301 0x03b8 Parport - ok
14:45:38.0562 0x03b8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:45:38.0562 0x03b8 PartMgr - ok
14:45:38.0802 0x03b8 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:45:38.0802 0x03b8 ParVdm - ok
14:45:39.0032 0x03b8 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:45:39.0032 0x03b8 PCI - ok
14:45:39.0173 0x03b8 PCIDump - ok
14:45:39.0333 0x03b8 PCIIde - ok
14:45:39.0583 0x03b8 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:45:39.0593 0x03b8 Pcmcia - ok
14:45:39.0743 0x03b8 PDCOMP - ok
14:45:39.0864 0x03b8 PDFRAME - ok
14:45:40.0014 0x03b8 PDRELI - ok
14:45:40.0154 0x03b8 PDRFRAME - ok
14:45:40.0304 0x03b8 perc2 - ok
14:45:40.0434 0x03b8 perc2hib - ok
14:45:40.0915 0x03b8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
14:45:40.0925 0x03b8 PlugPlay - ok
14:45:41.0095 0x03b8 [ FA292805788528C083F416E151B60AB6, CF47525D15FF3FF98768FF5AE8A8F0C01AE6300C249D24E518D2A02100D5A68A ] PMEM C:\WINDOWS\system32\drivers\PMEMNT.SYS
14:45:41.0095 0x03b8 PMEM - ok
14:45:41.0276 0x03b8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
14:45:41.0286 0x03b8 PolicyAgent - ok
14:45:41.0496 0x03b8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:45:41.0496 0x03b8 PptpMiniport - ok
14:45:41.0706 0x03b8 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
14:45:41.0706 0x03b8 Processor - ok
14:45:41.0977 0x03b8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:45:41.0977 0x03b8 ProtectedStorage - ok
14:45:42.0157 0x03b8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:45:42.0157 0x03b8 PSched - ok
14:45:42.0407 0x03b8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:45:42.0407 0x03b8 Ptilink - ok
14:45:42.0648 0x03b8 [ 1BCFED0946F9460D6272F85B70B87A52, 6EDE283D9B5173D9F91C969E5F97A21282395769C989F609B1EFDE7B5E40EA97 ] QCONSVC C:\WINDOWS\system32\QCONSVC.EXE
14:45:42.0668 0x03b8 QCONSVC - ok
14:45:42.0828 0x03b8 ql1080 - ok
14:45:42.0958 0x03b8 Ql10wnt - ok
14:45:43.0118 0x03b8 ql12160 - ok
14:45:43.0258 0x03b8 ql1240 - ok
14:45:43.0419 0x03b8 ql1280 - ok
14:45:43.0599 0x03b8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:45:43.0599 0x03b8 RasAcd - ok
14:45:43.0859 0x03b8 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:45:43.0909 0x03b8 RasAuto - ok
14:45:44.0130 0x03b8 [ 0207D26DDF796A193CCD9F83047BB5FC, 13613036BCB869FBD7229A0FE25D324710308385D8C35E5D990A40E52BE040DF ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:45:44.0130 0x03b8 Rasirda - ok
14:45:44.0320 0x03b8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:45:44.0320 0x03b8 Rasl2tp - ok
14:45:44.0670 0x03b8 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:45:44.0741 0x03b8 RasMan - ok
14:45:44.0901 0x03b8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:45:44.0901 0x03b8 RasPppoe - ok
14:45:45.0151 0x03b8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:45:45.0161 0x03b8 Raspti - ok
14:45:45.0432 0x03b8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:45:45.0442 0x03b8 Rdbss - ok
14:45:45.0662 0x03b8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:45:45.0662 0x03b8 RDPCDD - ok
14:45:45.0922 0x03b8 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:45:45.0932 0x03b8 rdpdr - ok
14:45:46.0253 0x03b8 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:45:46.0263 0x03b8 RDPWD - ok
14:45:46.0583 0x03b8 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:45:46.0633 0x03b8 RDSessMgr - ok
14:45:46.0804 0x03b8 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:45:46.0804 0x03b8 redbook - ok
14:45:47.0064 0x03b8 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:45:47.0084 0x03b8 RemoteAccess - ok
14:45:47.0404 0x03b8 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:45:47.0414 0x03b8 RemoteRegistry - ok
14:45:47.0675 0x03b8 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\System32\locator.exe
14:45:47.0705 0x03b8 RpcLocator - ok
14:45:48.0085 0x03b8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:45:48.0105 0x03b8 RpcSs - ok
14:45:48.0416 0x03b8 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\System32\rsvp.exe
14:45:48.0466 0x03b8 RSVP - ok
14:45:48.0907 0x03b8 [ 88B63F291AE10C1B66D2B9ED6921A7DF, A0174FC75459CE38028B1436BD46234062A3FCBE164E139F53BE49BAB3B8F95F ] rtl8185 C:\WINDOWS\system32\DRIVERS\rtl8185.sys
14:45:48.0917 0x03b8 rtl8185 - ok
14:45:49.0137 0x03b8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
14:45:49.0137 0x03b8 SamSs - ok
14:45:49.0347 0x03b8 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:45:49.0377 0x03b8 SCardSvr - ok
14:45:49.0718 0x03b8 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:45:49.0788 0x03b8 Schedule - ok
14:45:50.0058 0x03b8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:45:50.0058 0x03b8 Secdrv - ok
14:45:50.0319 0x03b8 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:45:50.0329 0x03b8 seclogon - ok
14:45:50.0609 0x03b8 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
14:45:50.0619 0x03b8 SENS - ok
14:45:50.0799 0x03b8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:45:50.0799 0x03b8 serenum - ok
14:45:51.0010 0x03b8 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:45:51.0010 0x03b8 Serial - ok
14:45:51.0380 0x03b8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:45:51.0380 0x03b8 Sfloppy - ok
14:45:51.0731 0x03b8 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:45:51.0821 0x03b8 SharedAccess - ok
14:45:52.0031 0x03b8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:45:52.0041 0x03b8 ShellHWDetection - ok
14:45:52.0211 0x03b8 Simbad - ok
14:45:52.0362 0x03b8 [ E061A9A43C80BE5AA5D94F1EF4A713C1, 334CD9E8C4A57C2BF43A0D3895D18832C7EB0C5A6455CF3361A09F7A28DF4A6F ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
14:45:52.0372 0x03b8 Smapint - ok
14:45:52.0812 0x03b8 [ 7B06A22F16B64C23C41E0278B8DC90BF, 02867493783DAC96A90B6CD14B358C05C63FE0862A98BD71CD54F34E31632C54 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
14:45:52.0862 0x03b8 smwdm - ok
14:45:53.0022 0x03b8 Sparrow - ok
14:45:53.0203 0x03b8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:45:53.0203 0x03b8 splitter - ok
14:45:53.0463 0x03b8 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:45:53.0493 0x03b8 Spooler - ok
14:45:53.0824 0x03b8 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:45:53.0824 0x03b8 sr - ok
14:45:54.0094 0x03b8 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\System32\srsvc.dll
14:45:54.0154 0x03b8 srservice - ok
14:45:54.0505 0x03b8 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:45:54.0525 0x03b8 Srv - ok
14:45:54.0785 0x03b8 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:45:54.0795 0x03b8 SSDPSRV - ok
14:45:55.0176 0x03b8 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:45:55.0276 0x03b8 stisvc - ok
14:45:55.0536 0x03b8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:45:55.0546 0x03b8 swenum - ok
14:45:55.0766 0x03b8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:45:55.0766 0x03b8 swmidi - ok
14:45:55.0897 0x03b8 SwPrv - ok
14:45:56.0107 0x03b8 symc810 - ok
14:45:56.0247 0x03b8 symc8xx - ok
14:45:56.0397 0x03b8 sym_hi - ok
14:45:56.0538 0x03b8 sym_u3 - ok
14:45:56.0728 0x03b8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:45:56.0728 0x03b8 sysaudio - ok
14:45:57.0098 0x03b8 [ E48A91AC570F9A683CBCFE94C59DCB18, 9BDDEAD3900F28BEE90F5DAB2354E8136613E729F3E07193411F00E07A1040CC ] syshost32 C:\WINDOWS\Installer\{F07CB50E-48C0-6B81-B4AF-6E15944F672B}\syshost.exe
14:45:57.0138 0x03b8 syshost32 - ok
14:45:57.0519 0x03b8 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:45:57.0559 0x03b8 SysmonLog - ok
14:45:57.0889 0x03b8 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:45:58.0010 0x03b8 TapiSrv - ok
14:45:58.0340 0x03b8 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:45:58.0360 0x03b8 Tcpip - ok
14:45:58.0530 0x03b8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:45:58.0530 0x03b8 TDPIPE - ok
14:45:58.0781 0x03b8 [ 0353AC9D91E28D936E4227539B1B2393, 8B31C2F496C446DF69B898B9B585A1097DDCA3EE50ACD31B5E09D8B1CD68DF94 ] TDSMAPI C:\WINDOWS\system32\Drivers\TDSMAPI.SYS
14:45:58.0781 0x03b8 TDSMAPI - ok
14:45:58.0991 0x03b8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:45:59.0001 0x03b8 TDTCP - ok
14:45:59.0161 0x03b8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:45:59.0161 0x03b8 TermDD - ok
14:45:59.0562 0x03b8 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
14:45:59.0672 0x03b8 TermService - ok
14:45:59.0932 0x03b8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
14:45:59.0942 0x03b8 Themes - ok
14:46:00.0163 0x03b8 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
14:46:00.0193 0x03b8 TlntSvr - ok
14:46:00.0383 0x03b8 TosIde - ok
14:46:00.0533 0x03b8 [ 90579B74E1E110C2F379117047BDB356, EDD255C1A104DA6469846A4B4CDBFC5CB40DCD69DDE5207D799FB7DC850A014A ] Tp4Track C:\WINDOWS\system32\DRIVERS\tp4track.sys
14:46:00.0533 0x03b8 Tp4Track - ok
14:46:00.0684 0x03b8 [ 47F23B26F771765FD8CAC0EBAE4545E9, 2AFE4C57FE833F18E65F959DAF8879823CE8BEB13B1BA34A61E6806AF609EDC5 ] TPHKDRV C:\WINDOWS\system32\drivers\TPHKDRV.sys
14:46:00.0684 0x03b8 TPHKDRV - ok
14:46:00.0844 0x03b8 [ C10B74CF569D39594E170734DB590661, 134890D6FAE83FA38F8EEA3B72EC0E12778D6E15C7605758D9933AA4A945E755 ] TPPWR C:\WINDOWS\system32\drivers\Tppwr.sys
14:46:00.0854 0x03b8 TPPWR - ok
14:46:01.0124 0x03b8 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:46:01.0164 0x03b8 TrkWks - ok
14:46:01.0395 0x03b8 [ 76F0A07D83FA24478C07250F4FC8B128, 4894CD9ABDDC9712D3D9938A66B9CD83485AEA7F0D351769D58AC80FA5885412 ] TSMAPIP C:\WINDOWS\system32\drivers\TSMAPIP.SYS
14:46:01.0395 0x03b8 TSMAPIP - ok
14:46:01.0585 0x03b8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:46:01.0585 0x03b8 Udfs - ok
14:46:01.0745 0x03b8 ultra - ok
14:46:02.0065 0x03b8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:46:02.0086 0x03b8 Update - ok
14:46:02.0406 0x03b8 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
14:46:02.0466 0x03b8 upnphost - ok
14:46:02.0696 0x03b8 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
14:46:02.0706 0x03b8 UPS - ok
14:46:02.0907 0x03b8 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:46:02.0907 0x03b8 usbehci - ok
14:46:03.0127 0x03b8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:46:03.0127 0x03b8 usbhub - ok
14:46:03.0327 0x03b8 [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:46:03.0327 0x03b8 usbscan - ok
14:46:03.0558 0x03b8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:46:03.0568 0x03b8 USBSTOR - ok
14:46:03.0758 0x03b8 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:46:03.0758 0x03b8 usbuhci - ok
14:46:04.0008 0x03b8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:46:04.0008 0x03b8 VgaSave - ok
14:46:04.0118 0x03b8 ViaIde - ok
14:46:04.0339 0x03b8 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:46:04.0339 0x03b8 VolSnap - ok
14:46:04.0689 0x03b8 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
14:46:04.0809 0x03b8 VSS - ok
14:46:05.0200 0x03b8 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\System32\w32time.dll
14:46:05.0240 0x03b8 W32Time - ok
14:46:05.0540 0x03b8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:46:05.0540 0x03b8 Wanarp - ok
14:46:05.0661 0x03b8 WDICA - ok
14:46:05.0861 0x03b8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:46:05.0861 0x03b8 wdmaud - ok
14:46:06.0131 0x03b8 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
14:46:06.0141 0x03b8 WebClient - ok
14:46:06.0562 0x03b8 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:46:06.0602 0x03b8 winmgmt - ok
14:46:07.0073 0x03b8 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:46:07.0083 0x03b8 WmdmPmSN - ok
14:46:07.0533 0x03b8 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:46:07.0754 0x03b8 Wmi - ok
14:46:08.0074 0x03b8 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:46:08.0124 0x03b8 WmiApSrv - ok
14:46:08.0715 0x03b8 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:46:09.0046 0x03b8 WMPNetworkSvc - ok
14:46:09.0316 0x03b8 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:46:09.0316 0x03b8 WpdUsb - ok
14:46:09.0626 0x03b8 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:46:09.0636 0x03b8 wscsvc - ok
14:46:09.0827 0x03b8 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:46:09.0857 0x03b8 wuauserv - ok
14:46:10.0127 0x03b8 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:46:10.0137 0x03b8 WudfPf - ok
14:46:10.0367 0x03b8 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:46:10.0377 0x03b8 WudfRd - ok
14:46:10.0608 0x03b8 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:46:10.0618 0x03b8 WudfSvc - ok
14:46:10.0988 0x03b8 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:46:11.0149 0x03b8 WZCSVC - ok
14:46:11.0469 0x03b8 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:46:11.0489 0x03b8 xmlprov - ok
14:46:11.0649 0x03b8 ================ Scan global ===============================
14:46:11.0970 0x03b8 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
14:46:12.0150 0x03b8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:46:12.0390 0x03b8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:46:12.0511 0x03b8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
14:46:12.0521 0x03b8 [ Global ] - ok
14:46:12.0541 0x03b8 ================ Scan MBR ==================================
14:46:12.0601 0x03b8 [ AB67D479E4EE1CCAD757294B60DDB98F ] \Device\Harddisk0\DR0
14:46:12.0951 0x03b8 \Device\Harddisk0\DR0 - ok
14:46:13.0001 0x03b8 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
14:46:13.0031 0x03b8 \Device\Harddisk1\DR1 - ok
14:46:13.0051 0x03b8 ================ Scan VBR ==================================
14:46:13.0071 0x03b8 [ 4FDC23B120F0EC5F80AE98557F4D9DCB ] \Device\Harddisk0\DR0\Partition1
14:46:13.0081 0x03b8 \Device\Harddisk0\DR0\Partition1 - ok
14:46:13.0131 0x03b8 [ BDF83EFF05C13F2D4DA35EC086A7BB23 ] \Device\Harddisk1\DR1\Partition1
14:46:13.0842 0x03b8 \Device\Harddisk1\DR1\Partition1 - ok
14:46:13.0862 0x03b8 ================ Scan generic autorun ======================
14:46:14.0013 0x03b8 [ FAE95D6D7651B5629C4E19ADBC9A3863, 8209A13B8C845D8EFB1B1C21135B5119E6E2AC5694B982E2103E53D0CBAA080C ] C:\WINDOWS\system32\Ati2mdxx.exe
14:46:14.0023 0x03b8 ATIModeChange - ok
14:46:14.0153 0x03b8 [ 97826CB927E0E7F4500879D99DE6D3C5, 0FB04C5AA4C1BE2E35BBDE474916DF00E223A41D6E0C590FF0C5132EBBA69051 ] C:\WINDOWS\system32\tp4serv.exe
14:46:14.0223 0x03b8 TrackPointSrv - ok
14:46:14.0313 0x03b8 [ 71E256D5C8FB8FD1933968DCCFD967A0, 92481C790B092CC363BABEA16B0252BEEE1A7CBC1C6FF55F93030DD4AB92FA66 ] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
14:46:14.0333 0x03b8 TPTRAY - ok
14:46:14.0343 0x03b8 BMMGAG - ok
14:46:14.0583 0x03b8 [ 6C2CF216C460BED0D4B83AF07980A761, B8BF59F1F5937558B73F1D6728E92AE8B07CB38AD529357A4E16663A969A81BE ] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
14:46:14.0764 0x03b8 QCTRAY - ok
14:46:14.0844 0x03b8 [ 8633F1E7AA1912AD962E5A656D264045, BB17957ECE5EC9ED25E9B58315AD436C76B2FF1B5A1C5D8397FC7950CC65F126 ] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
14:46:14.0854 0x03b8 QCWLICON - ok
14:46:14.0934 0x03b8 [ AA3B957AF3F3B4AA9047D5531696AB0E, BA826D7A0B56C04528C4A8EDA498173C533BA3CDD75E1C73E224AFD712F06680 ] C:\WINDOWS\system32\tp4ex.exe
14:46:14.0954 0x03b8 TP4EX - ok
14:46:15.0044 0x03b8 [ 6CE63001262FB82D746E1DEEBF00B43B, B660ECA6989ABFC3B97FCEB8D692A11F77B9D4A81D5FC34759462D2EC37A2F63 ] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
14:46:15.0074 0x03b8 TPHOTKEY - ok
14:46:15.0114 0x03b8 Tgcmd - ok
14:46:15.0214 0x03b8 [ C0041BB27E2E5B0550C179ECF53425CD, 82EB1BF88B1D93F4AEC5EB6A1DB790E6EFA0379DD771251707BE9F67266D3547 ] C:\WINDOWS\AGRSMMSG.exe
14:46:20.0522 0x03b8 AGRSMMSG - ok
14:46:20.0662 0x03b8 [ 3E4C03CEFAD8DE135263236B61A49C90, 243201B64F4B60D55CDB1A3BF4B9AA60BC22EB8ACA88E95042EE48AC5DF5F397 ] C:\WINDOWS\system32\\NeroCheck.exe
14:46:20.0742 0x03b8 NeroCheck - ok
14:46:20.0893 0x03b8 [ E284188C5CF416378CC740EB13059A50, 0E0863D84B29662B3EEE0602742CAE8F966CE043E690C62BC3A00244B7D35D04 ] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
14:46:20.0913 0x03b8 Adobe Reader Speed Launcher - ok
14:46:21.0724 0x03b8 [ 29FB6EF1EFB1357E2883FE297F1EBC31, A6F465EA84277D88771BE6438CAC32D8E2C73A6EEC809CB38E1090FFFB27804E ] C:\PROGRA~1\AVG\AVG9\avgtray.exe
14:46:22.0535 0x03b8 AVG9_TRAY - ok
14:46:23.0196 0x03b8 [ 3103FE27C967675B019E880AA6DA3D6D, 515E750ACD28C3CFD8174B7F213E2AA741D8942FB68E57F701EBCBB92EC3F537 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:46:23.0747 0x03b8 Adobe ARM - ok
14:46:24.0037 0x03b8 [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
14:46:24.0137 0x03b8 SunJavaUpdateSched - ok
14:46:24.0167 0x03b8 {B2B73189-3468-40D7-B711-0F99FC4A9D69} - ok
14:46:24.0247 0x03b8 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
14:46:24.0247 0x03b8 ctfmon.exe - ok
14:46:24.0257 0x03b8 updateMgr - ok
14:46:24.0307 0x03b8 MSMSGS - ok
14:46:24.0328 0x03b8 NeroHomeFirstStart - ok
14:46:24.0568 0x03b8 [ 269AFE2F2E2957DF8F7A5F82B2B092DB, 37B8B913090A01EC5C656214F9081AC93ADE8682582327366A7F76EDBDC98A39 ] C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe
14:46:24.0728 0x03b8 avg_spchecker - ok
14:46:24.0908 0x03b8 AV detected via SS1: AVG Anti-Virus Free, 9.0, enabled, updated
14:46:24.0968 0x03b8 ============================================================
14:46:24.0968 0x03b8 Scan finished
14:46:24.0968 0x03b8 ============================================================
14:46:25.0049 0x037c Detected object count: 1
14:46:25.0049 0x037c Actual detected object count: 1
14:47:42.0380 0x037c C:\WINDOWS\System32\Drivers\2d19a0fd877a76cc.sys - copied to quarantine
14:47:42.0690 0x037c HKLM\SYSTEM\ControlSet002\services\2d19a0fd877a76cc - will be deleted on reboot
14:47:43.0682 0x037c C:\WINDOWS\System32\Drivers\2d19a0fd877a76cc.sys - will be deleted on reboot
14:47:43.0682 0x037c 2d19a0fd877a76cc ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
14:47:45.0524 0x037c KLMD registered as C:\WINDOWS\system32\drivers\57775552.sys
14:48:33.0854 0x0348 Deinitialize success
14:53:53.0360 0x05ec TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
14:53:56.0235 0x05ec ============================================================
14:53:56.0235 0x05ec Current date / time: 2014/12/08 14:53:56.0235
14:53:56.0235 0x05ec SystemInfo:
14:53:56.0255 0x05ec
14:53:56.0255 0x05ec OS Version: 5.1.2600 ServicePack: 3.0
14:53:56.0255 0x05ec Product type: Workstation
14:53:56.0255 0x05ec ComputerName: THINKPAD
14:53:56.0255 0x05ec UserName: IBM
14:53:56.0255 0x05ec Windows directory: C:\WINDOWS
14:53:56.0255 0x05ec System windows directory: C:\WINDOWS
14:53:56.0255 0x05ec Processor architecture: Intel x86
14:53:56.0255 0x05ec Number of processors: 1
14:53:56.0255 0x05ec Page size: 0x1000
14:53:56.0255 0x05ec Boot type: Normal boot
14:53:56.0285 0x05ec ============================================================
14:53:56.0305 0x05ec BG loaded
14:54:10.0806 0x05ec System UUID: {65C7A9CC-C291-863E-FB8C-E2EA3E48D80E}
14:54:44.0163 0x05ec Drive \Device\Harddisk0\DR0 - Size: 0x4A8530000 ( 18.63 Gb ), SectorSize: 0x200, Cylinders: 0xA18, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000044
14:54:45.0055 0x05ec Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000044
14:54:45.0145 0x05ec ============================================================
14:54:45.0145 0x05ec \Device\Harddisk0\DR0:
14:54:54.0508 0x05ec MBR partitions:
14:54:54.0508 0x05ec \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2272C11
14:54:54.0508 0x05ec \Device\Harddisk1\DR1:
14:54:54.0518 0x05ec MBR partitions:
14:54:54.0518 0x05ec \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
14:54:54.0518 0x05ec ============================================================
14:54:58.0574 0x05ec C: <-> \Device\Harddisk0\DR0\Partition1
14:54:59.0225 0x05ec D: <-> \Device\Harddisk1\DR1\Partition1
14:54:59.0225 0x05ec ============================================================
14:54:59.0225 0x05ec Initialize success
14:54:59.0225 0x05ec ============================================================
14:55:40.0755 0x01f8 ============================================================
14:55:40.0755 0x01f8 Scan started
14:55:40.0755 0x01f8 Mode: Manual;
14:55:40.0755 0x01f8 ============================================================
14:55:40.0755 0x01f8 KSN ping started
14:55:53.0443 0x01f8 KSN ping finished: true
14:55:57.0479 0x01f8 ================ Scan system memory ========================
14:55:57.0489 0x01f8 System memory - ok
14:55:57.0489 0x01f8 ================ Scan services =============================
14:56:05.0881 0x01f8 27784469 - ok
14:56:05.0911 0x01f8 Abiosdsk - ok
14:56:05.0951 0x01f8 abp480n5 - ok
14:56:07.0143 0x01f8 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:56:07.0623 0x01f8 ACPI - ok
14:56:12.0761 0x01f8 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:56:12.0771 0x01f8 ACPI - ok
14:56:21.0243 0x01f8 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:56:21.0253 0x01f8 ACPI - ok
14:56:24.0638 0x01f8 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:56:24.0718 0x01f8 ACPIEC - ok
14:56:24.0888 0x01f8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:56:24.0898 0x01f8 aec - ok
14:56:24.0978 0x01f8 [ 58A8273918EEF2BF9204B12ED171513A, 6C79AC93FBBD8B877DD71557A8B2A2B9C20277BBFCEDE6A1ECA7FFC650FC6143 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:56:24.0998 0x01f8 AegisP - ok
14:56:28.0914 0x01f8 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:56:29.0014 0x01f8 AFD - ok
14:56:33.0751 0x01f8 [ AFF071B6290776E1FA162837C35EAC78, 07F3CDB27C767BEDB9E8C82A4FE738AD408225C2A22428669F742EDF30410758 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
14:56:34.0572 0x01f8 AgereSoftModem - ok
14:56:34.0652 0x01f8 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
14:56:34.0873 0x01f8 agp440 - ok
14:56:34.0903 0x01f8 Aha154x - ok
14:56:34.0943 0x01f8 aic78u2 - ok
14:56:34.0973 0x01f8 aic78xx - ok
14:56:35.0223 0x01f8 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:56:35.0283 0x01f8 Alerter - ok
14:56:35.0423 0x01f8 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
14:56:35.0423 0x01f8 ALG - ok
14:56:35.0453 0x01f8 AliIde - ok
14:56:35.0484 0x01f8 amsint - ok
14:56:35.0614 0x01f8 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:56:35.0844 0x01f8 AppMgmt - ok
14:56:35.0874 0x01f8 asc - ok
14:56:35.0894 0x01f8 asc3350p - ok
14:56:35.0934 0x01f8 asc3550 - ok
14:56:36.0655 0x01f8 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:56:36.0996 0x01f8 aspnet_state - ok
14:56:37.0126 0x01f8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:56:37.0156 0x01f8 AsyncMac - ok
14:56:37.0206 0x01f8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:56:37.0216 0x01f8 atapi - ok
14:56:37.0246 0x01f8 Atdisk - ok
14:56:37.0336 0x01f8 [ 418CDC2888D01E1CD5CE297AF00807A3, 1DE3277683E0D3D2B1B83FF9D718C125E3D542477C1505063DDE8145C408391D ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
14:56:37.0346 0x01f8 Ati HotKey Poller - ok
14:56:37.0547 0x01f8 [ D1F804642C627782C6D213BCE0604F09, 43DB2A74835B5E5C796509990E0FCB4A4897A027D0117F5B6C8ECD37E80F7F28 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:56:37.0597 0x01f8 ati2mtag - ok
14:56:37.0667 0x01f8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:56:37.0697 0x01f8 Atmarpc - ok
14:56:37.0767 0x01f8 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:56:37.0777 0x01f8 AudioSrv - ok
14:56:37.0847 0x01f8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:56:37.0877 0x01f8 audstub - ok
14:56:38.0278 0x01f8 [ AA054CD537357F03D5BA6ABA7562B35F, F331D929920D38B53FEA464AF54DB59224882D386C55689CDDF6C6DC1473284E ] avg9emc C:\Program Files\AVG\AVG9\avgemc.exe
14:56:38.0328 0x01f8 avg9emc - ok
14:56:38.0428 0x01f8 [ C4D15594DB5BE042D3346EA58DF87D89, 8E24868518DE53F28C92C473A415BED613665287F338B815FEDE21D151F01962 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe
14:56:38.0448 0x01f8 avg9wd - ok
14:56:38.0568 0x01f8 [ A9F4D19DE72C738759330D10D35C4398, 46D760EBFBABF3FDCD02F4AC38180FBFFEFFA36F68C18602695A9FCB6C4C13DE ] AvgLdx86 C:\WINDOWS\System32\Drivers\avgldx86.sys
14:56:38.0638 0x01f8 AvgLdx86 - ok
14:56:38.0728 0x01f8 [ 80FF2B1B7EEDA966394F0BAA895BBF4B, D8F5C111837707DC37975C1E315FCD33BF96AB21D89874CB0290134A44C46BEF ] AvgMfx86 C:\WINDOWS\System32\Drivers\avgmfx86.sys
14:56:38.0778 0x01f8 AvgMfx86 - ok
14:56:38.0898 0x01f8 [ 9A7A93388F503A34E7339AE7F9997449, 9549146C19EAF65DB98314A7CCB0AB27503DC812B521444CBEA5493998ADAA80 ] AvgTdiX C:\WINDOWS\System32\Drivers\avgtdix.sys
14:56:38.0969 0x01f8 AvgTdiX - ok
14:56:39.0149 0x01f8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:56:39.0189 0x01f8 Beep - ok
14:56:39.0319 0x01f8 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
14:56:40.0230 0x01f8 BITS - ok
14:56:40.0351 0x01f8 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
14:56:40.0361 0x01f8 Browser - ok
14:56:40.0441 0x01f8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:56:40.0471 0x01f8 cbidf2k - ok
14:56:40.0511 0x01f8 cd20xrnt - ok
14:56:40.0561 0x01f8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:56:40.0581 0x01f8 Cdaudio - ok
14:56:40.0691 0x01f8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:56:40.0731 0x01f8 Cdfs - ok
14:56:40.0811 0x01f8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:56:40.0851 0x01f8 Cdrom - ok
14:56:40.0881 0x01f8 Changer - ok
14:56:40.0951 0x01f8 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] cisvc C:\WINDOWS\System32\cisvc.exe
14:56:40.0971 0x01f8 cisvc - ok
14:56:41.0022 0x01f8 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:56:41.0062 0x01f8 ClipSrv - ok
14:56:41.0242 0x01f8 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:56:42.0373 0x01f8 clr_optimization_v2.0.50727_32 - ok
14:56:42.0444 0x01f8 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:56:42.0474 0x01f8 CmBatt - ok
14:56:42.0504 0x01f8 CmdIde - ok
14:56:42.0554 0x01f8 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:56:42.0584 0x01f8 Compbatt - ok
14:56:42.0624 0x01f8 COMSysApp - ok
14:56:42.0684 0x01f8 Cpqarray - ok
14:56:42.0764 0x01f8 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:56:42.0764 0x01f8 CryptSvc - ok
14:56:42.0794 0x01f8 dac2w2k - ok
14:56:42.0824 0x01f8 dac960nt - ok
14:56:43.0054 0x01f8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:56:43.0074 0x01f8 DcomLaunch - ok
14:56:43.0295 0x01f8 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:56:43.0305 0x01f8 Dhcp - ok
14:56:43.0385 0x01f8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:56:43.0435 0x01f8 Disk - ok
14:56:43.0465 0x01f8 dmadmin - ok
14:56:43.0595 0x01f8 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:56:43.0695 0x01f8 dmboot - ok
14:56:43.0775 0x01f8 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:56:43.0846 0x01f8 dmio - ok
14:56:43.0916 0x01f8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:56:43.0946 0x01f8 dmload - ok
14:56:44.0016 0x01f8 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
14:56:44.0016 0x01f8 dmserver - ok
14:56:44.0687 0x01f8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:56:44.0687 0x01f8 DMusic - ok
14:56:44.0777 0x01f8 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:56:44.0807 0x01f8 Dnscache - ok
14:56:44.0887 0x01f8 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:56:44.0927 0x01f8 Dot3svc - ok
14:56:44.0977 0x01f8 dpti2o - ok
14:56:45.0017 0x01f8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:56:45.0017 0x01f8 drmkaud - ok
14:56:45.0298 0x01f8 [ 816AC73D056626333DD1D8F759F0AFAA, E41A12680088D927D011F84F1F173DB9D47444A7C7F701BCC39E7165A313B5A8 ] DSMBATT C:\WINDOWS\system32\drivers\DSMBATT.SYS
14:56:45.0338 0x01f8 DSMBATT - ok
14:56:45.0408 0x01f8 [ 81459BD6D8FEAADF2848AE88B3D02EC3, 240CEBFD1CDF824C43748362B3BDCE1B9D9CA238EDDC1E14051D006C6CCDFCF5 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:56:45.0408 0x01f8 E100B - ok
14:56:45.0488 0x01f8 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:56:45.0528 0x01f8 EapHost - ok
14:56:45.0598 0x01f8 [ 938F1EC77BA35858248E584B2D2E9776, E48E7C363F4AAF8601016E3AAAD50C5C99E83747733C6339D9E21D3C8DDDE7B5 ] EGATHDRV C:\WINDOWS\system32\EGATHDRV.SYS
14:56:45.0608 0x01f8 EGATHDRV - ok
14:56:45.0698 0x01f8 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:56:45.0708 0x01f8 ERSvc - ok
14:56:45.0808 0x01f8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
14:56:45.0848 0x01f8 Eventlog - ok
14:56:45.0949 0x01f8 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\System32\es.dll
14:56:45.0979 0x01f8 EventSystem - ok
14:56:46.0189 0x01f8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:56:46.0189 0x01f8 Fastfat - ok
14:56:46.0289 0x01f8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:56:46.0329 0x01f8 FastUserSwitchingCompatibility - ok
14:56:46.0379 0x01f8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:56:46.0399 0x01f8 Fdc - ok
14:56:46.0449 0x01f8 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:56:46.0780 0x01f8 Fips - ok
14:56:46.0890 0x01f8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:56:46.0910 0x01f8 Flpydisk - ok
14:56:47.0000 0x01f8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:56:47.0771 0x01f8 FltMgr - ok
14:56:48.0032 0x01f8 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:56:48.0342 0x01f8 FontCache3.0.0.0 - ok
14:56:48.0382 0x01f8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:56:48.0402 0x01f8 Fs_Rec - ok
14:56:48.0462 0x01f8 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:56:48.0502 0x01f8 Ftdisk - ok
14:56:48.0592 0x01f8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:56:48.0622 0x01f8 Gpc - ok
14:56:48.0773 0x01f8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:56:48.0793 0x01f8 gupdate - ok
14:56:48.0823 0x01f8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:56:48.0833 0x01f8 gupdatem - ok
14:56:48.0963 0x01f8 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:56:48.0973 0x01f8 helpsvc - ok
14:56:49.0003 0x01f8 HidServ - ok
14:56:49.0143 0x01f8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:56:49.0173 0x01f8 hidusb - ok
14:56:49.0243 0x01f8 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:56:49.0273 0x01f8 hkmsvc - ok
14:56:49.0303 0x01f8 hpn - ok
14:56:49.0353 0x01f8 hpt3xx - ok
14:56:49.0454 0x01f8 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:56:49.0464 0x01f8 HTTP - ok
14:56:49.0524 0x01f8 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:56:49.0624 0x01f8 HTTPFilter - ok
14:56:49.0654 0x01f8 i2omgmt - ok
14:56:49.0674 0x01f8 i2omp - ok
14:56:49.0734 0x01f8 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:56:49.0754 0x01f8 i8042prt - ok
14:56:49.0834 0x01f8 [ 293131C1DA5F53CB05F75D637739D79C, F5F1A03FB012101FA143A288BCBC048A652A285F7DF533D1D08279E3A4D24326 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
14:56:49.0864 0x01f8 IBMPMDRV - ok
14:56:49.0914 0x01f8 [ 91FA023C5203503776BCCC9CF96A0C59, A47C788A26E4D2A282DE2EC8A75E1544CAB17A2C5F4CF867026D3B95B3651D1D ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
14:56:49.0954 0x01f8 IBMPMSVC - ok
14:56:50.0034 0x01f8 [ 28DEEBA2E29CB0E91B641CA95F7740FD, 3E4D92E7211AA0CCD38561DB5F7CDC583C141A40D9077AA7D482336D3080369B ] IBMTPCHK C:\WINDOWS\system32\drivers\IBMBLDID.SYS
14:56:50.0105 0x01f8 IBMTPCHK - ok
14:56:50.0315 0x01f8 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:56:50.0385 0x01f8 IDriverT - ok
14:56:50.0786 0x01f8 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:56:51.0947 0x01f8 idsvc - ok
14:56:52.0047 0x01f8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:56:52.0047 0x01f8 Imapi - ok
14:56:52.0178 0x01f8 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\System32\imapi.exe
14:56:52.0188 0x01f8 ImapiService - ok
14:56:52.0248 0x01f8 ini910u - ok
14:56:52.0308 0x01f8 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:56:52.0358 0x01f8 IntelIde - ok
14:56:52.0428 0x01f8 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:56:52.0428 0x01f8 intelppm - ok
14:56:52.0548 0x01f8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:56:52.0588 0x01f8 ip6fw - ok
14:56:52.0678 0x01f8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:56:52.0738 0x01f8 IpFilterDriver - ok
14:56:52.0788 0x01f8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:56:52.0818 0x01f8 IpInIp - ok
14:56:52.0909 0x01f8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:56:52.0919 0x01f8 IpNat - ok
14:56:52.0969 0x01f8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:56:53.0009 0x01f8 IPSec - ok
14:56:53.0069 0x01f8 [ ACA5E7B54409F9CB5EED97ED0C81120E, 1E22F442EA77596F58D133F1A5887CDC4F3325DD0836D24A665E1D31287ABFF7 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
14:56:53.0099 0x01f8 irda - ok
14:56:53.0169 0x01f8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:56:53.0189 0x01f8 IRENUM - ok
14:56:53.0269 0x01f8 [ 49CC4533CE897CB2E93C1E84A818FDE5, F2AC81CDB971F630699616509748DCE133874EFC79B9D6230517B5A4DFBE193D ] Irmon C:\WINDOWS\System32\irmon.dll
14:56:53.0309 0x01f8 Irmon - ok
14:56:53.0389 0x01f8 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:56:53.0429 0x01f8 isapnp - ok
14:56:53.0660 0x01f8 [ DBDB1A25291B2D18C614F5CA963156A8, C8EA730A6A5BCBE7952AAA22F212C244014F206D2F4A274E29384C09F1F10A66 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:56:53.0670 0x01f8 JavaQuickStarterService - ok
14:56:53.0720 0x01f8 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:56:53.0740 0x01f8 Kbdclass - ok
14:56:53.0810 0x01f8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:56:53.0820 0x01f8 kmixer - ok
14:56:53.0920 0x01f8 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:56:53.0960 0x01f8 KSecDD - ok
14:56:54.0050 0x01f8 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:56:54.0060 0x01f8 lanmanserver - ok
14:56:54.0160 0x01f8 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:56:54.0170 0x01f8 lanmanworkstation - ok
14:56:54.0200 0x01f8 lbrtfdc - ok
14:56:54.0361 0x01f8 [ 31D8B705DCD5F2366186E731F87C7A71, D73DC732EF74C3C0EADD650B65BC6EEB44EA2C4E86BFD5BE989971A34FBA160A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:56:54.0371 0x01f8 LightScribeService - ok
14:56:54.0451 0x01f8 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:56:54.0461 0x01f8 LmHosts - ok
14:56:54.0531 0x01f8 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:56:54.0561 0x01f8 Messenger - ok
14:56:54.0631 0x01f8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:56:54.0651 0x01f8 mnmdd - ok
14:56:54.0721 0x01f8 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
14:56:54.0761 0x01f8 mnmsrvc - ok
14:56:54.0821 0x01f8 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:56:54.0831 0x01f8 Modem - ok
14:56:54.0881 0x01f8 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:56:54.0911 0x01f8 Mouclass - ok
14:56:54.0992 0x01f8 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:56:55.0042 0x01f8 mouhid - ok
14:56:55.0152 0x01f8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:56:55.0182 0x01f8 MountMgr - ok
14:56:55.0212 0x01f8 mraid35x - ok
14:56:55.0252 0x01f8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:56:55.0262 0x01f8 MRxDAV - ok
14:56:55.0492 0x01f8 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:56:55.0562 0x01f8 MRxSmb - ok
14:56:55.0633 0x01f8 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
14:56:55.0673 0x01f8 MSDTC - ok
14:56:55.0743 0x01f8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:56:55.0763 0x01f8 Msfs - ok
14:56:55.0793 0x01f8 MSIServer - ok
14:56:55.0853 0x01f8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:56:55.0873 0x01f8 MSKSSRV - ok
14:56:55.0943 0x01f8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:56:55.0973 0x01f8 MSPCLOCK - ok
14:56:56.0023 0x01f8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:56:56.0073 0x01f8 MSPQM - ok
14:56:56.0243 0x01f8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:56:56.0253 0x01f8 mssmbios - ok
14:56:56.0334 0x01f8 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:56:56.0364 0x01f8 Mup - ok
14:56:56.0584 0x01f8 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:56:56.0664 0x01f8 napagent - ok
14:56:56.0744 0x01f8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:56:56.0794 0x01f8 NDIS - ok
14:56:56.0864 0x01f8 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:56:56.0894 0x01f8 NdisTapi - ok
14:56:57.0004 0x01f8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:56:57.0004 0x01f8 Ndisuio - ok
14:56:57.0075 0x01f8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:56:57.0125 0x01f8 NdisWan - ok
14:56:57.0285 0x01f8 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:56:57.0315 0x01f8 NDProxy - ok
14:56:57.0385 0x01f8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:56:57.0415 0x01f8 NetBIOS - ok
14:56:57.0565 0x01f8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:56:57.0625 0x01f8 NetBT - ok
14:56:57.0716 0x01f8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
14:56:57.0756 0x01f8 NetDDE - ok
14:56:57.0786 0x01f8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:56:57.0796 0x01f8 NetDDEdsdm - ok
14:56:57.0866 0x01f8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\System32\lsass.exe
14:56:57.0896 0x01f8 Netlogon - ok
14:56:57.0966 0x01f8 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
14:56:57.0976 0x01f8 Netman - ok
14:56:58.0306 0x01f8 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:56:58.0747 0x01f8 NetTcpPortSharing - ok
14:56:58.0917 0x01f8 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
14:56:58.0937 0x01f8 Nla - ok
14:56:59.0017 0x01f8 NMIndexingService - ok
14:56:59.0268 0x01f8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:56:59.0298 0x01f8 Npfs - ok
14:56:59.0338 0x01f8 [ 2ADC0CA9945C65284B3D19BC18765974, A8E2B848E85A3B38350F4134DE9CA6749854B988F9A0087C60D97E19D474CBF3 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
14:56:59.0358 0x01f8 NSCIRDA - ok
14:56:59.0588 0x01f8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:56:59.0648 0x01f8 Ntfs - ok
14:56:59.0708 0x01f8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
14:56:59.0718 0x01f8 NtLmSsp - ok
14:56:59.0869 0x01f8 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:56:59.0959 0x01f8 NtmsSvc - ok
14:57:00.0019 0x01f8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
14:57:00.0049 0x01f8 Null - ok
14:57:00.0159 0x01f8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:57:00.0189 0x01f8 NwlnkFlt - ok
14:57:00.0219 0x01f8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:57:00.0249 0x01f8 NwlnkFwd - ok
14:57:00.0329 0x01f8 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:57:00.0359 0x01f8 Parport - ok
14:57:00.0409 0x01f8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:57:00.0429 0x01f8 PartMgr - ok
14:57:00.0469 0x01f8 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:57:00.0469 0x01f8 ParVdm - ok
14:57:00.0500 0x01f8 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:57:00.0570 0x01f8 PCI - ok
14:57:00.0600 0x01f8 PCIDump - ok
14:57:00.0630 0x01f8 PCIIde - ok
14:57:00.0700 0x01f8 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:57:00.0740 0x01f8 Pcmcia - ok
14:57:00.0760 0x01f8 PDCOMP - ok
14:57:00.0780 0x01f8 PDFRAME - ok
14:57:00.0830 0x01f8 PDRELI - ok
14:57:00.0880 0x01f8 PDRFRAME - ok
14:57:00.0920 0x01f8 perc2 - ok
14:57:00.0980 0x01f8 perc2hib - ok
14:57:01.0090 0x01f8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
14:57:01.0160 0x01f8 PlugPlay - ok
14:57:01.0221 0x01f8 [ FA292805788528C083F416E151B60AB6, CF47525D15FF3FF98768FF5AE8A8F0C01AE6300C249D24E518D2A02100D5A68A ] PMEM C:\WINDOWS\system32\drivers\PMEMNT.SYS
14:57:01.0221 0x01f8 PMEM - ok
14:57:01.0261 0x01f8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
14:57:01.0271 0x01f8 PolicyAgent - ok
14:57:01.0361 0x01f8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:57:01.0401 0x01f8 PptpMiniport - ok
14:57:01.0441 0x01f8 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
14:57:01.0471 0x01f8 Processor - ok
14:57:01.0511 0x01f8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:57:01.0511 0x01f8 ProtectedStorage - ok
14:57:01.0571 0x01f8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:57:01.0601 0x01f8 PSched - ok
14:57:01.0691 0x01f8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:57:01.0721 0x01f8 Ptilink - ok
14:57:01.0831 0x01f8 [ 1BCFED0946F9460D6272F85B70B87A52, 6EDE283D9B5173D9F91C969E5F97A21282395769C989F609B1EFDE7B5E40EA97 ] QCONSVC C:\WINDOWS\system32\QCONSVC.EXE
14:57:01.0831 0x01f8 QCONSVC - ok
14:57:01.0871 0x01f8 ql1080 - ok
14:57:01.0902 0x01f8 Ql10wnt - ok
14:57:01.0932 0x01f8 ql12160 - ok
14:57:01.0962 0x01f8 ql1240 - ok
14:57:01.0992 0x01f8 ql1280 - ok
14:57:02.0052 0x01f8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:57:02.0092 0x01f8 RasAcd - ok
14:57:02.0232 0x01f8 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:57:02.0272 0x01f8 RasAuto - ok
14:57:02.0352 0x01f8 [ 0207D26DDF796A193CCD9F83047BB5FC, 13613036BCB869FBD7229A0FE25D324710308385D8C35E5D990A40E52BE040DF ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:57:02.0392 0x01f8 Rasirda - ok
14:57:02.0442 0x01f8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:57:02.0472 0x01f8 Rasl2tp - ok
14:57:02.0613 0x01f8 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:57:02.0623 0x01f8 RasMan - ok
14:57:02.0673 0x01f8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:57:02.0703 0x01f8 RasPppoe - ok
14:57:02.0803 0x01f8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:57:02.0843 0x01f8 Raspti - ok
14:57:02.0943 0x01f8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:57:02.0983 0x01f8 Rdbss - ok
14:57:03.0023 0x01f8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:57:03.0053 0x01f8 RDPCDD - ok
14:57:03.0183 0x01f8 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:57:03.0213 0x01f8 rdpdr - ok
14:57:03.0314 0x01f8 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:57:03.0364 0x01f8 RDPWD - ok
14:57:03.0464 0x01f8 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:57:03.0514 0x01f8 RDSessMgr - ok
14:57:03.0564 0x01f8 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:57:03.0594 0x01f8 redbook - ok
14:57:03.0654 0x01f8 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:57:03.0714 0x01f8 RemoteAccess - ok
14:57:03.0794 0x01f8 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:57:03.0804 0x01f8 RemoteRegistry - ok
14:57:03.0884 0x01f8 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\System32\locator.exe
14:57:03.0934 0x01f8 RpcLocator - ok
14:57:04.0245 0x01f8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:57:04.0265 0x01f8 RpcSs - ok
14:57:04.0405 0x01f8 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\System32\rsvp.exe
14:57:04.0465 0x01f8 RSVP - ok
14:57:04.0575 0x01f8 [ 88B63F291AE10C1B66D2B9ED6921A7DF, A0174FC75459CE38028B1436BD46234062A3FCBE164E139F53BE49BAB3B8F95F ] rtl8185 C:\WINDOWS\system32\DRIVERS\rtl8185.sys
14:57:04.0605 0x01f8 rtl8185 - ok
14:57:04.0645 0x01f8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
14:57:04.0655 0x01f8 SamSs - ok
14:57:04.0736 0x01f8 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:57:04.0786 0x01f8 SCardSvr - ok
14:57:04.0886 0x01f8 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:57:04.0896 0x01f8 Schedule - ok
14:57:04.0976 0x01f8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:57:05.0006 0x01f8 Secdrv - ok
14:57:05.0056 0x01f8 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:57:05.0066 0x01f8 seclogon - ok
14:57:05.0186 0x01f8 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
14:57:05.0196 0x01f8 SENS - ok
14:57:05.0266 0x01f8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:57:05.0286 0x01f8 serenum - ok
14:57:05.0346 0x01f8 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:57:05.0397 0x01f8 Serial - ok
14:57:05.0487 0x01f8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:57:05.0517 0x01f8 Sfloppy - ok
14:57:05.0657 0x01f8 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:57:05.0677 0x01f8 SharedAccess - ok
14:57:05.0747 0x01f8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:57:05.0757 0x01f8 ShellHWDetection - ok
14:57:05.0787 0x01f8 Simbad - ok
14:57:05.0817 0x01f8 SjyPkt - ok
14:57:05.0857 0x01f8 [ E061A9A43C80BE5AA5D94F1EF4A713C1, 334CD9E8C4A57C2BF43A0D3895D18832C7EB0C5A6455CF3361A09F7A28DF4A6F ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
14:57:05.0887 0x01f8 Smapint - ok
14:57:06.0058 0x01f8 [ 7B06A22F16B64C23C41E0278B8DC90BF, 02867493783DAC96A90B6CD14B358C05C63FE0862A98BD71CD54F34E31632C54 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
14:57:06.0128 0x01f8 smwdm - ok
14:57:06.0158 0x01f8 Sparrow - ok
14:57:06.0578 0x01f8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:57:06.0578 0x01f8 splitter - ok
14:57:06.0668 0x01f8 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:57:06.0678 0x01f8 Spooler - ok
14:57:06.0789 0x01f8 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:57:06.0989 0x01f8 sr - ok
14:57:07.0089 0x01f8 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\System32\srsvc.dll
14:57:07.0109 0x01f8 srservice - ok
14:57:07.0319 0x01f8 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:57:07.0339 0x01f8 Srv - ok
14:57:07.0419 0x01f8 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:57:07.0429 0x01f8 SSDPSRV - ok
14:57:07.0560 0x01f8 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:57:07.0590 0x01f8 stisvc - ok
14:57:07.0660 0x01f8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:57:07.0690 0x01f8 swenum - ok
14:57:07.0800 0x01f8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:57:07.0800 0x01f8 swmidi - ok
14:57:07.0840 0x01f8 SwPrv - ok
14:57:07.0890 0x01f8 symc810 - ok
14:57:07.0930 0x01f8 symc8xx - ok
14:57:07.0960 0x01f8 sym_hi - ok
14:57:07.0990 0x01f8 sym_u3 - ok
14:57:08.0050 0x01f8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:57:08.0050 0x01f8 sysaudio - ok
14:57:08.0070 0x01f8 Suspicious service (NoAccess): syshost32
14:57:08.0271 0x01f8 [ E48A91AC570F9A683CBCFE94C59DCB18, 9BDDEAD3900F28BEE90F5DAB2354E8136613E729F3E07193411F00E07A1040CC ] syshost32 C:\WINDOWS\Installer\{F07CB50E-48C0-6B81-B4AF-6E15944F672B}\syshost.exe
14:57:08.0281 0x01f8 Suspicious file ( NoAccess ): C:\WINDOWS\Installer\{F07CB50E-48C0-6B81-B4AF-6E15944F672B}\syshost.exe. md5: E48A91AC570F9A683CBCFE94C59DCB18, sha256: 9BDDEAD3900F28BEE90F5DAB2354E8136613E729F3E07193411F00E07A1040CC
14:57:09.0863 0x01f8 syshost32 - detected Rootkit.Win32.Necurs.gen ( 0 )
14:57:12.0817 0x01f8 syshost32 ( Rootkit.Win32.Necurs.gen ) - infected
14:57:12.0817 0x01f8 Force sending object to P2P due to detect: syshost32
14:57:15.0371 0x01f8 Object send P2P result: true
14:57:17.0874 0x01f8 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:57:17.0925 0x01f8 SysmonLog - ok
14:57:18.0115 0x01f8 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:57:18.0145 0x01f8 TapiSrv - ok
14:57:18.0345 0x01f8 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:57:18.0365 0x01f8 Tcpip - ok
14:57:18.0445 0x01f8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:57:18.0445 0x01f8 TDPIPE - ok
14:57:18.0505 0x01f8 [ 0353AC9D91E28D936E4227539B1B2393, 8B31C2F496C446DF69B898B9B585A1097DDCA3EE50ACD31B5E09D8B1CD68DF94 ] TDSMAPI C:\WINDOWS\system32\Drivers\TDSMAPI.SYS
14:57:18.0505 0x01f8 TDSMAPI - ok
14:57:18.0565 0x01f8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:57:18.0565 0x01f8 TDTCP - ok
14:57:18.0626 0x01f8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:57:18.0636 0x01f8 TermDD - ok
14:57:18.0786 0x01f8 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
14:57:18.0846 0x01f8 TermService - ok
14:57:18.0986 0x01f8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
14:57:18.0996 0x01f8 Themes - ok
14:57:19.0086 0x01f8 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
14:57:19.0146 0x01f8 TlntSvr - ok
14:57:19.0166 0x01f8 TosIde - ok
14:57:19.0226 0x01f8 [ 90579B74E1E110C2F379117047BDB356, EDD255C1A104DA6469846A4B4CDBFC5CB40DCD69DDE5207D799FB7DC850A014A ] Tp4Track C:\WINDOWS\system32\DRIVERS\tp4track.sys
14:57:19.0226 0x01f8 Tp4Track - ok
14:57:19.0266 0x01f8 [ 47F23B26F771765FD8CAC0EBAE4545E9, 2AFE4C57FE833F18E65F959DAF8879823CE8BEB13B1BA34A61E6806AF609EDC5 ] TPHKDRV C:\WINDOWS\system32\drivers\TPHKDRV.sys
14:57:19.0266 0x01f8 TPHKDRV - ok
14:57:19.0287 0x01f8 [ C10B74CF569D39594E170734DB590661, 134890D6FAE83FA38F8EEA3B72EC0E12778D6E15C7605758D9933AA4A945E755 ] TPPWR C:\WINDOWS\system32\drivers\Tppwr.sys
14:57:19.0287 0x01f8 TPPWR - ok
14:57:19.0417 0x01f8 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:57:19.0427 0x01f8 TrkWks - ok
14:57:19.0487 0x01f8 [ 76F0A07D83FA24478C07250F4FC8B128, 4894CD9ABDDC9712D3D9938A66B9CD83485AEA7F0D351769D58AC80FA5885412 ] TSMAPIP C:\WINDOWS\system32\drivers\TSMAPIP.SYS
14:57:19.0487 0x01f8 TSMAPIP - ok
14:57:19.0537 0x01f8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:57:19.0537 0x01f8 Udfs - ok
14:57:19.0607 0x01f8 ultra - ok
14:57:19.0737 0x01f8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:57:19.0767 0x01f8 Update - ok
14:57:19.0867 0x01f8 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
14:57:19.0917 0x01f8 upnphost - ok
14:57:19.0968 0x01f8 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
14:57:19.0998 0x01f8 UPS - ok
14:57:20.0068 0x01f8 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:57:20.0068 0x01f8 usbehci - ok
14:57:20.0228 0x01f8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:57:20.0228 0x01f8 usbhub - ok
14:57:20.0338 0x01f8 [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:57:20.0338 0x01f8 usbscan - ok
14:57:20.0428 0x01f8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:57:20.0428 0x01f8 USBSTOR - ok
14:57:20.0478 0x01f8 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:57:20.0488 0x01f8 usbuhci - ok
14:57:20.0528 0x01f8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:57:20.0528 0x01f8 VgaSave - ok
14:57:20.0558 0x01f8 ViaIde - ok
14:57:20.0689 0x01f8 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:57:20.0719 0x01f8 VolSnap - ok
14:57:20.0819 0x01f8 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
14:57:20.0899 0x01f8 VSS - ok
14:57:21.0029 0x01f8 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\System32\w32time.dll
14:57:21.0049 0x01f8 W32Time - ok
14:57:21.0139 0x01f8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:57:21.0159 0x01f8 Wanarp - ok
14:57:21.0189 0x01f8 WDICA - ok
14:57:21.0259 0x01f8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:57:21.0259 0x01f8 wdmaud - ok
14:57:21.0319 0x01f8 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
14:57:21.0329 0x01f8 WebClient - ok
14:57:21.0830 0x01f8 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:57:21.0840 0x01f8 winmgmt - ok
14:57:21.0980 0x01f8 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:57:22.0020 0x01f8 WmdmPmSN - ok
14:57:22.0481 0x01f8 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:57:22.0521 0x01f8 Wmi - ok
14:57:22.0641 0x01f8 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:57:22.0701 0x01f8 WmiApSrv - ok
14:57:23.0102 0x01f8 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:57:23.0673 0x01f8 WMPNetworkSvc - ok
14:57:23.0793 0x01f8 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:57:23.0803 0x01f8 WpdUsb - ok
14:57:23.0883 0x01f8 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:57:23.0883 0x01f8 wscsvc - ok
14:57:23.0993 0x01f8 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:57:24.0033 0x01f8 wuauserv - ok
14:57:24.0224 0x01f8 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:57:24.0224 0x01f8 WudfPf - ok
14:57:24.0284 0x01f8 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:57:24.0294 0x01f8 WudfRd - ok
14:57:24.0354 0x01f8 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:57:24.0384 0x01f8 WudfSvc - ok
14:57:24.0674 0x01f8 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:57:24.0714 0x01f8 WZCSVC - ok
14:57:24.0865 0x01f8 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:57:24.0915 0x01f8 xmlprov - ok
14:57:24.0955 0x01f8 ================ Scan global ===============================
14:57:25.0055 0x01f8 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
14:57:25.0315 0x01f8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:57:25.0435 0x01f8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
14:57:25.0515 0x01f8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
14:57:25.0525 0x01f8 [ Global ] - ok
14:57:25.0556 0x01f8 ================ Scan MBR ==================================
14:57:25.0596 0x01f8 [ AB67D479E4EE1CCAD757294B60DDB98F ] \Device\Harddisk0\DR0
14:57:27.0488 0x01f8 \Device\Harddisk0\DR0 - ok
14:57:27.0508 0x01f8 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
14:57:27.0528 0x01f8 \Device\Harddisk1\DR1 - ok
14:57:27.0548 0x01f8 ================ Scan VBR ==================================
14:57:27.0558 0x01f8 [ 4FDC23B120F0EC5F80AE98557F4D9DCB ] \Device\Harddisk0\DR0\Partition1
14:57:27.0558 0x01f8 \Device\Harddisk0\DR0\Partition1 - ok
14:57:27.0588 0x01f8 [ BDF83EFF05C13F2D4DA35EC086A7BB23 ] \Device\Harddisk1\DR1\Partition1
14:57:28.0289 0x01f8 \Device\Harddisk1\DR1\Partition1 - ok
14:57:28.0340 0x01f8 ================ Scan generic autorun ======================
14:57:28.0420 0x01f8 [ FAE95D6D7651B5629C4E19ADBC9A3863, 8209A13B8C845D8EFB1B1C21135B5119E6E2AC5694B982E2103E53D0CBAA080C ] C:\WINDOWS\system32\Ati2mdxx.exe
14:57:28.0420 0x01f8 ATIModeChange - ok
14:57:28.0520 0x01f8 [ 97826CB927E0E7F4500879D99DE6D3C5, 0FB04C5AA4C1BE2E35BBDE474916DF00E223A41D6E0C590FF0C5132EBBA69051 ] C:\WINDOWS\system32\tp4serv.exe
14:57:28.0560 0x01f8 TrackPointSrv - ok
14:57:28.0770 0x01f8 [ 71E256D5C8FB8FD1933968DCCFD967A0, 92481C790B092CC363BABEA16B0252BEEE1A7CBC1C6FF55F93030DD4AB92FA66 ] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
14:57:28.0800 0x01f8 TPTRAY - ok
14:57:28.0830 0x01f8 BMMGAG - ok
14:57:29.0141 0x01f8 [ 6C2CF216C460BED0D4B83AF07980A761, B8BF59F1F5937558B73F1D6728E92AE8B07CB38AD529357A4E16663A969A81BE ] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
14:57:29.0181 0x01f8 QCTRAY - ok
14:57:29.0281 0x01f8 [ 8633F1E7AA1912AD962E5A656D264045, BB17957ECE5EC9ED25E9B58315AD436C76B2FF1B5A1C5D8397FC7950CC65F126 ] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
14:57:29.0281 0x01f8 QCWLICON - ok
14:57:29.0401 0x01f8 [ AA3B957AF3F3B4AA9047D5531696AB0E, BA826D7A0B56C04528C4A8EDA498173C533BA3CDD75E1C73E224AFD712F06680 ] C:\WINDOWS\system32\tp4ex.exe
14:57:29.0411 0x01f8 TP4EX - ok
14:57:29.0581 0x01f8 [ 6CE63001262FB82D746E1DEEBF00B43B, B660ECA6989ABFC3B97FCEB8D692A11F77B9D4A81D5FC34759462D2EC37A2F63 ] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
14:57:29.0581 0x01f8 TPHOTKEY - ok
14:57:29.0651 0x01f8 Tgcmd - ok
14:57:29.0742 0x01f8 [ C0041BB27E2E5B0550C179ECF53425CD, 82EB1BF88B1D93F4AEC5EB6A1DB790E6EFA0379DD771251707BE9F67266D3547 ] C:\WINDOWS\AGRSMMSG.exe
14:57:36.0431 0x01f8 AGRSMMSG - ok
14:57:36.0531 0x01f8 [ 3E4C03CEFAD8DE135263236B61A49C90, 243201B64F4B60D55CDB1A3BF4B9AA60BC22EB8ACA88E95042EE48AC5DF5F397 ] C:\WINDOWS\system32\\NeroCheck.exe
14:57:36.0541 0x01f8 NeroCheck - ok
14:57:36.0692 0x01f8 [ E284188C5CF416378CC740EB13059A50, 0E0863D84B29662B3EEE0602742CAE8F966CE043E690C62BC3A00244B7D35D04 ] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
14:57:36.0692 0x01f8 Adobe Reader Speed Launcher - ok
14:57:37.0092 0x01f8 [ 29FB6EF1EFB1357E2883FE297F1EBC31, A6F465EA84277D88771BE6438CAC32D8E2C73A6EEC809CB38E1090FFFB27804E ] C:\PROGRA~1\AVG\AVG9\avgtray.exe
14:57:37.0222 0x01f8 AVG9_TRAY - ok
14:57:37.0543 0x01f8 [ 3103FE27C967675B019E880AA6DA3D6D, 515E750ACD28C3CFD8174B7F213E2AA741D8942FB68E57F701EBCBB92EC3F537 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:57:37.0603 0x01f8 Adobe ARM - ok
14:57:37.0823 0x01f8 [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
14:57:37.0843 0x01f8 SunJavaUpdateSched - ok
14:57:37.0913 0x01f8 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
14:57:37.0913 0x01f8 ctfmon.exe - ok
14:57:37.0943 0x01f8 updateMgr - ok
14:57:37.0973 0x01f8 MSMSGS - ok
14:57:37.0983 0x01f8 NeroHomeFirstStart - ok
14:57:38.0104 0x01f8 [ 269AFE2F2E2957DF8F7A5F82B2B092DB, 37B8B913090A01EC5C656214F9081AC93ADE8682582327366A7F76EDBDC98A39 ] C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe
14:57:38.0234 0x01f8 avg_spchecker - ok
14:57:38.0254 0x01f8 Waiting for KSN requests completion. In queue: 8
14:57:39.0255 0x01f8 Waiting for KSN requests completion. In queue: 8
14:57:40.0257 0x01f8 Waiting for KSN requests completion. In queue: 8
14:57:41.0358 0x01f8 AV detected via SS1: AVG Anti-Virus Free, 9.0, enabled, updated
14:57:41.0368 0x01f8 Win FW state via NFM: disabled
14:57:43.0782 0x01f8 ============================================================
14:57:43.0782 0x01f8 Scan finished
14:57:43.0782 0x01f8 ============================================================
14:57:43.0842 0x0a64 Detected object count: 1
14:57:43.0842 0x0a64 Actual detected object count: 1
14:58:56.0596 0x0a64 C:\WINDOWS\Installer\{F07CB50E-48C0-6B81-B4AF-6E15944F672B}\syshost.exe - copied to quarantine
14:58:56.0596 0x0a64 HKLM\SYSTEM\ControlSet002\services\syshost32 - will be deleted on reboot
14:58:56.0647 0x0a64 C:\WINDOWS\Installer\{F07CB50E-48C0-6B81-B4AF-6E15944F672B}\syshost.exe - will be deleted on reboot
14:58:56.0647 0x0a64 syshost32 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
14:59:00.0412 0x0a64 KLMD registered as C:\WINDOWS\system32\drivers\61547588.sys
14:59:58.0315 0x0eb0 Deinitialize success
Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 12/08/2014 03:30:52 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\WINDOWS\System32\QCONSVC.EXE (PID: 1272) [WD-HEUR]
1 proccess terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.
* HOSTS file entries found:
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
20 out of 15612 HOSTS entries shown.
Please review HOSTS file for further entries.
Program finished at: 12/08/2014 03:34:43 PM
Execution time: 0 hours(s), 3 minute(s), and 50 seconds(s)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 08/12/2014
Scan Time: 15:36:25
Logfile: mbam.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.12.08.04
Rootkit Database: v2014.12.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: IBM
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356340
Time Elapsed: 1 hr, 5 min, 19 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32, , [20448fd15c208da9e92432441fe5c838],
Registry Values: 1
Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSHOST32|ImagePath, "C:\WINDOWS\Installer\{F07CB50E-48C0-6B81-B4AF-6E15944F672B}\syshost.exe" /service, , [20448fd15c208da9e92432441fe5c838]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
RogueKiller V10.0.9.0 [Dec 8 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : IBM [Administrator]
Mode : Scan -- Date : 12/08/2014 16:57:22
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 8 ¤¤¤
[Root.Necurs] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\8abc572ce51d2ca0 -> Found
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\8abc572ce51d2ca0 -> Found
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\8abc572ce51d2ca0 -> Found
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\syshost32 -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main | Start Page : file:///C:/Documents/Links_07.htm -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc0000001]) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] it92t6zv.default : user_pref("browser.startup.homepage", "file:///C:/Documents/Links_07.htm"); -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: IC25N020ATCS04-0 +++++
--- User ---
[MBR] b6351a83af7db8b2b21a75bce7ef0bde
[BSP] 8ac2aeb576eb43be8ab59644d36fa76e : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 17637 MB
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 36121680 | Size: 1439 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: SAMSUNG HM160HC +++++
--- User ---
[MBR] 0eab729657d325cc560e0cc412daff46
[BSP] b9c8f0477e8a5bf36e966c1e3ec93e3f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_11162014_152357.log - RKreport_DEL_11182014_013106.log - RKreport_SCN_11162014_003509.log - RKreport_SCN_11162014_152242.log
RKreport_SCN_11172014_140902.log - RKreport_SCN_11172014_192455.log - RKreport_SCN_11182014_012722.log
Hi later,
Thanks for the complete and thorough explanation of the scan process. :bigthumb:
When you ran MBAM, did you select to remove the entries found?
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run RogueKiller
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Quit all programs
Wait until Prescan has finished ...
Click on Scan.
After the scan has completed click on the Registry tab
Place a check mark next to each of the following entries:
[Root.Necurs] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\8abc572ce51d2ca0 -> Found
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\8abc572ce51d2ca0 -> Found
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\8abc572ce51d2ca0 -> Found
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\syshost32 -> Found
Remove the check mark from all other entries listed
Click the Delete button
Click the Report button, save the report to your desktop
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run TDSSKiller
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Malwarebytes' Anti-Malware
Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here (http://www.malwarebytes.org/mbam-download.php)
Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to run the program..
Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================
In your next post please provide the following:
RogueKiller log
new TDSSKiller log
new MBAM log
OK, I've run the scans requested and they seemed to go OK. After the TDSSkiller reboot, the problem with AVG seemed to disappear, and MBAM didn't show anything, but I've just checked Security Centre, and it was saying that the firewall was still down - although I didn't get a balloon pop-up to warn me it was down. So I re-enabled it manually, but don't know yet if it will come back on again at the next re-boot. One possibly anomalous bit of behavior was that TDSSkiller spontaneously re-appeared at start-up on the re-boot with a cmd.exe window and a security warning pop-up about running a .exe file - should it have been doing that? Just in case it was unexpected, I grabbed a screen cap of the pop-up, which I can post if needed.
Here's the log files:
RogueKiller V10.0.9.0 [Dec 8 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : IBM [Administrator]
Mode : Delete -- Date : 12/09/2014 00:23:52
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 7 ¤¤¤
[Root.Necurs] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\8abc572ce51d2ca0 -> ERROR [4001]
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\8abc572ce51d2ca0 -> ERROR [4001]
[Root.Necurs] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\8abc572ce51d2ca0 -> ERROR [4001]
[PUM.HomePage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main | Start Page : file:///C:/Documents/Links_07.htm -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc0000001]) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] it92t6zv.default : user_pref("browser.startup.homepage", "file:///C:/Documents/Links_07.htm"); -> Not selected
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: IC25N020ATCS04-0 +++++
--- User ---
[MBR] b6351a83af7db8b2b21a75bce7ef0bde
[BSP] 8ac2aeb576eb43be8ab59644d36fa76e : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 17637 MB
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 36121680 | Size: 1439 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: SAMSUNG HM160HC +++++
--- User ---
[MBR] 0eab729657d325cc560e0cc412daff46
[BSP] b9c8f0477e8a5bf36e966c1e3ec93e3f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_11162014_152357.log - RKreport_DEL_11182014_013106.log - RKreport_SCN_11162014_003509.log - RKreport_SCN_11162014_152242.log
RKreport_SCN_11172014_140902.log - RKreport_SCN_11172014_192455.log - RKreport_SCN_11182014_012722.log - RKreport_SCN_12082014_165717.log
RKreport_SCN_12092014_002017.log
00:37:32.0578 0x0d34 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
00:37:34.0751 0x0d34 ============================================================
00:37:34.0751 0x0d34 Current date / time: 2014/12/09 00:37:34.0751
00:37:34.0751 0x0d34 SystemInfo:
00:37:34.0751 0x0d34
00:37:34.0761 0x0d34 OS Version: 5.1.2600 ServicePack: 3.0
00:37:34.0761 0x0d34 Product type: Workstation
00:37:34.0761 0x0d34 ComputerName: THINKPAD
00:37:34.0761 0x0d34 UserName: IBM
00:37:34.0761 0x0d34 Windows directory: C:\WINDOWS
00:37:34.0761 0x0d34 System windows directory: C:\WINDOWS
00:37:34.0761 0x0d34 Processor architecture: Intel x86
00:37:34.0761 0x0d34 Number of processors: 1
00:37:34.0761 0x0d34 Page size: 0x1000
00:37:34.0761 0x0d34 Boot type: Normal boot
00:37:34.0761 0x0d34 ============================================================
00:37:34.0771 0x0d34 BG loaded
00:37:39.0938 0x0d34 System UUID: {65C7A9CC-C291-863E-FB8C-E2EA3E48D80E}
00:37:55.0521 0x0d34 Drive \Device\Harddisk0\DR0 - Size: 0x4A8530000 ( 18.63 Gb ), SectorSize: 0x200, Cylinders: 0xA18, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000044
00:37:56.0302 0x0d34 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000044
00:37:56.0422 0x0d34 ============================================================
00:37:56.0422 0x0d34 \Device\Harddisk0\DR0:
00:37:56.0462 0x0d34 MBR partitions:
00:37:56.0502 0x0d34 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2272C11
00:37:56.0502 0x0d34 \Device\Harddisk1\DR1:
00:37:56.0542 0x0d34 MBR partitions:
00:37:56.0542 0x0d34 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
00:37:56.0542 0x0d34 ============================================================
00:37:56.0893 0x0d34 C: <-> \Device\Harddisk0\DR0\Partition1
00:37:57.0073 0x0d34 D: <-> \Device\Harddisk1\DR1\Partition1
00:37:57.0073 0x0d34 ============================================================
00:37:57.0073 0x0d34 Initialize success
00:37:57.0073 0x0d34 ============================================================
00:38:33.0625 0x0dd8 ============================================================
00:38:33.0625 0x0dd8 Scan started
00:38:33.0625 0x0dd8 Mode: Manual;
00:38:33.0625 0x0dd8 ============================================================
00:38:33.0625 0x0dd8 KSN ping started
00:38:57.0950 0x0dd8 KSN ping finished: true
00:39:00.0194 0x0dd8 ================ Scan system memory ========================
00:39:00.0204 0x0dd8 System memory - ok
00:39:00.0214 0x0dd8 ================ Scan services =============================
00:39:00.0554 0x0dd8 27784469 - ok
00:39:00.0594 0x0dd8 64329303 - ok
00:39:00.0604 0x0dd8 Suspicious service (NoAccess): 8abc572ce51d2ca0
00:39:00.0724 0x0dd8 [ 2C41EEBB24C4AA8CA10A1AAD236BA2E1, 073CE628A8CF9BA88BEA4A99AEA35E5DD74E9F3ACE48CF96871E0F44DB6FEE31 ] 8abc572ce51d2ca0 C:\WINDOWS\System32\Drivers\8abc572ce51d2ca0.sys
00:39:00.0724 0x0dd8 Suspicious file ( NoAccess ): C:\WINDOWS\System32\Drivers\8abc572ce51d2ca0.sys. md5: 2C41EEBB24C4AA8CA10A1AAD236BA2E1, sha256: 073CE628A8CF9BA88BEA4A99AEA35E5DD74E9F3ACE48CF96871E0F44DB6FEE31
00:39:02.0417 0x0dd8 8abc572ce51d2ca0 - detected Rootkit.Win32.Necurs.gen ( 0 )
00:39:07.0053 0x0dd8 8abc572ce51d2ca0 ( Rootkit.Win32.Necurs.gen ) - infected
00:39:07.0053 0x0dd8 Force sending object to P2P due to detect: 8abc572ce51d2ca0
00:39:09.0577 0x0dd8 Object send P2P result: true
00:39:12.0011 0x0dd8 Abiosdsk - ok
00:39:12.0031 0x0dd8 abp480n5 - ok
00:39:12.0151 0x0dd8 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:39:12.0161 0x0dd8 ACPI - ok
00:39:12.0231 0x0dd8 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
00:39:12.0231 0x0dd8 ACPIEC - ok
00:39:12.0281 0x0dd8 adpu160m - ok
00:39:12.0361 0x0dd8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:39:12.0381 0x0dd8 aec - ok
00:39:12.0461 0x0dd8 [ 58A8273918EEF2BF9204B12ED171513A, 6C79AC93FBBD8B877DD71557A8B2A2B9C20277BBFCEDE6A1ECA7FFC650FC6143 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
00:39:12.0461 0x0dd8 AegisP - ok
00:39:12.0561 0x0dd8 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:39:12.0571 0x0dd8 AFD - ok
00:39:12.0902 0x0dd8 [ AFF071B6290776E1FA162837C35EAC78, 07F3CDB27C767BEDB9E8C82A4FE738AD408225C2A22428669F742EDF30410758 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
00:39:12.0982 0x0dd8 AgereSoftModem - ok
00:39:13.0092 0x0dd8 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
00:39:13.0102 0x0dd8 agp440 - ok
00:39:13.0132 0x0dd8 Aha154x - ok
00:39:13.0162 0x0dd8 aic78u2 - ok
00:39:13.0192 0x0dd8 aic78xx - ok
00:39:13.0272 0x0dd8 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:39:13.0272 0x0dd8 Alerter - ok
00:39:13.0342 0x0dd8 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
00:39:13.0342 0x0dd8 ALG - ok
00:39:13.0383 0x0dd8 AliIde - ok
00:39:13.0413 0x0dd8 amsint - ok
00:39:13.0503 0x0dd8 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:39:13.0513 0x0dd8 AppMgmt - ok
00:39:13.0563 0x0dd8 asc - ok
00:39:13.0583 0x0dd8 asc3350p - ok
00:39:13.0613 0x0dd8 asc3550 - ok
00:39:13.0793 0x0dd8 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:39:13.0963 0x0dd8 aspnet_state - ok
00:39:14.0054 0x0dd8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:39:14.0054 0x0dd8 AsyncMac - ok
00:39:14.0114 0x0dd8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:39:14.0124 0x0dd8 atapi - ok
00:39:14.0154 0x0dd8 Atdisk - ok
00:39:14.0254 0x0dd8 [ 418CDC2888D01E1CD5CE297AF00807A3, 1DE3277683E0D3D2B1B83FF9D718C125E3D542477C1505063DDE8145C408391D ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
00:39:14.0264 0x0dd8 Ati HotKey Poller - ok
00:39:14.0424 0x0dd8 [ D1F804642C627782C6D213BCE0604F09, 43DB2A74835B5E5C796509990E0FCB4A4897A027D0117F5B6C8ECD37E80F7F28 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:39:14.0454 0x0dd8 ati2mtag - ok
00:39:14.0514 0x0dd8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:39:14.0524 0x0dd8 Atmarpc - ok
00:39:14.0594 0x0dd8 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:39:14.0604 0x0dd8 AudioSrv - ok
00:39:14.0745 0x0dd8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:39:14.0745 0x0dd8 audstub - ok
00:39:15.0075 0x0dd8 [ AA054CD537357F03D5BA6ABA7562B35F, F331D929920D38B53FEA464AF54DB59224882D386C55689CDDF6C6DC1473284E ] avg9emc C:\Program Files\AVG\AVG9\avgemc.exe
00:39:15.0155 0x0dd8 avg9emc - ok
00:39:15.0345 0x0dd8 [ C4D15594DB5BE042D3346EA58DF87D89, 8E24868518DE53F28C92C473A415BED613665287F338B815FEDE21D151F01962 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe
00:39:15.0355 0x0dd8 avg9wd - ok
00:39:15.0496 0x0dd8 [ A9F4D19DE72C738759330D10D35C4398, 46D760EBFBABF3FDCD02F4AC38180FBFFEFFA36F68C18602695A9FCB6C4C13DE ] AvgLdx86 C:\WINDOWS\System32\Drivers\avgldx86.sys
00:39:15.0506 0x0dd8 AvgLdx86 - ok
00:39:15.0596 0x0dd8 [ 80FF2B1B7EEDA966394F0BAA895BBF4B, D8F5C111837707DC37975C1E315FCD33BF96AB21D89874CB0290134A44C46BEF ] AvgMfx86 C:\WINDOWS\System32\Drivers\avgmfx86.sys
00:39:15.0596 0x0dd8 AvgMfx86 - ok
00:39:15.0766 0x0dd8 [ 9A7A93388F503A34E7339AE7F9997449, 9549146C19EAF65DB98314A7CCB0AB27503DC812B521444CBEA5493998ADAA80 ] AvgTdiX C:\WINDOWS\System32\Drivers\avgtdix.sys
00:39:15.0786 0x0dd8 AvgTdiX - ok
00:39:15.0876 0x0dd8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:39:15.0876 0x0dd8 Beep - ok
00:39:16.0006 0x0dd8 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
00:39:16.0437 0x0dd8 BITS - ok
00:39:16.0557 0x0dd8 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
00:39:16.0557 0x0dd8 Browser - ok
00:39:16.0657 0x0dd8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:39:16.0667 0x0dd8 cbidf2k - ok
00:39:16.0697 0x0dd8 cd20xrnt - ok
00:39:16.0777 0x0dd8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:39:16.0777 0x0dd8 Cdaudio - ok
00:39:16.0908 0x0dd8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:39:16.0918 0x0dd8 Cdfs - ok
00:39:16.0968 0x0dd8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:39:16.0978 0x0dd8 Cdrom - ok
00:39:17.0018 0x0dd8 Changer - ok
00:39:17.0088 0x0dd8 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] cisvc C:\WINDOWS\System32\cisvc.exe
00:39:17.0098 0x0dd8 cisvc - ok
00:39:17.0138 0x0dd8 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:39:17.0148 0x0dd8 ClipSrv - ok
00:39:17.0228 0x0dd8 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:39:17.0529 0x0dd8 clr_optimization_v2.0.50727_32 - ok
00:39:17.0609 0x0dd8 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:39:17.0609 0x0dd8 CmBatt - ok
00:39:17.0649 0x0dd8 CmdIde - ok
00:39:17.0719 0x0dd8 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:39:17.0719 0x0dd8 Compbatt - ok
00:39:17.0769 0x0dd8 COMSysApp - ok
00:39:17.0839 0x0dd8 Cpqarray - ok
00:39:18.0059 0x0dd8 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:39:18.0069 0x0dd8 CryptSvc - ok
00:39:18.0099 0x0dd8 dac2w2k - ok
00:39:18.0129 0x0dd8 dac960nt - ok
00:39:18.0260 0x0dd8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:39:18.0290 0x0dd8 DcomLaunch - ok
00:39:18.0400 0x0dd8 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:39:18.0410 0x0dd8 Dhcp - ok
00:39:18.0500 0x0dd8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:39:18.0510 0x0dd8 Disk - ok
00:39:18.0560 0x0dd8 dmadmin - ok
00:39:18.0720 0x0dd8 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:39:18.0780 0x0dd8 dmboot - ok
00:39:18.0921 0x0dd8 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:39:18.0931 0x0dd8 dmio - ok
00:39:19.0011 0x0dd8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:39:19.0011 0x0dd8 dmload - ok
00:39:19.0081 0x0dd8 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
00:39:19.0081 0x0dd8 dmserver - ok
00:39:19.0161 0x0dd8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:39:19.0171 0x0dd8 DMusic - ok
00:39:19.0241 0x0dd8 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:39:19.0241 0x0dd8 Dnscache - ok
00:39:19.0331 0x0dd8 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:39:19.0341 0x0dd8 Dot3svc - ok
00:39:19.0371 0x0dd8 dpti2o - ok
00:39:19.0421 0x0dd8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:39:19.0421 0x0dd8 drmkaud - ok
00:39:19.0501 0x0dd8 [ 816AC73D056626333DD1D8F759F0AFAA, E41A12680088D927D011F84F1F173DB9D47444A7C7F701BCC39E7165A313B5A8 ] DSMBATT C:\WINDOWS\system32\drivers\DSMBATT.SYS
00:39:19.0501 0x0dd8 DSMBATT - ok
00:39:19.0571 0x0dd8 [ 81459BD6D8FEAADF2848AE88B3D02EC3, 240CEBFD1CDF824C43748362B3BDCE1B9D9CA238EDDC1E14051D006C6CCDFCF5 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:39:19.0581 0x0dd8 E100B - ok
00:39:19.0732 0x0dd8 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:39:19.0732 0x0dd8 EapHost - ok
00:39:19.0812 0x0dd8 [ 938F1EC77BA35858248E584B2D2E9776, E48E7C363F4AAF8601016E3AAAD50C5C99E83747733C6339D9E21D3C8DDDE7B5 ] EGATHDRV C:\WINDOWS\system32\EGATHDRV.SYS
00:39:19.0812 0x0dd8 EGATHDRV - ok
00:39:19.0922 0x0dd8 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:39:19.0932 0x0dd8 ERSvc - ok
00:39:20.0032 0x0dd8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
00:39:20.0042 0x0dd8 Eventlog - ok
00:39:20.0162 0x0dd8 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\System32\es.dll
00:39:20.0182 0x0dd8 EventSystem - ok
00:39:20.0292 0x0dd8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:39:20.0302 0x0dd8 Fastfat - ok
00:39:20.0413 0x0dd8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:39:20.0433 0x0dd8 FastUserSwitchingCompatibility - ok
00:39:20.0483 0x0dd8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
00:39:20.0483 0x0dd8 Fdc - ok
00:39:20.0543 0x0dd8 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:39:20.0543 0x0dd8 Fips - ok
00:39:20.0603 0x0dd8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:39:20.0603 0x0dd8 Flpydisk - ok
00:39:20.0733 0x0dd8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
00:39:20.0753 0x0dd8 FltMgr - ok
00:39:20.0913 0x0dd8 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:39:20.0933 0x0dd8 FontCache3.0.0.0 - ok
00:39:20.0993 0x0dd8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:39:21.0004 0x0dd8 Fs_Rec - ok
00:39:21.0064 0x0dd8 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:39:21.0074 0x0dd8 Ftdisk - ok
00:39:21.0164 0x0dd8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:39:21.0164 0x0dd8 Gpc - ok
00:39:21.0294 0x0dd8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:39:21.0304 0x0dd8 gupdate - ok
00:39:21.0344 0x0dd8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:39:21.0354 0x0dd8 gupdatem - ok
00:39:21.0494 0x0dd8 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:39:21.0494 0x0dd8 helpsvc - ok
00:39:21.0534 0x0dd8 HidServ - ok
00:39:21.0614 0x0dd8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:39:21.0614 0x0dd8 hidusb - ok
00:39:21.0725 0x0dd8 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:39:21.0745 0x0dd8 hkmsvc - ok
00:39:21.0785 0x0dd8 hpn - ok
00:39:21.0815 0x0dd8 hpt3xx - ok
00:39:21.0945 0x0dd8 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:39:21.0965 0x0dd8 HTTP - ok
00:39:22.0055 0x0dd8 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:39:22.0115 0x0dd8 HTTPFilter - ok
00:39:22.0145 0x0dd8 i2omgmt - ok
00:39:22.0185 0x0dd8 i2omp - ok
00:39:22.0255 0x0dd8 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:39:22.0255 0x0dd8 i8042prt - ok
00:39:22.0355 0x0dd8 [ 293131C1DA5F53CB05F75D637739D79C, F5F1A03FB012101FA143A288BCBC048A652A285F7DF533D1D08279E3A4D24326 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
00:39:22.0355 0x0dd8 IBMPMDRV - ok
00:39:22.0406 0x0dd8 [ 91FA023C5203503776BCCC9CF96A0C59, A47C788A26E4D2A282DE2EC8A75E1544CAB17A2C5F4CF867026D3B95B3651D1D ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
00:39:22.0406 0x0dd8 IBMPMSVC - ok
00:39:22.0496 0x0dd8 [ 28DEEBA2E29CB0E91B641CA95F7740FD, 3E4D92E7211AA0CCD38561DB5F7CDC583C141A40D9077AA7D482336D3080369B ] IBMTPCHK C:\WINDOWS\system32\drivers\IBMBLDID.SYS
00:39:22.0496 0x0dd8 IBMTPCHK - ok
00:39:22.0716 0x0dd8 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
00:39:22.0726 0x0dd8 IDriverT - ok
00:39:23.0097 0x0dd8 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:39:23.0377 0x0dd8 idsvc - ok
00:39:23.0477 0x0dd8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:39:23.0487 0x0dd8 Imapi - ok
00:39:23.0587 0x0dd8 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\System32\imapi.exe
00:39:23.0597 0x0dd8 ImapiService - ok
00:39:23.0637 0x0dd8 ini910u - ok
00:39:23.0717 0x0dd8 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
00:39:23.0727 0x0dd8 IntelIde - ok
00:39:23.0788 0x0dd8 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:39:23.0788 0x0dd8 intelppm - ok
00:39:23.0888 0x0dd8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
00:39:23.0888 0x0dd8 ip6fw - ok
00:39:23.0978 0x0dd8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:39:23.0988 0x0dd8 IpFilterDriver - ok
00:39:24.0038 0x0dd8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:39:24.0038 0x0dd8 IpInIp - ok
00:39:24.0148 0x0dd8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:39:24.0158 0x0dd8 IpNat - ok
00:39:24.0218 0x0dd8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:39:24.0218 0x0dd8 IPSec - ok
00:39:24.0288 0x0dd8 [ ACA5E7B54409F9CB5EED97ED0C81120E, 1E22F442EA77596F58D133F1A5887CDC4F3325DD0836D24A665E1D31287ABFF7 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
00:39:24.0298 0x0dd8 irda - ok
00:39:24.0338 0x0dd8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:39:24.0348 0x0dd8 IRENUM - ok
00:39:24.0428 0x0dd8 [ 49CC4533CE897CB2E93C1E84A818FDE5, F2AC81CDB971F630699616509748DCE133874EFC79B9D6230517B5A4DFBE193D ] Irmon C:\WINDOWS\System32\irmon.dll
00:39:24.0428 0x0dd8 Irmon - ok
00:39:24.0529 0x0dd8 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:39:24.0529 0x0dd8 isapnp - ok
00:39:24.0789 0x0dd8 [ DBDB1A25291B2D18C614F5CA963156A8, C8EA730A6A5BCBE7952AAA22F212C244014F206D2F4A274E29384C09F1F10A66 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
00:39:24.0799 0x0dd8 JavaQuickStarterService - ok
00:39:24.0879 0x0dd8 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:39:24.0879 0x0dd8 Kbdclass - ok
00:39:24.0949 0x0dd8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:39:24.0959 0x0dd8 kmixer - ok
00:39:25.0059 0x0dd8 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:39:25.0069 0x0dd8 KSecDD - ok
00:39:25.0169 0x0dd8 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
00:39:25.0180 0x0dd8 lanmanserver - ok
00:39:25.0280 0x0dd8 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:39:25.0290 0x0dd8 lanmanworkstation - ok
00:39:25.0330 0x0dd8 lbrtfdc - ok
00:39:25.0480 0x0dd8 [ 31D8B705DCD5F2366186E731F87C7A71, D73DC732EF74C3C0EADD650B65BC6EEB44EA2C4E86BFD5BE989971A34FBA160A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
00:39:25.0490 0x0dd8 LightScribeService - ok
00:39:25.0590 0x0dd8 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:39:25.0590 0x0dd8 LmHosts - ok
00:39:25.0650 0x0dd8 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:39:25.0670 0x0dd8 Messenger - ok
00:39:25.0750 0x0dd8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:39:25.0750 0x0dd8 mnmdd - ok
00:39:25.0840 0x0dd8 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
00:39:25.0850 0x0dd8 mnmsrvc - ok
00:39:26.0001 0x0dd8 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:39:26.0001 0x0dd8 Modem - ok
00:39:26.0071 0x0dd8 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:39:26.0071 0x0dd8 Mouclass - ok
00:39:26.0161 0x0dd8 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:39:26.0171 0x0dd8 mouhid - ok
00:39:26.0221 0x0dd8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:39:26.0221 0x0dd8 MountMgr - ok
00:39:26.0261 0x0dd8 mraid35x - ok
00:39:26.0321 0x0dd8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:39:26.0331 0x0dd8 MRxDAV - ok
00:39:26.0471 0x0dd8 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:39:26.0491 0x0dd8 MRxSmb - ok
00:39:26.0572 0x0dd8 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
00:39:26.0572 0x0dd8 MSDTC - ok
00:39:26.0642 0x0dd8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:39:26.0642 0x0dd8 Msfs - ok
00:39:26.0682 0x0dd8 MSIServer - ok
00:39:26.0742 0x0dd8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:39:26.0742 0x0dd8 MSKSSRV - ok
00:39:26.0872 0x0dd8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:39:26.0872 0x0dd8 MSPCLOCK - ok
00:39:26.0952 0x0dd8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:39:26.0952 0x0dd8 MSPQM - ok
00:39:26.0992 0x0dd8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:39:27.0002 0x0dd8 mssmbios - ok
00:39:27.0082 0x0dd8 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:39:27.0092 0x0dd8 Mup - ok
00:39:27.0192 0x0dd8 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
00:39:27.0212 0x0dd8 napagent - ok
00:39:27.0333 0x0dd8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:39:27.0353 0x0dd8 NDIS - ok
00:39:27.0433 0x0dd8 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:39:27.0433 0x0dd8 NdisTapi - ok
00:39:27.0563 0x0dd8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:39:27.0573 0x0dd8 Ndisuio - ok
00:39:27.0623 0x0dd8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:39:27.0623 0x0dd8 NdisWan - ok
00:39:27.0743 0x0dd8 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:39:27.0753 0x0dd8 NDProxy - ok
00:39:27.0793 0x0dd8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:39:27.0793 0x0dd8 NetBIOS - ok
00:39:27.0893 0x0dd8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:39:27.0903 0x0dd8 NetBT - ok
00:39:27.0984 0x0dd8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
00:39:27.0994 0x0dd8 NetDDE - ok
00:39:28.0024 0x0dd8 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:39:28.0034 0x0dd8 NetDDEdsdm - ok
00:39:28.0114 0x0dd8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\System32\lsass.exe
00:39:28.0124 0x0dd8 Netlogon - ok
00:39:28.0204 0x0dd8 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
00:39:28.0224 0x0dd8 Netman - ok
00:39:28.0364 0x0dd8 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:39:28.0374 0x0dd8 NetTcpPortSharing - ok
00:39:28.0494 0x0dd8 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
00:39:28.0514 0x0dd8 Nla - ok
00:39:28.0614 0x0dd8 NMIndexingService - ok
00:39:28.0755 0x0dd8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:39:28.0755 0x0dd8 Npfs - ok
00:39:28.0805 0x0dd8 [ 2ADC0CA9945C65284B3D19BC18765974, A8E2B848E85A3B38350F4134DE9CA6749854B988F9A0087C60D97E19D474CBF3 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
00:39:28.0805 0x0dd8 NSCIRDA - ok
00:39:28.0975 0x0dd8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:39:29.0025 0x0dd8 Ntfs - ok
00:39:29.0085 0x0dd8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
00:39:29.0085 0x0dd8 NtLmSsp - ok
00:39:29.0235 0x0dd8 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:39:29.0265 0x0dd8 NtmsSvc - ok
00:39:29.0315 0x0dd8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
00:39:29.0315 0x0dd8 Null - ok
00:39:29.0376 0x0dd8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:39:29.0376 0x0dd8 NwlnkFlt - ok
00:39:29.0426 0x0dd8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:39:29.0426 0x0dd8 NwlnkFwd - ok
00:39:29.0516 0x0dd8 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
00:39:29.0516 0x0dd8 Parport - ok
00:39:29.0546 0x0dd8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:39:29.0556 0x0dd8 PartMgr - ok
00:39:29.0636 0x0dd8 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:39:29.0636 0x0dd8 ParVdm - ok
00:39:29.0686 0x0dd8 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:39:29.0696 0x0dd8 PCI - ok
00:39:29.0726 0x0dd8 PCIDump - ok
00:39:29.0756 0x0dd8 PCIIde - ok
00:39:29.0826 0x0dd8 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
00:39:29.0836 0x0dd8 Pcmcia - ok
00:39:29.0866 0x0dd8 PDCOMP - ok
00:39:29.0896 0x0dd8 PDFRAME - ok
00:39:29.0946 0x0dd8 PDRELI - ok
00:39:29.0976 0x0dd8 PDRFRAME - ok
00:39:30.0006 0x0dd8 perc2 - ok
00:39:30.0036 0x0dd8 perc2hib - ok
00:39:30.0157 0x0dd8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
00:39:30.0167 0x0dd8 PlugPlay - ok
00:39:30.0217 0x0dd8 [ FA292805788528C083F416E151B60AB6, CF47525D15FF3FF98768FF5AE8A8F0C01AE6300C249D24E518D2A02100D5A68A ] PMEM C:\WINDOWS\system32\drivers\PMEMNT.SYS
00:39:30.0217 0x0dd8 PMEM - ok
00:39:30.0247 0x0dd8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
00:39:30.0247 0x0dd8 PolicyAgent - ok
00:39:30.0327 0x0dd8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:39:30.0337 0x0dd8 PptpMiniport - ok
00:39:30.0367 0x0dd8 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
00:39:30.0377 0x0dd8 Processor - ok
00:39:30.0407 0x0dd8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:39:30.0407 0x0dd8 ProtectedStorage - ok
00:39:30.0477 0x0dd8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:39:30.0477 0x0dd8 PSched - ok
00:39:30.0547 0x0dd8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:39:30.0547 0x0dd8 Ptilink - ok
00:39:30.0647 0x0dd8 [ 1BCFED0946F9460D6272F85B70B87A52, 6EDE283D9B5173D9F91C969E5F97A21282395769C989F609B1EFDE7B5E40EA97 ] QCONSVC C:\WINDOWS\system32\QCONSVC.EXE
00:39:30.0647 0x0dd8 QCONSVC - ok
00:39:30.0697 0x0dd8 ql1080 - ok
00:39:30.0727 0x0dd8 Ql10wnt - ok
00:39:30.0758 0x0dd8 ql12160 - ok
00:39:30.0788 0x0dd8 ql1240 - ok
00:39:30.0828 0x0dd8 ql1280 - ok
00:39:30.0858 0x0dd8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:39:30.0858 0x0dd8 RasAcd - ok
00:39:30.0948 0x0dd8 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:39:30.0958 0x0dd8 RasAuto - ok
00:39:31.0038 0x0dd8 [ 0207D26DDF796A193CCD9F83047BB5FC, 13613036BCB869FBD7229A0FE25D324710308385D8C35E5D990A40E52BE040DF ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
00:39:31.0038 0x0dd8 Rasirda - ok
00:39:31.0088 0x0dd8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:39:31.0088 0x0dd8 Rasl2tp - ok
00:39:31.0208 0x0dd8 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:39:31.0218 0x0dd8 RasMan - ok
00:39:31.0318 0x0dd8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:39:31.0318 0x0dd8 RasPppoe - ok
00:39:31.0428 0x0dd8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:39:31.0439 0x0dd8 Raspti - ok
00:39:31.0539 0x0dd8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:39:31.0549 0x0dd8 Rdbss - ok
00:39:31.0589 0x0dd8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:39:31.0589 0x0dd8 RDPCDD - ok
00:39:31.0669 0x0dd8 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:39:31.0689 0x0dd8 rdpdr - ok
00:39:31.0769 0x0dd8 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:39:31.0799 0x0dd8 RDPWD - ok
00:39:31.0939 0x0dd8 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:39:31.0959 0x0dd8 RDSessMgr - ok
00:39:32.0029 0x0dd8 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:39:32.0029 0x0dd8 redbook - ok
00:39:32.0099 0x0dd8 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:39:32.0109 0x0dd8 RemoteAccess - ok
00:39:32.0200 0x0dd8 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:39:32.0210 0x0dd8 RemoteRegistry - ok
00:39:32.0300 0x0dd8 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\System32\locator.exe
00:39:32.0310 0x0dd8 RpcLocator - ok
00:39:32.0420 0x0dd8 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
00:39:32.0460 0x0dd8 RpcSs - ok
00:39:32.0550 0x0dd8 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\System32\rsvp.exe
00:39:32.0570 0x0dd8 RSVP - ok
00:39:32.0700 0x0dd8 [ 88B63F291AE10C1B66D2B9ED6921A7DF, A0174FC75459CE38028B1436BD46234062A3FCBE164E139F53BE49BAB3B8F95F ] rtl8185 C:\WINDOWS\system32\DRIVERS\rtl8185.sys
00:39:32.0720 0x0dd8 rtl8185 - ok
00:39:32.0780 0x0dd8 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
00:39:32.0780 0x0dd8 SamSs - ok
00:39:32.0911 0x0dd8 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:39:32.0921 0x0dd8 SCardSvr - ok
00:39:33.0031 0x0dd8 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:39:33.0051 0x0dd8 Schedule - ok
00:39:33.0131 0x0dd8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:39:33.0141 0x0dd8 Secdrv - ok
00:39:33.0201 0x0dd8 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
00:39:33.0211 0x0dd8 seclogon - ok
00:39:33.0261 0x0dd8 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
00:39:33.0271 0x0dd8 SENS - ok
00:39:33.0351 0x0dd8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
00:39:33.0351 0x0dd8 serenum - ok
00:39:33.0401 0x0dd8 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
00:39:33.0411 0x0dd8 Serial - ok
00:39:33.0501 0x0dd8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:39:33.0501 0x0dd8 Sfloppy - ok
00:39:33.0622 0x0dd8 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:39:33.0642 0x0dd8 SharedAccess - ok
00:39:33.0692 0x0dd8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:39:33.0702 0x0dd8 ShellHWDetection - ok
00:39:33.0742 0x0dd8 Simbad - ok
00:39:33.0772 0x0dd8 SjyPkt - ok
00:39:33.0832 0x0dd8 [ E061A9A43C80BE5AA5D94F1EF4A713C1, 334CD9E8C4A57C2BF43A0D3895D18832C7EB0C5A6455CF3361A09F7A28DF4A6F ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
00:39:33.0832 0x0dd8 Smapint - ok
00:39:33.0982 0x0dd8 [ 7B06A22F16B64C23C41E0278B8DC90BF, 02867493783DAC96A90B6CD14B358C05C63FE0862A98BD71CD54F34E31632C54 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
00:39:34.0012 0x0dd8 smwdm - ok
00:39:34.0042 0x0dd8 Sparrow - ok
00:39:34.0092 0x0dd8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:39:34.0092 0x0dd8 splitter - ok
00:39:34.0172 0x0dd8 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:39:34.0182 0x0dd8 Spooler - ok
00:39:34.0273 0x0dd8 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:39:34.0273 0x0dd8 sr - ok
00:39:34.0363 0x0dd8 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\System32\srsvc.dll
00:39:34.0393 0x0dd8 srservice - ok
00:39:34.0523 0x0dd8 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:39:34.0543 0x0dd8 Srv - ok
00:39:34.0593 0x0dd8 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:39:34.0603 0x0dd8 SSDPSRV - ok
00:39:34.0733 0x0dd8 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:39:34.0763 0x0dd8 stisvc - ok
00:39:34.0833 0x0dd8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:39:34.0833 0x0dd8 swenum - ok
00:39:34.0944 0x0dd8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:39:34.0954 0x0dd8 swmidi - ok
00:39:34.0994 0x0dd8 SwPrv - ok
00:39:35.0044 0x0dd8 symc810 - ok
00:39:35.0084 0x0dd8 symc8xx - ok
00:39:35.0114 0x0dd8 sym_hi - ok
00:39:35.0134 0x0dd8 sym_u3 - ok
00:39:35.0254 0x0dd8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:39:35.0254 0x0dd8 sysaudio - ok
00:39:35.0344 0x0dd8 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:39:35.0354 0x0dd8 SysmonLog - ok
00:39:35.0424 0x0dd8 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:39:35.0444 0x0dd8 TapiSrv - ok
00:39:35.0574 0x0dd8 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:39:35.0604 0x0dd8 Tcpip - ok
00:39:35.0685 0x0dd8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:39:35.0695 0x0dd8 TDPIPE - ok
00:39:35.0765 0x0dd8 [ 0353AC9D91E28D936E4227539B1B2393, 8B31C2F496C446DF69B898B9B585A1097DDCA3EE50ACD31B5E09D8B1CD68DF94 ] TDSMAPI C:\WINDOWS\system32\Drivers\TDSMAPI.SYS
00:39:35.0765 0x0dd8 TDSMAPI - ok
00:39:35.0835 0x0dd8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:39:35.0845 0x0dd8 TDTCP - ok
00:39:35.0905 0x0dd8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:39:35.0905 0x0dd8 TermDD - ok
00:39:36.0035 0x0dd8 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
00:39:36.0075 0x0dd8 TermService - ok
00:39:36.0155 0x0dd8 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
00:39:36.0165 0x0dd8 Themes - ok
00:39:36.0265 0x0dd8 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
00:39:36.0275 0x0dd8 TlntSvr - ok
00:39:36.0306 0x0dd8 TosIde - ok
00:39:36.0366 0x0dd8 [ 90579B74E1E110C2F379117047BDB356, EDD255C1A104DA6469846A4B4CDBFC5CB40DCD69DDE5207D799FB7DC850A014A ] Tp4Track C:\WINDOWS\system32\DRIVERS\tp4track.sys
00:39:36.0366 0x0dd8 Tp4Track - ok
00:39:36.0416 0x0dd8 [ 47F23B26F771765FD8CAC0EBAE4545E9, 2AFE4C57FE833F18E65F959DAF8879823CE8BEB13B1BA34A61E6806AF609EDC5 ] TPHKDRV C:\WINDOWS\system32\drivers\TPHKDRV.sys
00:39:36.0426 0x0dd8 TPHKDRV - ok
00:39:36.0456 0x0dd8 [ C10B74CF569D39594E170734DB590661, 134890D6FAE83FA38F8EEA3B72EC0E12778D6E15C7605758D9933AA4A945E755 ] TPPWR C:\WINDOWS\system32\drivers\Tppwr.sys
00:39:36.0456 0x0dd8 TPPWR - ok
00:39:36.0556 0x0dd8 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:39:36.0566 0x0dd8 TrkWks - ok
00:39:36.0656 0x0dd8 [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
00:39:36.0656 0x0dd8 TrueSight - ok
00:39:36.0726 0x0dd8 [ 76F0A07D83FA24478C07250F4FC8B128, 4894CD9ABDDC9712D3D9938A66B9CD83485AEA7F0D351769D58AC80FA5885412 ] TSMAPIP C:\WINDOWS\system32\drivers\TSMAPIP.SYS
00:39:36.0726 0x0dd8 TSMAPIP - ok
00:39:36.0776 0x0dd8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:39:36.0786 0x0dd8 Udfs - ok
00:39:36.0816 0x0dd8 ultra - ok
00:39:36.0956 0x0dd8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:39:36.0976 0x0dd8 Update - ok
00:39:37.0087 0x0dd8 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
00:39:37.0097 0x0dd8 upnphost - ok
00:39:37.0147 0x0dd8 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
00:39:37.0147 0x0dd8 UPS - ok
00:39:37.0207 0x0dd8 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:39:37.0217 0x0dd8 usbehci - ok
00:39:37.0297 0x0dd8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:39:37.0307 0x0dd8 usbhub - ok
00:39:37.0367 0x0dd8 [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:39:37.0377 0x0dd8 usbscan - ok
00:39:37.0457 0x0dd8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:39:37.0497 0x0dd8 USBSTOR - ok
00:39:37.0557 0x0dd8 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:39:37.0557 0x0dd8 usbuhci - ok
00:39:37.0597 0x0dd8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:39:37.0607 0x0dd8 VgaSave - ok
00:39:37.0637 0x0dd8 ViaIde - ok
00:39:37.0758 0x0dd8 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:39:37.0768 0x0dd8 VolSnap - ok
00:39:37.0878 0x0dd8 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
00:39:37.0908 0x0dd8 VSS - ok
00:39:37.0998 0x0dd8 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\System32\w32time.dll
00:39:38.0008 0x0dd8 W32Time - ok
00:39:38.0098 0x0dd8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:39:38.0098 0x0dd8 Wanarp - ok
00:39:38.0128 0x0dd8 WDICA - ok
00:39:38.0188 0x0dd8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:39:38.0198 0x0dd8 wdmaud - ok
00:39:38.0268 0x0dd8 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
00:39:38.0268 0x0dd8 WebClient - ok
00:39:38.0439 0x0dd8 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:39:38.0439 0x0dd8 winmgmt - ok
00:39:38.0569 0x0dd8 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
00:39:38.0569 0x0dd8 WmdmPmSN - ok
00:39:38.0809 0x0dd8 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
00:39:38.0839 0x0dd8 Wmi - ok
00:39:38.0969 0x0dd8 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
00:39:38.0979 0x0dd8 WmiApSrv - ok
00:39:39.0230 0x0dd8 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
00:39:39.0310 0x0dd8 WMPNetworkSvc - ok
00:39:39.0370 0x0dd8 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
00:39:39.0380 0x0dd8 WpdUsb - ok
00:39:39.0470 0x0dd8 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
00:39:39.0480 0x0dd8 wscsvc - ok
00:39:39.0540 0x0dd8 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
00:39:39.0570 0x0dd8 wuauserv - ok
00:39:39.0650 0x0dd8 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:39:39.0660 0x0dd8 WudfPf - ok
00:39:39.0750 0x0dd8 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:39:39.0760 0x0dd8 WudfRd - ok
00:39:39.0831 0x0dd8 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
00:39:39.0841 0x0dd8 WudfSvc - ok
00:39:39.0981 0x0dd8 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:39:40.0021 0x0dd8 WZCSVC - ok
00:39:40.0111 0x0dd8 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:39:40.0131 0x0dd8 xmlprov - ok
00:39:40.0191 0x0dd8 ================ Scan global ===============================
00:39:40.0251 0x0dd8 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
00:39:40.0371 0x0dd8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
00:39:40.0441 0x0dd8 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
00:39:40.0512 0x0dd8 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
00:39:40.0522 0x0dd8 [ Global ] - ok
00:39:40.0532 0x0dd8 ================ Scan MBR ==================================
00:39:40.0572 0x0dd8 [ AB67D479E4EE1CCAD757294B60DDB98F ] \Device\Harddisk0\DR0
00:39:40.0952 0x0dd8 \Device\Harddisk0\DR0 - ok
00:39:40.0982 0x0dd8 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
00:39:40.0992 0x0dd8 \Device\Harddisk1\DR1 - ok
00:39:41.0012 0x0dd8 ================ Scan VBR ==================================
00:39:41.0032 0x0dd8 [ 4FDC23B120F0EC5F80AE98557F4D9DCB ] \Device\Harddisk0\DR0\Partition1
00:39:41.0032 0x0dd8 \Device\Harddisk0\DR0\Partition1 - ok
00:39:41.0062 0x0dd8 [ BDF83EFF05C13F2D4DA35EC086A7BB23 ] \Device\Harddisk1\DR1\Partition1
00:39:41.0773 0x0dd8 \Device\Harddisk1\DR1\Partition1 - ok
00:39:41.0793 0x0dd8 ================ Scan generic autorun ======================
00:39:41.0904 0x0dd8 [ FAE95D6D7651B5629C4E19ADBC9A3863, 8209A13B8C845D8EFB1B1C21135B5119E6E2AC5694B982E2103E53D0CBAA080C ] C:\WINDOWS\system32\Ati2mdxx.exe
00:39:41.0904 0x0dd8 ATIModeChange - ok
00:39:41.0984 0x0dd8 [ 97826CB927E0E7F4500879D99DE6D3C5, 0FB04C5AA4C1BE2E35BBDE474916DF00E223A41D6E0C590FF0C5132EBBA69051 ] C:\WINDOWS\system32\tp4serv.exe
00:39:42.0004 0x0dd8 TrackPointSrv - ok
00:39:42.0114 0x0dd8 [ 71E256D5C8FB8FD1933968DCCFD967A0, 92481C790B092CC363BABEA16B0252BEEE1A7CBC1C6FF55F93030DD4AB92FA66 ] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
00:39:42.0114 0x0dd8 TPTRAY - ok
00:39:42.0144 0x0dd8 BMMGAG - ok
00:39:42.0244 0x0dd8 [ 6C2CF216C460BED0D4B83AF07980A761, B8BF59F1F5937558B73F1D6728E92AE8B07CB38AD529357A4E16663A969A81BE ] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
00:39:42.0274 0x0dd8 QCTRAY - ok
00:39:42.0344 0x0dd8 [ 8633F1E7AA1912AD962E5A656D264045, BB17957ECE5EC9ED25E9B58315AD436C76B2FF1B5A1C5D8397FC7950CC65F126 ] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
00:39:42.0344 0x0dd8 QCWLICON - ok
00:39:42.0434 0x0dd8 [ AA3B957AF3F3B4AA9047D5531696AB0E, BA826D7A0B56C04528C4A8EDA498173C533BA3CDD75E1C73E224AFD712F06680 ] C:\WINDOWS\system32\tp4ex.exe
00:39:42.0434 0x0dd8 TP4EX - ok
00:39:42.0585 0x0dd8 [ 6CE63001262FB82D746E1DEEBF00B43B, B660ECA6989ABFC3B97FCEB8D692A11F77B9D4A81D5FC34759462D2EC37A2F63 ] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
00:39:42.0585 0x0dd8 TPHOTKEY - ok
00:39:42.0655 0x0dd8 Tgcmd - ok
00:39:42.0775 0x0dd8 [ C0041BB27E2E5B0550C179ECF53425CD, 82EB1BF88B1D93F4AEC5EB6A1DB790E6EFA0379DD771251707BE9F67266D3547 ] C:\WINDOWS\AGRSMMSG.exe
00:39:47.0542 0x0dd8 AGRSMMSG - ok
00:39:47.0622 0x0dd8 [ 3E4C03CEFAD8DE135263236B61A49C90, 243201B64F4B60D55CDB1A3BF4B9AA60BC22EB8ACA88E95042EE48AC5DF5F397 ] C:\WINDOWS\system32\\NeroCheck.exe
00:39:47.0642 0x0dd8 NeroCheck - ok
00:39:47.0822 0x0dd8 [ E284188C5CF416378CC740EB13059A50, 0E0863D84B29662B3EEE0602742CAE8F966CE043E690C62BC3A00244B7D35D04 ] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
00:39:47.0832 0x0dd8 Adobe Reader Speed Launcher - ok
00:39:48.0183 0x0dd8 [ 29FB6EF1EFB1357E2883FE297F1EBC31, A6F465EA84277D88771BE6438CAC32D8E2C73A6EEC809CB38E1090FFFB27804E ] C:\PROGRA~1\AVG\AVG9\avgtray.exe
00:39:48.0313 0x0dd8 AVG9_TRAY - ok
00:39:48.0643 0x0dd8 [ 3103FE27C967675B019E880AA6DA3D6D, 515E750ACD28C3CFD8174B7F213E2AA741D8942FB68E57F701EBCBB92EC3F537 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
00:39:48.0683 0x0dd8 Adobe ARM - ok
00:39:48.0864 0x0dd8 [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
00:39:48.0884 0x0dd8 SunJavaUpdateSched - ok
00:39:48.0974 0x0dd8 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
00:39:48.0974 0x0dd8 ctfmon.exe - ok
00:39:49.0004 0x0dd8 updateMgr - ok
00:39:49.0054 0x0dd8 MSMSGS - ok
00:39:49.0064 0x0dd8 NeroHomeFirstStart - ok
00:39:49.0224 0x0dd8 [ 269AFE2F2E2957DF8F7A5F82B2B092DB, 37B8B913090A01EC5C656214F9081AC93ADE8682582327366A7F76EDBDC98A39 ] C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe
00:39:49.0254 0x0dd8 avg_spchecker - ok
00:39:49.0264 0x0dd8 Waiting for KSN requests completion. In queue: 8
00:39:50.0266 0x0dd8 Waiting for KSN requests completion. In queue: 8
00:39:51.0267 0x0dd8 Waiting for KSN requests completion. In queue: 8
00:39:52.0729 0x0dd8 AV detected via SS1: AVG Anti-Virus Free, 9.0, disabled, updated
00:39:52.0739 0x0dd8 Win FW state via NFM: disabled
00:39:55.0153 0x0dd8 ============================================================
00:39:55.0153 0x0dd8 Scan finished
00:39:55.0153 0x0dd8 ============================================================
00:39:55.0203 0x0dc8 Detected object count: 1
00:39:55.0203 0x0dc8 Actual detected object count: 1
00:40:18.0907 0x0dc8 C:\WINDOWS\System32\Drivers\8abc572ce51d2ca0.sys - copied to quarantine
00:40:18.0907 0x0dc8 HKLM\SYSTEM\ControlSet002\services\8abc572ce51d2ca0 - will be deleted on reboot
00:40:18.0907 0x0dc8 HKLM\SYSTEM\ControlSet003\services\8abc572ce51d2ca0 - will be deleted on reboot
00:40:18.0927 0x0dc8 C:\WINDOWS\System32\Drivers\8abc572ce51d2ca0.sys - will be deleted on reboot
00:40:18.0927 0x0dc8 8abc572ce51d2ca0 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
00:40:20.0830 0x0dc8 KLMD registered as C:\WINDOWS\system32\drivers\45948661.sys
00:40:39.0386 0x08f4 Deinitialize success
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 09/12/2014
Scan Time: 00:50:49
Logfile: mbam.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.12.09.01
Rootkit Database: v2014.12.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: IBM
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356705
Time Elapsed: 1 hr, 20 min, 34 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Hi lather,
Just in case it was unexpected, I grabbed a screen cap of the pop-up, which I can post if needed.
Yes, please post the screen capture.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
Start
DisableService: C:\WINDOWS\System32\Drivers\8abc572ce51d2ca0.sys
C:\WINDOWS\System32\Drivers\8abc572ce51d2ca0.sys
Reg: reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\8abc572ce51d2ca0
Reg: reg delete HKEY_LOCAL_MACHINE\System\ControlSet002\Services\8abc572ce51d2ca0
Reg: reg delete HKEY_LOCAL_MACHINE\System\ControlSet003\Services\8abc572ce51d2ca0
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run TDSSKiller
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
=========================
In your next post please provide the following:
Fixlog.txt
new TDSSKiller log
Here's the screen cap - I thought it wasn't behaving properly, which is why I grabbed it.
11924
So everything seemed to go OK with the most recent boot-up, and there's no problem with either the firewall or AVG being reported by Security Centre. Both the FRST fix and TDSSkiller scan seem to go fine too, and reported no issues at all. I've been thinking about how the infection probably got onto the system again, and I'm starting to suspect that the adblocker I've been using on Chrome isn't doing its job properly, so I'm going to try a different one when everything has been cleared up.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-12-2014 01
Ran by IBM at 2014-12-09 15:03:38 Run:1
Running from C:\Documents and Settings\IBM\Desktop
Loaded Profile: IBM (Available profiles: IBM & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
DisableService: C:\WINDOWS\System32\Drivers\8abc572ce51d2ca0.sys
C:\WINDOWS\System32\Drivers\8abc572ce51d2ca0.sys
Reg: reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\8abc572ce51d2ca0
Reg: reg delete HKEY_LOCAL_MACHINE\System\ControlSet002\Services\8abc572ce51d2ca0
Reg: reg delete HKEY_LOCAL_MACHINE\System\ControlSet003\Services\8abc572ce51d2ca0
End
*****************
C:\WINDOWS\System32\Drivers\8abc572ce51d2ca0.sys service key not found.
"C:\WINDOWS\System32\Drivers\8abc572ce51d2ca0.sys" => File/Directory not found.
========= reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\8abc572ce51d2ca0 =========
Permanently delete the registry key System\CurrentControlSet\Services\8abc572ce51d2ca0 (Y/N)?
Error: The system was unable to find the specified registry key or value
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\System\ControlSet002\Services\8abc572ce51d2ca0 =========
Permanently delete the registry key System\ControlSet002\Services\8abc572ce51d2ca0 (Y/N)?
Error: The system was unable to find the specified registry key or value
========= End of Reg: =========
========= reg delete HKEY_LOCAL_MACHINE\System\ControlSet003\Services\8abc572ce51d2ca0 =========
Permanently delete the registry key System\ControlSet003\Services\8abc572ce51d2ca0 (Y/N)?
Error: The system was unable to find the specified registry key or value
========= End of Reg: =========
==== End of Fixlog ====
15:04:14.0112 0x0e64 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
15:04:20.0121 0x0e64 ============================================================
15:04:20.0121 0x0e64 Current date / time: 2014/12/09 15:04:20.0121
15:04:20.0121 0x0e64 SystemInfo:
15:04:20.0121 0x0e64
15:04:20.0121 0x0e64 OS Version: 5.1.2600 ServicePack: 3.0
15:04:20.0121 0x0e64 Product type: Workstation
15:04:20.0121 0x0e64 ComputerName: THINKPAD
15:04:20.0121 0x0e64 UserName: IBM
15:04:20.0121 0x0e64 Windows directory: C:\WINDOWS
15:04:20.0121 0x0e64 System windows directory: C:\WINDOWS
15:04:20.0121 0x0e64 Processor architecture: Intel x86
15:04:20.0121 0x0e64 Number of processors: 1
15:04:20.0121 0x0e64 Page size: 0x1000
15:04:20.0121 0x0e64 Boot type: Normal boot
15:04:20.0121 0x0e64 ============================================================
15:04:24.0998 0x0e64 KLMD registered as C:\WINDOWS\system32\drivers\10888606.sys
15:04:25.0469 0x0e64 System UUID: {65C7A9CC-C291-863E-FB8C-E2EA3E48D80E}
15:04:27.0061 0x0e64 Drive \Device\Harddisk0\DR0 - Size: 0x4A8530000 ( 18.63 Gb ), SectorSize: 0x200, Cylinders: 0xA18, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
15:04:27.0692 0x0e64 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
15:04:27.0692 0x0e64 ============================================================
15:04:27.0692 0x0e64 \Device\Harddisk0\DR0:
15:04:27.0692 0x0e64 MBR partitions:
15:04:27.0692 0x0e64 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2272C11
15:04:27.0692 0x0e64 \Device\Harddisk1\DR1:
15:04:27.0692 0x0e64 MBR partitions:
15:04:27.0692 0x0e64 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
15:04:27.0692 0x0e64 ============================================================
15:04:27.0732 0x0e64 C: <-> \Device\Harddisk0\DR0\Partition1
15:04:27.0802 0x0e64 D: <-> \Device\Harddisk1\DR1\Partition1
15:04:27.0802 0x0e64 ============================================================
15:04:27.0802 0x0e64 Initialize success
15:04:27.0802 0x0e64 ============================================================
15:04:43.0064 0x058c ============================================================
15:04:43.0064 0x058c Scan started
15:04:43.0064 0x058c Mode: Manual;
15:04:43.0064 0x058c ============================================================
15:04:43.0064 0x058c KSN ping started
15:04:47.0981 0x058c KSN ping finished: true
15:04:51.0106 0x058c ================ Scan system memory ========================
15:04:51.0126 0x058c System memory - ok
15:04:51.0136 0x058c ================ Scan services =============================
15:04:51.0426 0x058c 27784469 - ok
15:04:51.0466 0x058c 64329303 - ok
15:04:51.0496 0x058c Abiosdsk - ok
15:04:51.0536 0x058c abp480n5 - ok
15:04:51.0646 0x058c [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:04:51.0696 0x058c ACPI - ok
15:04:52.0107 0x058c [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:04:52.0137 0x058c ACPIEC - ok
15:04:52.0187 0x058c adpu160m - ok
15:04:52.0297 0x058c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:04:52.0317 0x058c aec - ok
15:04:52.0407 0x058c [ 58A8273918EEF2BF9204B12ED171513A, 6C79AC93FBBD8B877DD71557A8B2A2B9C20277BBFCEDE6A1ECA7FFC650FC6143 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:04:52.0438 0x058c AegisP - ok
15:04:52.0548 0x058c [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:04:52.0588 0x058c AFD - ok
15:04:52.0838 0x058c [ AFF071B6290776E1FA162837C35EAC78, 07F3CDB27C767BEDB9E8C82A4FE738AD408225C2A22428669F742EDF30410758 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:04:52.0968 0x058c AgereSoftModem - ok
15:04:53.0068 0x058c [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:04:53.0098 0x058c agp440 - ok
15:04:53.0129 0x058c Aha154x - ok
15:04:53.0159 0x058c aic78u2 - ok
15:04:53.0189 0x058c aic78xx - ok
15:04:53.0269 0x058c [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:04:53.0299 0x058c Alerter - ok
15:04:53.0359 0x058c [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
15:04:53.0389 0x058c ALG - ok
15:04:53.0419 0x058c AliIde - ok
15:04:53.0449 0x058c amsint - ok
15:04:53.0549 0x058c [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:04:53.0589 0x058c AppMgmt - ok
15:04:53.0619 0x058c asc - ok
15:04:53.0649 0x058c asc3350p - ok
15:04:53.0679 0x058c asc3550 - ok
15:04:54.0010 0x058c [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:04:54.0360 0x058c aspnet_state - ok
15:04:54.0440 0x058c [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:04:54.0470 0x058c AsyncMac - ok
15:04:54.0531 0x058c [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:04:54.0541 0x058c atapi - ok
15:04:54.0571 0x058c Atdisk - ok
15:04:54.0711 0x058c [ 418CDC2888D01E1CD5CE297AF00807A3, 1DE3277683E0D3D2B1B83FF9D718C125E3D542477C1505063DDE8145C408391D ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
15:04:54.0761 0x058c Ati HotKey Poller - ok
15:04:54.0931 0x058c [ D1F804642C627782C6D213BCE0604F09, 43DB2A74835B5E5C796509990E0FCB4A4897A027D0117F5B6C8ECD37E80F7F28 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:04:55.0011 0x058c ati2mtag - ok
15:04:55.0081 0x058c [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:04:55.0121 0x058c Atmarpc - ok
15:04:55.0212 0x058c [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:04:55.0222 0x058c AudioSrv - ok
15:04:55.0292 0x058c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:04:55.0312 0x058c audstub - ok
15:04:55.0612 0x058c [ AA054CD537357F03D5BA6ABA7562B35F, F331D929920D38B53FEA464AF54DB59224882D386C55689CDDF6C6DC1473284E ] avg9emc C:\Program Files\AVG\AVG9\avgemc.exe
15:04:55.0772 0x058c avg9emc - ok
15:04:55.0923 0x058c [ C4D15594DB5BE042D3346EA58DF87D89, 8E24868518DE53F28C92C473A415BED613665287F338B815FEDE21D151F01962 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe
15:04:56.0033 0x058c avg9wd - ok
15:04:56.0153 0x058c [ A9F4D19DE72C738759330D10D35C4398, 46D760EBFBABF3FDCD02F4AC38180FBFFEFFA36F68C18602695A9FCB6C4C13DE ] AvgLdx86 C:\WINDOWS\System32\Drivers\avgldx86.sys
15:04:56.0213 0x058c AvgLdx86 - ok
15:04:56.0293 0x058c [ 80FF2B1B7EEDA966394F0BAA895BBF4B, D8F5C111837707DC37975C1E315FCD33BF96AB21D89874CB0290134A44C46BEF ] AvgMfx86 C:\WINDOWS\System32\Drivers\avgmfx86.sys
15:04:56.0333 0x058c AvgMfx86 - ok
15:04:56.0443 0x058c [ 9A7A93388F503A34E7339AE7F9997449, 9549146C19EAF65DB98314A7CCB0AB27503DC812B521444CBEA5493998ADAA80 ] AvgTdiX C:\WINDOWS\System32\Drivers\avgtdix.sys
15:04:56.0503 0x058c AvgTdiX - ok
15:04:56.0594 0x058c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:04:56.0604 0x058c Beep - ok
15:04:56.0724 0x058c [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
15:04:57.0184 0x058c BITS - ok
15:04:57.0305 0x058c [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
15:04:57.0345 0x058c Browser - ok
15:04:57.0445 0x058c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:04:57.0465 0x058c cbidf2k - ok
15:04:57.0505 0x058c cd20xrnt - ok
15:04:57.0565 0x058c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:04:57.0595 0x058c Cdaudio - ok
15:04:57.0685 0x058c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:04:57.0715 0x058c Cdfs - ok
15:04:57.0765 0x058c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:04:57.0795 0x058c Cdrom - ok
15:04:57.0815 0x058c Changer - ok
15:04:57.0885 0x058c [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] cisvc C:\WINDOWS\System32\cisvc.exe
15:04:57.0915 0x058c cisvc - ok
15:04:58.0006 0x058c [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:04:58.0036 0x058c ClipSrv - ok
15:04:58.0096 0x058c [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:04:58.0446 0x058c clr_optimization_v2.0.50727_32 - ok
15:04:58.0536 0x058c [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:04:58.0556 0x058c CmBatt - ok
15:04:58.0586 0x058c CmdIde - ok
15:04:58.0626 0x058c [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:04:58.0656 0x058c Compbatt - ok
15:04:58.0687 0x058c COMSysApp - ok
15:04:58.0747 0x058c Cpqarray - ok
15:04:58.0837 0x058c [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:04:58.0847 0x058c CryptSvc - ok
15:04:58.0867 0x058c dac2w2k - ok
15:04:58.0897 0x058c dac960nt - ok
15:04:59.0077 0x058c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:04:59.0107 0x058c DcomLaunch - ok
15:04:59.0227 0x058c [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:04:59.0237 0x058c Dhcp - ok
15:04:59.0327 0x058c [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:04:59.0357 0x058c Disk - ok
15:04:59.0408 0x058c dmadmin - ok
15:04:59.0568 0x058c [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:04:59.0678 0x058c dmboot - ok
15:04:59.0758 0x058c [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:04:59.0808 0x058c dmio - ok
15:04:59.0878 0x058c [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:04:59.0908 0x058c dmload - ok
15:05:00.0018 0x058c [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
15:05:00.0028 0x058c dmserver - ok
15:05:00.0119 0x058c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:05:00.0139 0x058c DMusic - ok
15:05:00.0249 0x058c [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:05:00.0289 0x058c Dnscache - ok
15:05:00.0369 0x058c [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:05:00.0419 0x058c Dot3svc - ok
15:05:00.0459 0x058c dpti2o - ok
15:05:00.0499 0x058c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:05:00.0509 0x058c drmkaud - ok
15:05:00.0589 0x058c [ 816AC73D056626333DD1D8F759F0AFAA, E41A12680088D927D011F84F1F173DB9D47444A7C7F701BCC39E7165A313B5A8 ] DSMBATT C:\WINDOWS\system32\drivers\DSMBATT.SYS
15:05:00.0609 0x058c DSMBATT - ok
15:05:00.0669 0x058c [ 81459BD6D8FEAADF2848AE88B3D02EC3, 240CEBFD1CDF824C43748362B3BDCE1B9D9CA238EDDC1E14051D006C6CCDFCF5 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:05:00.0709 0x058c E100B - ok
15:05:00.0780 0x058c [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:05:00.0810 0x058c EapHost - ok
15:05:00.0880 0x058c [ 938F1EC77BA35858248E584B2D2E9776, E48E7C363F4AAF8601016E3AAAD50C5C99E83747733C6339D9E21D3C8DDDE7B5 ] EGATHDRV C:\WINDOWS\system32\EGATHDRV.SYS
15:05:00.0930 0x058c EGATHDRV - ok
15:05:01.0060 0x058c [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:05:01.0070 0x058c ERSvc - ok
15:05:01.0170 0x058c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
15:05:01.0200 0x058c Eventlog - ok
15:05:01.0310 0x058c [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\System32\es.dll
15:05:01.0360 0x058c EventSystem - ok
15:05:01.0461 0x058c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:05:01.0501 0x058c Fastfat - ok
15:05:01.0611 0x058c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:05:01.0661 0x058c FastUserSwitchingCompatibility - ok
15:05:01.0711 0x058c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:05:01.0741 0x058c Fdc - ok
15:05:01.0791 0x058c [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:05:02.0131 0x058c Fips - ok
15:05:02.0192 0x058c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:05:02.0212 0x058c Flpydisk - ok
15:05:02.0312 0x058c [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:05:03.0073 0x058c FltMgr - ok
15:05:03.0203 0x058c [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:05:03.0363 0x058c FontCache3.0.0.0 - ok
15:05:03.0413 0x058c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:05:03.0433 0x058c Fs_Rec - ok
15:05:03.0503 0x058c [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:05:03.0533 0x058c Ftdisk - ok
15:05:03.0614 0x058c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:05:03.0644 0x058c Gpc - ok
15:05:03.0764 0x058c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:05:03.0834 0x058c gupdate - ok
15:05:03.0884 0x058c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:05:03.0894 0x058c gupdatem - ok
15:05:04.0044 0x058c [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:05:04.0054 0x058c helpsvc - ok
15:05:04.0084 0x058c HidServ - ok
15:05:04.0164 0x058c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:05:04.0184 0x058c hidusb - ok
15:05:04.0265 0x058c [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:05:04.0295 0x058c hkmsvc - ok
15:05:04.0325 0x058c hpn - ok
15:05:04.0355 0x058c hpt3xx - ok
15:05:04.0475 0x058c [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:05:04.0515 0x058c HTTP - ok
15:05:04.0555 0x058c [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:05:04.0715 0x058c HTTPFilter - ok
15:05:04.0745 0x058c i2omgmt - ok
15:05:04.0775 0x058c i2omp - ok
15:05:04.0835 0x058c [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:05:04.0865 0x058c i8042prt - ok
15:05:04.0946 0x058c [ 293131C1DA5F53CB05F75D637739D79C, F5F1A03FB012101FA143A288BCBC048A652A285F7DF533D1D08279E3A4D24326 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
15:05:04.0966 0x058c IBMPMDRV - ok
15:05:05.0036 0x058c [ 91FA023C5203503776BCCC9CF96A0C59, A47C788A26E4D2A282DE2EC8A75E1544CAB17A2C5F4CF867026D3B95B3651D1D ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
15:05:05.0076 0x058c IBMPMSVC - ok
15:05:05.0156 0x058c [ 28DEEBA2E29CB0E91B641CA95F7740FD, 3E4D92E7211AA0CCD38561DB5F7CDC583C141A40D9077AA7D482336D3080369B ] IBMTPCHK C:\WINDOWS\system32\drivers\IBMBLDID.SYS
15:05:05.0176 0x058c IBMTPCHK - ok
15:05:05.0346 0x058c [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:05:05.0416 0x058c IDriverT - ok
15:05:05.0727 0x058c [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:05:06.0478 0x058c idsvc - ok
15:05:06.0568 0x058c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:05:06.0608 0x058c Imapi - ok
15:05:06.0718 0x058c [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\System32\imapi.exe
15:05:06.0758 0x058c ImapiService - ok
15:05:06.0808 0x058c ini910u - ok
15:05:06.0908 0x058c [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:05:06.0928 0x058c IntelIde - ok
15:05:07.0049 0x058c [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:05:07.0069 0x058c intelppm - ok
15:05:07.0109 0x058c [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:05:07.0159 0x058c ip6fw - ok
15:05:07.0229 0x058c [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:05:07.0249 0x058c IpFilterDriver - ok
15:05:07.0279 0x058c [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:05:07.0319 0x058c IpInIp - ok
15:05:07.0419 0x058c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:05:07.0449 0x058c IpNat - ok
15:05:07.0499 0x058c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:05:07.0529 0x058c IPSec - ok
15:05:07.0589 0x058c [ ACA5E7B54409F9CB5EED97ED0C81120E, 1E22F442EA77596F58D133F1A5887CDC4F3325DD0836D24A665E1D31287ABFF7 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
15:05:07.0619 0x058c irda - ok
15:05:07.0669 0x058c [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:05:07.0699 0x058c IRENUM - ok
15:05:07.0770 0x058c [ 49CC4533CE897CB2E93C1E84A818FDE5, F2AC81CDB971F630699616509748DCE133874EFC79B9D6230517B5A4DFBE193D ] Irmon C:\WINDOWS\System32\irmon.dll
15:05:07.0810 0x058c Irmon - ok
15:05:08.0070 0x058c [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:05:08.0100 0x058c isapnp - ok
15:05:08.0290 0x058c [ DBDB1A25291B2D18C614F5CA963156A8, C8EA730A6A5BCBE7952AAA22F212C244014F206D2F4A274E29384C09F1F10A66 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:05:08.0380 0x058c JavaQuickStarterService - ok
15:05:08.0521 0x058c [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:05:08.0551 0x058c Kbdclass - ok
15:05:08.0621 0x058c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:05:08.0631 0x058c kmixer - ok
15:05:08.0731 0x058c [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:05:08.0771 0x058c KSecDD - ok
15:05:08.0851 0x058c [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:05:08.0881 0x058c lanmanserver - ok
15:05:08.0991 0x058c [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:05:09.0031 0x058c lanmanworkstation - ok
15:05:09.0071 0x058c lbrtfdc - ok
15:05:09.0222 0x058c [ 31D8B705DCD5F2366186E731F87C7A71, D73DC732EF74C3C0EADD650B65BC6EEB44EA2C4E86BFD5BE989971A34FBA160A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:05:09.0272 0x058c LightScribeService - ok
15:05:09.0362 0x058c [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:05:09.0372 0x058c LmHosts - ok
15:05:09.0422 0x058c [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:05:09.0462 0x058c Messenger - ok
15:05:09.0532 0x058c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:05:09.0552 0x058c mnmdd - ok
15:05:09.0632 0x058c [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
15:05:09.0662 0x058c mnmsrvc - ok
15:05:09.0732 0x058c [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:05:09.0752 0x058c Modem - ok
15:05:09.0803 0x058c [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:05:09.0823 0x058c Mouclass - ok
15:05:09.0963 0x058c [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:05:09.0993 0x058c mouhid - ok
15:05:10.0073 0x058c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:05:10.0093 0x058c MountMgr - ok
15:05:10.0133 0x058c mraid35x - ok
15:05:10.0173 0x058c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:05:10.0193 0x058c MRxDAV - ok
15:05:10.0343 0x058c [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:05:10.0403 0x058c MRxSmb - ok
15:05:10.0473 0x058c [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
15:05:10.0504 0x058c MSDTC - ok
15:05:10.0574 0x058c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:05:10.0594 0x058c Msfs - ok
15:05:10.0624 0x058c MSIServer - ok
15:05:10.0674 0x058c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:05:10.0694 0x058c MSKSSRV - ok
15:05:10.0754 0x058c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:05:10.0774 0x058c MSPCLOCK - ok
15:05:10.0814 0x058c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:05:10.0834 0x058c MSPQM - ok
15:05:10.0894 0x058c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:05:10.0924 0x058c mssmbios - ok
15:05:11.0054 0x058c [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:05:11.0084 0x058c Mup - ok
15:05:11.0195 0x058c [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:05:11.0255 0x058c napagent - ok
15:05:11.0335 0x058c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:05:11.0375 0x058c NDIS - ok
15:05:11.0445 0x058c [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:05:11.0465 0x058c NdisTapi - ok
15:05:11.0535 0x058c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:05:11.0545 0x058c Ndisuio - ok
15:05:11.0595 0x058c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:05:11.0625 0x058c NdisWan - ok
15:05:11.0705 0x058c [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:05:11.0725 0x058c NDProxy - ok
15:05:11.0795 0x058c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:05:11.0815 0x058c NetBIOS - ok
15:05:11.0906 0x058c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:05:11.0946 0x058c NetBT - ok
15:05:12.0036 0x058c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
15:05:12.0076 0x058c NetDDE - ok
15:05:12.0106 0x058c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:05:12.0116 0x058c NetDDEdsdm - ok
15:05:12.0186 0x058c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\System32\lsass.exe
15:05:12.0206 0x058c Netlogon - ok
15:05:12.0266 0x058c [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
15:05:12.0296 0x058c Netman - ok
15:05:12.0426 0x058c [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:05:12.0857 0x058c NetTcpPortSharing - ok
15:05:12.0957 0x058c [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
15:05:12.0977 0x058c Nla - ok
15:05:13.0077 0x058c NMIndexingService - ok
15:05:13.0167 0x058c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:05:13.0187 0x058c Npfs - ok
15:05:13.0227 0x058c [ 2ADC0CA9945C65284B3D19BC18765974, A8E2B848E85A3B38350F4134DE9CA6749854B988F9A0087C60D97E19D474CBF3 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
15:05:13.0257 0x058c NSCIRDA - ok
15:05:13.0378 0x058c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:05:13.0448 0x058c Ntfs - ok
15:05:13.0498 0x058c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
15:05:13.0498 0x058c NtLmSsp - ok
15:05:13.0648 0x058c [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:05:13.0708 0x058c NtmsSvc - ok
15:05:13.0758 0x058c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
15:05:13.0778 0x058c Null - ok
15:05:13.0898 0x058c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:05:13.0918 0x058c NwlnkFlt - ok
15:05:13.0948 0x058c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:05:13.0979 0x058c NwlnkFwd - ok
15:05:14.0069 0x058c [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:05:14.0099 0x058c Parport - ok
15:05:14.0149 0x058c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:05:14.0189 0x058c PartMgr - ok
15:05:14.0279 0x058c [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:05:14.0279 0x058c ParVdm - ok
15:05:14.0309 0x058c [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:05:14.0349 0x058c PCI - ok
15:05:14.0379 0x058c PCIDump - ok
15:05:14.0419 0x058c PCIIde - ok
15:05:14.0479 0x058c [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:05:14.0509 0x058c Pcmcia - ok
15:05:14.0539 0x058c PDCOMP - ok
15:05:14.0569 0x058c PDFRAME - ok
15:05:14.0599 0x058c PDRELI - ok
15:05:14.0629 0x058c PDRFRAME - ok
15:05:14.0680 0x058c perc2 - ok
15:05:14.0710 0x058c perc2hib - ok
15:05:14.0830 0x058c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
15:05:14.0840 0x058c PlugPlay - ok
15:05:14.0890 0x058c [ FA292805788528C083F416E151B60AB6, CF47525D15FF3FF98768FF5AE8A8F0C01AE6300C249D24E518D2A02100D5A68A ] PMEM C:\WINDOWS\system32\drivers\PMEMNT.SYS
15:05:14.0910 0x058c PMEM - ok
15:05:14.0960 0x058c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
15:05:14.0960 0x058c PolicyAgent - ok
15:05:15.0070 0x058c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:05:15.0100 0x058c PptpMiniport - ok
15:05:15.0140 0x058c [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
15:05:15.0170 0x058c Processor - ok
15:05:15.0210 0x058c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:05:15.0210 0x058c ProtectedStorage - ok
15:05:15.0240 0x058c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:05:15.0280 0x058c PSched - ok
15:05:15.0360 0x058c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:05:15.0381 0x058c Ptilink - ok
15:05:15.0471 0x058c [ 1BCFED0946F9460D6272F85B70B87A52, 6EDE283D9B5173D9F91C969E5F97A21282395769C989F609B1EFDE7B5E40EA97 ] QCONSVC C:\WINDOWS\system32\QCONSVC.EXE
15:05:15.0501 0x058c QCONSVC - ok
15:05:15.0531 0x058c ql1080 - ok
15:05:15.0551 0x058c Ql10wnt - ok
15:05:15.0581 0x058c ql12160 - ok
15:05:15.0611 0x058c ql1240 - ok
15:05:15.0641 0x058c ql1280 - ok
15:05:15.0711 0x058c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:05:15.0731 0x058c RasAcd - ok
15:05:15.0811 0x058c [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:05:15.0851 0x058c RasAuto - ok
15:05:15.0931 0x058c [ 0207D26DDF796A193CCD9F83047BB5FC, 13613036BCB869FBD7229A0FE25D324710308385D8C35E5D990A40E52BE040DF ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
15:05:15.0971 0x058c Rasirda - ok
15:05:16.0041 0x058c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:05:16.0062 0x058c Rasl2tp - ok
15:05:16.0182 0x058c [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:05:16.0232 0x058c RasMan - ok
15:05:16.0282 0x058c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:05:16.0322 0x058c RasPppoe - ok
15:05:16.0402 0x058c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:05:16.0422 0x058c Raspti - ok
15:05:16.0532 0x058c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:05:16.0562 0x058c Rdbss - ok
15:05:16.0612 0x058c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:05:16.0632 0x058c RDPCDD - ok
15:05:16.0702 0x058c [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:05:16.0753 0x058c rdpdr - ok
15:05:16.0843 0x058c [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:05:16.0873 0x058c RDPWD - ok
15:05:16.0963 0x058c [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:05:17.0023 0x058c RDSessMgr - ok
15:05:17.0083 0x058c [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:05:17.0113 0x058c redbook - ok
15:05:17.0183 0x058c [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:05:17.0213 0x058c RemoteAccess - ok
15:05:17.0293 0x058c [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:05:17.0323 0x058c RemoteRegistry - ok
15:05:17.0423 0x058c [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\System32\locator.exe
15:05:17.0534 0x058c RpcLocator - ok
15:05:17.0624 0x058c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:05:17.0654 0x058c RpcSs - ok
15:05:17.0744 0x058c [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\System32\rsvp.exe
15:05:17.0794 0x058c RSVP - ok
15:05:17.0934 0x058c [ 88B63F291AE10C1B66D2B9ED6921A7DF, A0174FC75459CE38028B1436BD46234062A3FCBE164E139F53BE49BAB3B8F95F ] rtl8185 C:\WINDOWS\system32\DRIVERS\rtl8185.sys
15:05:17.0974 0x058c rtl8185 - ok
15:05:18.0034 0x058c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
15:05:18.0034 0x058c SamSs - ok
15:05:18.0114 0x058c [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:05:18.0145 0x058c SCardSvr - ok
15:05:18.0235 0x058c [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:05:18.0265 0x058c Schedule - ok
15:05:18.0355 0x058c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:05:18.0375 0x058c Secdrv - ok
15:05:18.0425 0x058c [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:05:18.0435 0x058c seclogon - ok
15:05:18.0515 0x058c [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
15:05:18.0535 0x058c SENS - ok
15:05:18.0615 0x058c [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:05:18.0645 0x058c serenum - ok
15:05:18.0705 0x058c [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:05:18.0735 0x058c Serial - ok
15:05:18.0815 0x058c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:05:18.0856 0x058c Sfloppy - ok
15:05:18.0966 0x058c [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:05:19.0006 0x058c SharedAccess - ok
15:05:19.0086 0x058c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:05:19.0096 0x058c ShellHWDetection - ok
15:05:19.0126 0x058c Simbad - ok
15:05:19.0156 0x058c SjyPkt - ok
15:05:19.0196 0x058c [ E061A9A43C80BE5AA5D94F1EF4A713C1, 334CD9E8C4A57C2BF43A0D3895D18832C7EB0C5A6455CF3361A09F7A28DF4A6F ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
15:05:19.0226 0x058c Smapint - ok
15:05:19.0356 0x058c [ 7B06A22F16B64C23C41E0278B8DC90BF, 02867493783DAC96A90B6CD14B358C05C63FE0862A98BD71CD54F34E31632C54 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
15:05:19.0416 0x058c smwdm - ok
15:05:19.0446 0x058c Sparrow - ok
15:05:19.0486 0x058c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:05:19.0496 0x058c splitter - ok
15:05:19.0567 0x058c [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:05:19.0597 0x058c Spooler - ok
15:05:19.0767 0x058c [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:05:19.0917 0x058c sr - ok
15:05:20.0197 0x058c [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\System32\srsvc.dll
15:05:20.0227 0x058c srservice - ok
15:05:20.0358 0x058c [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:05:20.0418 0x058c Srv - ok
15:05:20.0508 0x058c [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:05:20.0548 0x058c SSDPSRV - ok
15:05:20.0688 0x058c [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:05:20.0758 0x058c stisvc - ok
15:05:20.0808 0x058c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:05:20.0838 0x058c swenum - ok
15:05:20.0969 0x058c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:05:20.0979 0x058c swmidi - ok
15:05:21.0009 0x058c SwPrv - ok
15:05:21.0059 0x058c symc810 - ok
15:05:21.0079 0x058c symc8xx - ok
15:05:21.0109 0x058c sym_hi - ok
15:05:21.0139 0x058c sym_u3 - ok
15:05:21.0219 0x058c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:05:21.0229 0x058c sysaudio - ok
15:05:21.0329 0x058c [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:05:21.0369 0x058c SysmonLog - ok
15:05:21.0429 0x058c [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:05:21.0489 0x058c TapiSrv - ok
15:05:21.0609 0x058c [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:05:21.0660 0x058c Tcpip - ok
15:05:21.0750 0x058c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:05:21.0770 0x058c TDPIPE - ok
15:05:21.0830 0x058c [ 0353AC9D91E28D936E4227539B1B2393, 8B31C2F496C446DF69B898B9B585A1097DDCA3EE50ACD31B5E09D8B1CD68DF94 ] TDSMAPI C:\WINDOWS\system32\Drivers\TDSMAPI.SYS
15:05:21.0860 0x058c TDSMAPI - ok
15:05:21.0910 0x058c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:05:21.0940 0x058c TDTCP - ok
15:05:22.0050 0x058c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:05:22.0080 0x058c TermDD - ok
15:05:22.0200 0x058c [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
15:05:22.0260 0x058c TermService - ok
15:05:22.0331 0x058c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
15:05:22.0341 0x058c Themes - ok
15:05:22.0421 0x058c [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
15:05:22.0461 0x058c TlntSvr - ok
15:05:22.0501 0x058c TosIde - ok
15:05:22.0551 0x058c [ 90579B74E1E110C2F379117047BDB356, EDD255C1A104DA6469846A4B4CDBFC5CB40DCD69DDE5207D799FB7DC850A014A ] Tp4Track C:\WINDOWS\system32\DRIVERS\tp4track.sys
15:05:22.0571 0x058c Tp4Track - ok
15:05:22.0611 0x058c [ 47F23B26F771765FD8CAC0EBAE4545E9, 2AFE4C57FE833F18E65F959DAF8879823CE8BEB13B1BA34A61E6806AF609EDC5 ] TPHKDRV C:\WINDOWS\system32\drivers\TPHKDRV.sys
15:05:22.0631 0x058c TPHKDRV - ok
15:05:22.0671 0x058c [ C10B74CF569D39594E170734DB590661, 134890D6FAE83FA38F8EEA3B72EC0E12778D6E15C7605758D9933AA4A945E755 ] TPPWR C:\WINDOWS\system32\drivers\Tppwr.sys
15:05:22.0691 0x058c TPPWR - ok
15:05:22.0781 0x058c [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:05:22.0801 0x058c TrkWks - ok
15:05:22.0911 0x058c [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
15:05:22.0921 0x058c TrueSight - ok
15:05:22.0981 0x058c [ 76F0A07D83FA24478C07250F4FC8B128, 4894CD9ABDDC9712D3D9938A66B9CD83485AEA7F0D351769D58AC80FA5885412 ] TSMAPIP C:\WINDOWS\system32\drivers\TSMAPIP.SYS
15:05:23.0001 0x058c TSMAPIP - ok
15:05:23.0082 0x058c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:05:23.0112 0x058c Udfs - ok
15:05:23.0152 0x058c ultra - ok
15:05:23.0282 0x058c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:05:23.0332 0x058c Update - ok
15:05:23.0432 0x058c [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
15:05:23.0482 0x058c upnphost - ok
15:05:23.0532 0x058c [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
15:05:23.0572 0x058c UPS - ok
15:05:23.0632 0x058c [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:05:23.0652 0x058c usbehci - ok
15:05:23.0733 0x058c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:05:23.0763 0x058c usbhub - ok
15:05:23.0843 0x058c [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:05:23.0873 0x058c usbscan - ok
15:05:23.0943 0x058c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:05:23.0973 0x058c USBSTOR - ok
15:05:24.0063 0x058c [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:05:24.0093 0x058c usbuhci - ok
15:05:24.0133 0x058c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:05:24.0163 0x058c VgaSave - ok
15:05:24.0183 0x058c ViaIde - ok
15:05:24.0223 0x058c [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:05:24.0253 0x058c VolSnap - ok
15:05:24.0353 0x058c [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
15:05:24.0404 0x058c VSS - ok
15:05:24.0494 0x058c [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\System32\w32time.dll
15:05:24.0514 0x058c W32Time - ok
15:05:24.0574 0x058c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:05:24.0614 0x058c Wanarp - ok
15:05:24.0644 0x058c WDICA - ok
15:05:24.0694 0x058c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:05:24.0704 0x058c wdmaud - ok
15:05:24.0804 0x058c [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
15:05:24.0814 0x058c WebClient - ok
15:05:24.0984 0x058c [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:05:25.0004 0x058c winmgmt - ok
15:05:25.0115 0x058c [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:05:25.0145 0x058c WmdmPmSN - ok
15:05:25.0315 0x058c [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:05:25.0365 0x058c Wmi - ok
15:05:25.0495 0x058c [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:05:25.0545 0x058c WmiApSrv - ok
15:05:25.0796 0x058c [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:05:25.0996 0x058c WMPNetworkSvc - ok
15:05:26.0066 0x058c [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:05:26.0106 0x058c WpdUsb - ok
15:05:26.0196 0x058c [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:05:26.0226 0x058c wscsvc - ok
15:05:26.0306 0x058c [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:05:26.0316 0x058c wuauserv - ok
15:05:26.0406 0x058c [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:05:26.0446 0x058c WudfPf - ok
15:05:26.0517 0x058c [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:05:26.0557 0x058c WudfRd - ok
15:05:26.0607 0x058c [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:05:26.0637 0x058c WudfSvc - ok
15:05:26.0777 0x058c [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:05:26.0817 0x058c WZCSVC - ok
15:05:27.0067 0x058c [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:05:27.0107 0x058c xmlprov - ok
15:05:27.0147 0x058c ================ Scan global ===============================
15:05:27.0218 0x058c [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
15:05:27.0358 0x058c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
15:05:27.0478 0x058c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
15:05:27.0538 0x058c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
15:05:27.0548 0x058c [ Global ] - ok
15:05:27.0558 0x058c ================ Scan MBR ==================================
15:05:27.0608 0x058c [ AB67D479E4EE1CCAD757294B60DDB98F ] \Device\Harddisk0\DR0
15:05:27.0919 0x058c \Device\Harddisk0\DR0 - ok
15:05:27.0939 0x058c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
15:05:27.0959 0x058c \Device\Harddisk1\DR1 - ok
15:05:27.0959 0x058c ================ Scan VBR ==================================
15:05:27.0979 0x058c [ 4FDC23B120F0EC5F80AE98557F4D9DCB ] \Device\Harddisk0\DR0\Partition1
15:05:27.0989 0x058c \Device\Harddisk0\DR0\Partition1 - ok
15:05:28.0019 0x058c [ BDF83EFF05C13F2D4DA35EC086A7BB23 ] \Device\Harddisk1\DR1\Partition1
15:05:28.0680 0x058c \Device\Harddisk1\DR1\Partition1 - ok
15:05:28.0690 0x058c ================ Scan generic autorun ======================
15:05:28.0750 0x058c [ FAE95D6D7651B5629C4E19ADBC9A3863, 8209A13B8C845D8EFB1B1C21135B5119E6E2AC5694B982E2103E53D0CBAA080C ] C:\WINDOWS\system32\Ati2mdxx.exe
15:05:28.0790 0x058c ATIModeChange - ok
15:05:28.0910 0x058c [ 97826CB927E0E7F4500879D99DE6D3C5, 0FB04C5AA4C1BE2E35BBDE474916DF00E223A41D6E0C590FF0C5132EBBA69051 ] C:\WINDOWS\system32\tp4serv.exe
15:05:28.0990 0x058c TrackPointSrv - ok
15:05:29.0130 0x058c [ 71E256D5C8FB8FD1933968DCCFD967A0, 92481C790B092CC363BABEA16B0252BEEE1A7CBC1C6FF55F93030DD4AB92FA66 ] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
15:05:29.0190 0x058c TPTRAY - ok
15:05:29.0210 0x058c BMMGAG - ok
15:05:29.0321 0x058c [ 6C2CF216C460BED0D4B83AF07980A761, B8BF59F1F5937558B73F1D6728E92AE8B07CB38AD529357A4E16663A969A81BE ] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
15:05:29.0411 0x058c QCTRAY - ok
15:05:29.0471 0x058c [ 8633F1E7AA1912AD962E5A656D264045, BB17957ECE5EC9ED25E9B58315AD436C76B2FF1B5A1C5D8397FC7950CC65F126 ] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
15:05:29.0521 0x058c QCWLICON - ok
15:05:29.0591 0x058c [ AA3B957AF3F3B4AA9047D5531696AB0E, BA826D7A0B56C04528C4A8EDA498173C533BA3CDD75E1C73E224AFD712F06680 ] C:\WINDOWS\system32\tp4ex.exe
15:05:29.0641 0x058c TP4EX - ok
15:05:29.0811 0x058c [ 6CE63001262FB82D746E1DEEBF00B43B, B660ECA6989ABFC3B97FCEB8D692A11F77B9D4A81D5FC34759462D2EC37A2F63 ] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
15:05:29.0861 0x058c TPHOTKEY - ok
15:05:29.0901 0x058c Tgcmd - ok
15:05:29.0982 0x058c [ C0041BB27E2E5B0550C179ECF53425CD, 82EB1BF88B1D93F4AEC5EB6A1DB790E6EFA0379DD771251707BE9F67266D3547 ] C:\WINDOWS\AGRSMMSG.exe
15:05:34.0328 0x058c AGRSMMSG - ok
15:05:34.0428 0x058c [ 3E4C03CEFAD8DE135263236B61A49C90, 243201B64F4B60D55CDB1A3BF4B9AA60BC22EB8ACA88E95042EE48AC5DF5F397 ] C:\WINDOWS\system32\\NeroCheck.exe
15:05:34.0498 0x058c NeroCheck - ok
15:05:34.0648 0x058c [ E284188C5CF416378CC740EB13059A50, 0E0863D84B29662B3EEE0602742CAE8F966CE043E690C62BC3A00244B7D35D04 ] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
15:05:34.0708 0x058c Adobe Reader Speed Launcher - ok
15:05:35.0299 0x058c [ 29FB6EF1EFB1357E2883FE297F1EBC31, A6F465EA84277D88771BE6438CAC32D8E2C73A6EEC809CB38E1090FFFB27804E ] C:\PROGRA~1\AVG\AVG9\avgtray.exe
15:05:35.0560 0x058c AVG9_TRAY - ok
15:05:35.0890 0x058c [ 3103FE27C967675B019E880AA6DA3D6D, 515E750ACD28C3CFD8174B7F213E2AA741D8942FB68E57F701EBCBB92EC3F537 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
15:05:36.0521 0x058c Adobe ARM - ok
15:05:36.0681 0x058c [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
15:05:36.0801 0x058c SunJavaUpdateSched - ok
15:05:36.0881 0x058c [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
15:05:36.0881 0x058c ctfmon.exe - ok
15:05:37.0032 0x058c updateMgr - ok
15:05:37.0112 0x058c MSMSGS - ok
15:05:37.0112 0x058c NeroHomeFirstStart - ok
15:05:37.0232 0x058c [ 269AFE2F2E2957DF8F7A5F82B2B092DB, 37B8B913090A01EC5C656214F9081AC93ADE8682582327366A7F76EDBDC98A39 ] C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe
15:05:37.0352 0x058c avg_spchecker - ok
15:05:37.0372 0x058c Waiting for KSN requests completion. In queue: 8
15:05:38.0374 0x058c Waiting for KSN requests completion. In queue: 8
15:05:39.0375 0x058c Waiting for KSN requests completion. In queue: 8
15:05:40.0507 0x058c AV detected via SS1: AVG Anti-Virus Free, 9.0, enabled, updated
15:05:40.0517 0x058c Win FW state via NFM: enabled
15:05:42.0930 0x058c ============================================================
15:05:42.0930 0x058c Scan finished
15:05:42.0930 0x058c ============================================================
15:05:42.0980 0x05b4 Detected object count: 0
15:05:42.0980 0x05b4 Actual detected object count: 0
Hi lather,
The screen capture is nothing to worry about. It was just a general warning from Kaspersky that running random .exe files may pose a threat to your system. Especially since it was running from the temp folder. Since you were running TDSSKiller, which is owned by Kaspersky that pop-up was expected.
The new log looks good, let's continue.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run RogueKiller
Right click and select "Run as Administrator"
Quit all programs
Wait until Prescan has finished ...
Click on Scan, Do Not Fix Anything at this point.
Click the Report button, save the report to your desktop
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================
In your next post please provide the following:
MBAM log
RogueKiller log
new FRST.txt
How is the computer running?
The computer seems to be running OK now. According to Security Centre, there's no problem with either the firewall or AVG, and AVG itself is reporting everything as OK. I can't find any other obvious issues, so it all seems fine now.
Although you didn't mention MBAM in the instructions, you asked for an MBAM log, so I ran that as well as RogueKiller and FRST.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 09/12/2014
Scan Time: 23:56:01
Logfile: mbam.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.12.09.08
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: IBM
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356891
Time Elapsed: 1 hr, 20 min, 35 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
RogueKiller V10.0.9.0 [Dec 8 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : IBM [Administrator]
Mode : Scan -- Date : 12/10/2014 01:30:04
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main | Start Page : file:///C:/Documents/Links_07.htm -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] it92t6zv.default : user_pref("browser.startup.homepage", "file:///C:/Documents/Links_07.htm"); -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: IC25N020ATCS04-0 +++++
--- User ---
[MBR] b6351a83af7db8b2b21a75bce7ef0bde
[BSP] 8ac2aeb576eb43be8ab59644d36fa76e : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 17637 MB
1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 36121680 | Size: 1439 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: SAMSUNG HM160HC +++++
--- User ---
[MBR] 0eab729657d325cc560e0cc412daff46
[BSP] b9c8f0477e8a5bf36e966c1e3ec93e3f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_11162014_152357.log - RKreport_DEL_11182014_013106.log - RKreport_DEL_12092014_002346.log - RKreport_SCN_11162014_003509.log
RKreport_SCN_11162014_152242.log - RKreport_SCN_11172014_140902.log - RKreport_SCN_11172014_192455.log - RKreport_SCN_11182014_012722.log
RKreport_SCN_12082014_165717.log - RKreport_SCN_12092014_002017.log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01
Ran by IBM (administrator) on THINKPAD on 10-12-2014 01:32:55
Running from C:\Documents and Settings\IBM\Desktop
Loaded Profile: IBM (Available profiles: IBM & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\WINDOWS\system32\ibmpmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
() C:\WINDOWS\system32\ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\WINDOWS\system32\QCONSVC.EXE
(IBM Corporation) C:\WINDOWS\system32\tp4serv.exe
(IBM Corp.) C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgemc.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
() C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
() C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG9\avgtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ATIModeChange] => C:\WINDOWS\system32\Ati2mdxx.exe [28672 2002-06-12] (ATI Technologies, Inc.)
HKLM\...\Run: [TrackPointSrv] => C:\WINDOWS\system32\tp4serv.exe [179200 2002-03-20] (IBM Corporation)
HKLM\...\Run: [TPTRAY] => C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE [48128 2002-03-26] (IBM Corp.)
HKLM\...\Run: [BMMGAG] => RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
HKLM\...\Run: [QCTRAY] => C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE [491520 2002-07-15] ()
HKLM\...\Run: [QCWLICON] => C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [49152 2002-07-15] ()
HKLM\...\Run: [TP4EX] => C:\WINDOWS\system32\tp4ex.exe [40960 2002-02-22] (IBM Corporation)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [69632 2002-05-30] ()
HKLM\...\Run: [UC_SMB] => [X]
HKLM\...\Run: [Tgcmd] => C:\Program Files\Support.com\bin\tgcmd.exe [1519616 2001-11-07] (Support.com, Inc.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2003-06-27] (Agere Systems)
HKLM\...\Run: [NeroCheck] => C:\WINDOWS\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\...\Run: [updateMgr] => "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\...\MountPoints2: {9e452150-6d2a-11dd-b2de-0018e7297566} - E:\LaunchU3.exe -a
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk
ShortcutTarget: Wireless Configuration Utility HW.15.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe ()
Startup: C:\Documents and Settings\IBM\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk
ShortcutTarget: Microsoft Office Fast Start.lnk -> C:\MSOffice\Office\FASTBOOT.EXE ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents/Links_07.htm
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> DefaultScope {2737D436-02AF-442D-87F4-70874E2A19E8} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> {2737D436-02AF-442D-87F4-70874E2A19E8} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer211.dll (Copernic Technologies Inc.)
Toolbar: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer211.dll (Copernic Technologies Inc.)
Toolbar: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166184064923
DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default
FF Homepage: file:///C:/Documents/Links_07.htm
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-247674877-3848448594-3852255402-1004: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: British English Dictionary - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2010-12-10]
FF Extension: external IP - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\externalip@erik.morlin [2010-01-25]
FF Extension: YouTube Unblocker - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\youtubeunblocker@unblocker.yt [2013-06-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: Media Converter - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2009-04-07]
FF Extension: DownloadHelper - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-23]
FF Extension: RightToClick - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e} [2012-01-23]
FF Extension: Adblock Plus - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012-01-06]
FF Extension: Block site - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-08-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-03-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009-06-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-08-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009-11-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-10-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-20]
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG9\Firefox [2009-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
Chrome:
=======
CHR HomePage: Default -> file:///C:/Documents/Links_07.htm
CHR StartupUrls: Default -> "file:///C:/Documents/Links_07.htm"
CHR Profile: C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-12]
CHR Extension: (Google Search) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-12]
CHR Extension: (Google Wallet) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Adblock Pro) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-01-19]
CHR Extension: (Gmail) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [131072 2002-06-12] ()
R2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 IBMPMSVC; C:\WINDOWS\system32\ibmpmsvc.exe [57344 2003-07-03] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
R2 QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [40960 2002-07-15] () [File not signed]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2007-10-22] (Meetinghouse Data Communications) [File not signed]
R1 AvgLdx86; C:\WINDOWS\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [29712 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\WINDOWS\System32\Drivers\avgtdix.sys [243152 2011-05-06] (AVG Technologies CZ, s.r.o.)
R1 DSMBATT; C:\WINDOWS\System32\drivers\DSMBATT.SYS [9888 2002-04-05] () [File not signed]
R2 EGATHDRV; C:\WINDOWS\system32\EGATHDRV.SYS [11712 2006-06-29] (IBM Corporation)
R3 IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [11344 2003-07-03] (IBM Corp.)
R1 IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2295 2002-07-15] () [File not signed]
R2 PMEM; C:\WINDOWS\system32\drivers\PMEMNT.SYS [7012 2001-09-13] (Microsoft Corporation) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 rtl8185; C:\WINDOWS\System32\DRIVERS\rtl8185.sys [306304 2007-01-29] (Realtek Semiconductor Corporation ) [File not signed]
R1 Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [13824 2002-03-26] (Microsoft Corporation) [File not signed]
R1 TDSMAPI; C:\WINDOWS\System32\Drivers\TDSMAPI.SYS [7168 2002-03-26] () [File not signed]
R3 Tp4Track; C:\WINDOWS\System32\DRIVERS\tp4track.sys [14175 2002-03-20] (IBM Corporation)
R1 TPHKDRV; C:\WINDOWS\system32\Drivers\TPHKDRV.sys [11550 2002-01-28] (IBM Corporation) [File not signed]
R1 TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [12288 2002-03-26] (IBM Corp.) [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [7168 2002-03-26] () [File not signed]
S0 27784469; system32\drivers\86684186.sys [X]
S0 64329303; system32\drivers\61547588.sys [X]
S4 hpt3xx; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-10 01:32 - 2014-12-10 01:33 - 00019261 _____ () C:\Documents and Settings\IBM\Desktop\FRST.txt
2014-12-10 01:32 - 2014-12-10 01:32 - 00002585 _____ () C:\Documents and Settings\IBM\Desktop\RKreport_SCN_12102014_013003.log
2014-12-09 00:25 - 2014-12-09 00:25 - 00002899 _____ () C:\Documents and Settings\IBM\Desktop\RKreport_DEL_12092014_002346.log
2014-12-08 16:59 - 2014-12-08 16:59 - 00002855 _____ () C:\Documents and Settings\IBM\Desktop\RKreport_SCN_12082014_165717.log
2014-12-08 16:49 - 2014-12-10 01:20 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-08 16:42 - 2014-12-10 01:17 - 00001058 _____ () C:\Documents and Settings\IBM\Desktop\mbam.txt
2014-12-08 15:36 - 2014-12-08 15:36 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\5F375B6D.sys
2014-12-08 15:18 - 2014-12-08 15:35 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\20A54D69.sys
2014-12-08 15:11 - 2014-12-08 15:34 - 00003932 _____ () C:\Documents and Settings\IBM\Desktop\Rkill.txt
2014-12-08 15:11 - 2014-12-08 15:16 - 00005664 _____ () C:\Documents and Settings\IBM\Desktop\Rkill1.txt
2014-12-08 14:47 - 2014-12-08 14:47 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-08 14:19 - 2014-12-08 14:20 - 15201368 _____ () C:\Documents and Settings\IBM\Desktop\RogueKiller.exe
2014-12-08 14:18 - 2014-12-08 14:18 - 01944824 _____ (Bleeping Computer, LLC) C:\Documents and Settings\IBM\Desktop\rkill.exe
2014-12-08 14:16 - 2014-12-08 14:18 - 04184008 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\IBM\Desktop\tdsskiller.exe
2014-12-08 03:10 - 2014-12-08 03:10 - 00027896 _____ () C:\Documents and Settings\IBM\Desktop\forum post.txt
2014-12-08 02:46 - 2014-12-08 02:46 - 00000512 _____ () C:\Documents and Settings\IBM\Desktop\MBR.dat
2014-12-08 02:15 - 2014-12-10 01:33 - 00000000 ____D () C:\FRST
2014-12-08 02:12 - 2014-12-08 02:12 - 00001887 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
2014-12-08 02:12 - 2014-12-08 02:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-12-08 02:08 - 2014-12-08 02:08 - 05198336 _____ (AVAST Software) C:\Documents and Settings\IBM\Desktop\aswMBR.exe
2014-12-08 02:07 - 2014-12-08 02:07 - 01111040 _____ (Farbar) C:\Documents and Settings\IBM\Desktop\FRST.exe
2014-12-08 02:06 - 2014-12-08 02:06 - 04215584 _____ () C:\Documents and Settings\IBM\Desktop\tweaking.com_registry_backup_setup.exe
2014-12-05 20:09 - 2014-12-07 19:25 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\DHW fun posts
2014-11-24 15:40 - 2014-11-25 15:58 - 00002598 _____ () C:\Documents and Settings\IBM\Desktop\eBay print description.txt
2014-11-21 13:42 - 2014-11-21 13:42 - 00002311 _____ () C:\DelFix.txt
2014-11-20 01:47 - 2014-11-20 01:47 - 00128687 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\census.cache
2014-11-20 01:46 - 2014-11-20 01:46 - 00166168 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\ars.cache
2014-11-20 01:21 - 2014-11-20 01:21 - 00000036 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\housecall.guid.cache
2014-11-19 18:03 - 2014-11-19 18:03 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-16 00:23 - 2014-12-08 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-11-14 15:28 - 2014-11-14 15:28 - 00000000 ____D () C:\RegBackup
2014-11-14 15:26 - 2014-11-14 15:26 - 00000000 ____D () C:\Program Files\Tweaking.com
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-10 01:33 - 2006-12-15 18:03 - 00000000 ____D () C:\Documents and Settings\IBM\Local Settings\Temp
2014-12-10 01:29 - 2006-12-05 00:21 - 00000314 _____ () C:\WINDOWS\Tasks\BMMTask.job
2014-12-10 00:39 - 2012-12-12 16:25 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-10 00:10 - 2009-11-15 02:09 - 00000000 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\prvlcl.dat
2014-12-09 23:55 - 2014-08-06 14:25 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-09 23:53 - 2007-10-22 13:22 - 00007908 _____ () C:\WINDOWS\RTacDbg.txt
2014-12-09 23:52 - 2006-12-15 19:17 - 01338251 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-09 23:51 - 1980-01-01 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-09 23:50 - 2012-12-12 16:25 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-09 23:50 - 2006-12-04 23:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-09 23:50 - 2006-12-04 23:44 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-12-09 23:50 - 2006-12-04 23:44 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-12-09 15:23 - 2006-12-15 18:03 - 00000178 ___SH () C:\Documents and Settings\IBM\ntuser.ini
2014-12-09 15:23 - 2006-12-05 00:15 - 00032072 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-09 15:09 - 2007-09-26 13:10 - 00086528 ___SH () C:\WINDOWS\Thumbs.db
2014-12-09 15:01 - 2008-06-22 14:05 - 00000000 ____D () C:\WINDOWS\system32\Drivers\Avg
2014-12-08 16:44 - 2010-10-13 15:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2378111_WM9$
2014-12-08 14:43 - 2010-07-30 07:13 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\Desktop cleanup
2014-12-08 14:41 - 2013-06-02 14:26 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\Derbyshire Heritage Walks
2014-12-08 02:13 - 2010-01-14 11:19 - 00258047 _____ () C:\WINDOWS\setupapi.log
2014-12-08 02:13 - 2006-12-04 23:46 - 00000000 ____D () C:\WINDOWS\Registration
2014-12-08 02:13 - 2006-12-04 23:37 - 00000000 ____D () C:\WINDOWS\repair
2014-12-08 00:59 - 2014-08-06 14:24 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-08 00:59 - 2014-08-06 14:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-08 00:59 - 2014-08-06 14:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-07 00:10 - 2010-07-30 07:51 - 00000000 ____D () C:\Documents and Settings\IBM\Application Data\vlc
2014-12-06 22:43 - 2011-01-14 01:00 - 00000000 ____D () C:\Documents and Settings\IBM\Application Data\dvdcss
2014-12-06 19:47 - 2014-10-19 00:19 - 00029184 _____ () C:\Documents and Settings\IBM\Desktop\2015 Tour.xls
2014-12-06 19:47 - 2007-12-02 16:46 - 00000551 _____ () C:\WINDOWS\IBM.xlb
2014-11-23 01:57 - 2006-12-15 19:06 - 00060832 _____ () C:\WINDOWS\wmsetup.log
2014-11-21 06:14 - 2014-08-06 14:24 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-08-06 14:24 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-20 15:23 - 2009-01-22 16:14 - 00079576 _____ () C:\Documents and Settings\IBM\Application Data\ReplayConverterLog.log
2014-11-19 10:53 - 2006-12-05 00:15 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-19 10:52 - 2006-12-15 18:03 - 00000000 ____D () C:\Documents and Settings\IBM
2014-11-19 10:52 - 2006-12-05 00:15 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-19 10:52 - 2006-12-05 00:15 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-11-19 10:49 - 2006-12-04 23:47 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-11-14 01:34 - 2012-01-11 17:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2646524$
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\Default User\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Default User\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Default User\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\IBM\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\IBM\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\IBM\Local Settings\Temp\{1ACB7F4D-5850-43BD-917E-D317FFF39891}-37.0.2062.124_37.0.2062.120_chrome_updater.exe
C:\Documents and Settings\IBM\Local Settings\Temp\{B2B73189-3468-40D7-B711-0F99FC4A9D69}.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Hi later,
Although you didn't mention MBAM in the instructions, you asked for an MBAM log,
:oops: I sure did, my mistake.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
Start
S0 27784469; system32\drivers\86684186.sys [X]
S0 64329303; system32\drivers\61547588.sys [X]
C:\Documents and Settings\Administrator\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\Default User\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Default User\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Default User\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\IBM\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\IBM\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\IBM\Local Settings\Temp\{1ACB7F4D-5850-43BD-917E-D317FFF39891}-37.0.2062.124_37.0.2062.120_chrome_updater.exe
C:\Documents and Settings\IBM\Local Settings\Temp\{B2B73189-3468-40D7-B711-0F99FC4A9D69}.exe
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET Online Scanner
*Note:
It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".
= = = = = = = = = = = = = = = = = = = =
Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.
=========================
In your next post please provide the following:
Fixlog.txt
ESET log
Any remaining issues?
OK, FRST run and fixlog attached.
ESET did find and quarantine a number of threats, so there is a log to post. (I didn't select the option to delete the quarantined files, just in case doing so did something unexpected to the system, so they are still there in the quarantine location.) Looks like some of what it found was stuff already quarantined by TDSSkiller, but there was some new stuff as well.
As for how the computer is running and if there are any residual issues, I've not noticed any problems and it seems to be running OK for now. The firewall and AVG are still both reporting as OK, and there's nothing strange happening in the way of hard drive activity etc.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-12-2014 01
Ran by IBM at 2014-12-10 14:29:21 Run:2
Running from C:\Documents and Settings\IBM\Desktop
Loaded Profile: IBM (Available profiles: IBM & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
S0 27784469; system32\drivers\86684186.sys [X]
S0 64329303; system32\drivers\61547588.sys [X]
C:\Documents and Settings\Administrator\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\Default User\Local Settings\Temp\hhupd.exe
C:\Documents and Settings\Default User\Local Settings\Temp\ntfsfix.exe
C:\Documents and Settings\Default User\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe
C:\Documents and Settings\IBM\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\IBM\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\IBM\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\IBM\Local Settings\Temp\{1ACB7F4D-5850-43BD-917E-D317FFF39891}-37.0.2062.124_37.0.2062.120_chrome_updater.exe
C:\Documents and Settings\IBM\Local Settings\Temp\{B2B73189-3468-40D7-B711-0F99FC4A9D69}.exe
End
*****************
27784469 => Service deleted successfully.
64329303 => Service deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\hhupd.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\ntfsfix.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe => Moved successfully.
C:\Documents and Settings\Default User\Local Settings\Temp\hhupd.exe => Moved successfully.
C:\Documents and Settings\Default User\Local Settings\Temp\ntfsfix.exe => Moved successfully.
C:\Documents and Settings\Default User\Local Settings\Temp\Shockwave_Installer_Full-8-5.exe => Moved successfully.
C:\Documents and Settings\IBM\Local Settings\Temp\dllnt_dump.dll => Moved successfully.
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\IBM\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\IBM\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\IBM\Local Settings\Temp\sqlite3.dll => Moved successfully.
C:\Documents and Settings\IBM\Local Settings\Temp\{1ACB7F4D-5850-43BD-917E-D317FFF39891}-37.0.2062.124_37.0.2062.120_chrome_updater.exe => Moved successfully.
C:\Documents and Settings\IBM\Local Settings\Temp\{B2B73189-3468-40D7-B711-0F99FC4A9D69}.exe => Moved successfully.
==== End of Fixlog ====
ESET log:
C:\Program Files\Orange\setup\OrangeFirefox.exe Win32/PrcView potentially unsafe application deleted - quarantined
C:\TDSSKiller_Quarantine\08.12.2014_14.44.04\necurs0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.ZL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.12.2014_14.53.55\necurs0000\svc0000\tsk0000.dta a variant of Win32/Kryptik.CSME trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.12.2014_00.37.34\necurs0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.ZL trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\16640898.bat BAT/Small.NAN trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\853617.bat BAT/Small.NAN trojan cleaned by deleting - quarantined
Hi lather,
Please run FRST again. If the log looks clean, we will remove the tools we used and send you on your way.
FRST run, but it hit the same problem as at the start of this thread in that it got part-way through the scan and then hung. Task Manager showed it as not responding (listing it twice on the application tab), and also CPU use at 100%. Tried running it a couple of times, but it hung at the same point both times. As a result, I've only got a partial log to post for you.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01
Ran by IBM (administrator) on THINKPAD on 11-12-2014 15:47:56
Running from C:\Documents and Settings\IBM\Desktop
Loaded Profile: IBM (Available profiles: IBM & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\WINDOWS\system32\ibmpmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
() C:\WINDOWS\system32\ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\WINDOWS\system32\QCONSVC.EXE
(IBM Corporation) C:\WINDOWS\system32\tp4serv.exe
(IBM Corp.) C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgemc.exe
() C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
() C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
() C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG9\avgtray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
() C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ATIModeChange] => C:\WINDOWS\system32\Ati2mdxx.exe [28672 2002-06-12] (ATI Technologies, Inc.)
HKLM\...\Run: [TrackPointSrv] => C:\WINDOWS\system32\tp4serv.exe [179200 2002-03-20] (IBM Corporation)
HKLM\...\Run: [TPTRAY] => C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE [48128 2002-03-26] (IBM Corp.)
HKLM\...\Run: [BMMGAG] => RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
HKLM\...\Run: [QCTRAY] => C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE [491520 2002-07-15] ()
HKLM\...\Run: [QCWLICON] => C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [49152 2002-07-15] ()
HKLM\...\Run: [TP4EX] => C:\WINDOWS\system32\tp4ex.exe [40960 2002-02-22] (IBM Corporation)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [69632 2002-05-30] ()
HKLM\...\Run: [UC_SMB] => [X]
HKLM\...\Run: [Tgcmd] => C:\Program Files\Support.com\bin\tgcmd.exe [1519616 2001-11-07] (Support.com, Inc.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2003-06-27] (Agere Systems)
HKLM\...\Run: [NeroCheck] => C:\WINDOWS\system32\\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2079792 2014-12-10] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\...\Run: [updateMgr] => "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\...\MountPoints2: {9e452150-6d2a-11dd-b2de-0018e7297566} - E:\LaunchU3.exe -a
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk
ShortcutTarget: Wireless Configuration Utility HW.15.lnk -> C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe ()
Startup: C:\Documents and Settings\IBM\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk
ShortcutTarget: Microsoft Office Fast Start.lnk -> C:\MSOffice\Office\FASTBOOT.EXE ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents/Links_07.htm
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-247674877-3848448594-3852255402-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> DefaultScope {2737D436-02AF-442D-87F4-70874E2A19E8} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> {2737D436-02AF-442D-87F4-70874E2A19E8} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer211.dll (Copernic Technologies Inc.)
Toolbar: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer211.dll (Copernic Technologies Inc.)
Toolbar: HKU\S-1-5-21-247674877-3848448594-3852255402-1004 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166184064923
DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default
FF Homepage: file:///C:/Documents/Links_07.htm
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-247674877-3848448594-3852255402-1004: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: British English Dictionary - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2010-12-10]
FF Extension: external IP - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\externalip@erik.morlin [2010-01-25]
FF Extension: YouTube Unblocker - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\youtubeunblocker@unblocker.yt [2013-06-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-28]
FF Extension: Media Converter - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2009-04-07]
FF Extension: DownloadHelper - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-23]
FF Extension: RightToClick - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e} [2012-01-23]
FF Extension: Adblock Plus - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012-01-06]
FF Extension: Block site - C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2013-08-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009-03-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-04-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009-06-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-08-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009-11-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-10-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-01-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-20]
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG9\Firefox [2009-11-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
Chrome:
=======
CHR HomePage: Default -> file:///C:/Documents/Links_07.htm
CHR StartupUrls: Default -> "file:///C:/Documents/Links_07.htm"
CHR Profile: C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-12]
CHR Extension: (Google Search) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-12]
CHR Extension: (Google Wallet) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Adblock Pro) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-01-19]
CHR Extension: (Gmail) - C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [131072 2002-06-12] ()
R2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-07-21] (AVG Technologies CZ, s.r.o.)
R2 IBMPMSVC; C:\WINDOWS\system32\ibmpmsvc.exe [57344 2003-07-03] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
R2 QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [40960 2002-07-15] () [File not signed]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2007-10-22] (Meetinghouse Data Communications) [File not signed]
R1 AvgLdx86; C:\WINDOWS\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [29712 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\WINDOWS\System32\Drivers\avgtdix.sys [243152 2011-05-06] (AVG Technologies CZ, s.r.o.)
R1 DSMBATT; C:\WINDOWS\System32\drivers\DSMBATT.SYS [9888 2002-04-05] () [File not signed]
R2 EGATHDRV; C:\WINDOWS\system32\EGATHDRV.SYS [11712 2006-06-29] (IBM Corporation)
R3 IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [11344 2003-07-03] (IBM Corp.)
R1 IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2295 2002-07-15] () [File not signed]
R2 PMEM; C:\WINDOWS\system32\drivers\PMEMNT.SYS [7012 2001-09-13] (Microsoft Corporation) [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 rtl8185; C:\WINDOWS\System32\DRIVERS\rtl8185.sys [306304 2007-01-29] (Realtek Semiconductor Corporation ) [File not signed]
R1 Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [13824 2002-03-26] (Microsoft Corporation) [File not signed]
R1 TDSMAPI; C:\WINDOWS\System32\Drivers\TDSMAPI.SYS [7168 2002-03-26] () [File not signed]
R3 Tp4Track; C:\WINDOWS\System32\DRIVERS\tp4track.sys [14175 2002-03-20] (IBM Corporation)
R1 TPHKDRV; C:\WINDOWS\system32\Drivers\TPHKDRV.sys [11550 2002-01-28] (IBM Corporation) [File not signed]
R1 TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [12288 2002-03-26] (IBM Corp.) [File not signed]
R1 TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [7168 2002-03-26] () [File not signed]
S4 hpt3xx; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 15:47 - 2014-12-11 15:48 - 00019165 _____ () C:\Documents and Settings\IBM\Desktop\FRST.txt
2014-12-11 15:25 - 2014-12-11 15:31 - 00027265 _____ () C:\Documents and Settings\IBM\Desktop\FRST1.txt
2014-12-10 14:50 - 2014-12-10 14:50 - 00000000 ____D () C:\Program Files\ESET
2014-12-10 14:49 - 2014-12-10 14:49 - 02347384 _____ (ESET) C:\Documents and Settings\IBM\Desktop\esetsmartinstaller_enu.exe
2014-12-10 14:48 - 2014-12-10 14:48 - 00000000 ____D () C:\Documents and Settings\IBM\Application Data\AVG9
2014-12-08 16:49 - 2014-12-10 01:20 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-08 15:36 - 2014-12-08 15:36 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\5F375B6D.sys
2014-12-08 15:18 - 2014-12-08 15:35 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\20A54D69.sys
2014-12-08 15:11 - 2014-12-08 15:34 - 00003932 _____ () C:\Documents and Settings\IBM\Desktop\Rkill.txt
2014-12-08 15:11 - 2014-12-08 15:16 - 00005664 _____ () C:\Documents and Settings\IBM\Desktop\Rkill1.txt
2014-12-08 14:47 - 2014-12-08 14:47 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-12-08 14:19 - 2014-12-08 14:20 - 15201368 _____ () C:\Documents and Settings\IBM\Desktop\RogueKiller.exe
2014-12-08 14:18 - 2014-12-08 14:18 - 01944824 _____ (Bleeping Computer, LLC) C:\Documents and Settings\IBM\Desktop\rkill.exe
2014-12-08 14:16 - 2014-12-08 14:18 - 04184008 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\IBM\Desktop\tdsskiller.exe
2014-12-08 03:10 - 2014-12-08 03:10 - 00027896 _____ () C:\Documents and Settings\IBM\Desktop\forum post.txt
2014-12-08 02:46 - 2014-12-08 02:46 - 00000512 _____ () C:\Documents and Settings\IBM\Desktop\MBR.dat
2014-12-08 02:15 - 2014-12-11 15:48 - 00000000 ____D () C:\FRST
2014-12-08 02:12 - 2014-12-08 02:12 - 00001887 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
2014-12-08 02:12 - 2014-12-08 02:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-12-08 02:08 - 2014-12-08 02:08 - 05198336 _____ (AVAST Software) C:\Documents and Settings\IBM\Desktop\aswMBR.exe
2014-12-08 02:07 - 2014-12-08 02:07 - 01111040 _____ (Farbar) C:\Documents and Settings\IBM\Desktop\FRST.exe
2014-12-08 02:06 - 2014-12-08 02:06 - 04215584 _____ () C:\Documents and Settings\IBM\Desktop\tweaking.com_registry_backup_setup.exe
2014-12-05 20:09 - 2014-12-07 19:25 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\DHW fun posts
2014-11-24 15:40 - 2014-11-25 15:58 - 00002598 _____ () C:\Documents and Settings\IBM\Desktop\eBay print description.txt
2014-11-21 13:42 - 2014-11-21 13:42 - 00002311 _____ () C:\DelFix.txt
2014-11-20 01:47 - 2014-11-20 01:47 - 00128687 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\census.cache
2014-11-20 01:46 - 2014-11-20 01:46 - 00166168 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\ars.cache
2014-11-20 01:21 - 2014-11-20 01:21 - 00000036 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\housecall.guid.cache
2014-11-19 18:03 - 2014-11-19 18:03 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-16 00:23 - 2014-12-08 16:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-11-14 15:28 - 2014-11-14 15:28 - 00000000 ____D () C:\RegBackup
2014-11-14 15:26 - 2014-11-14 15:26 - 00000000 ____D () C:\Program Files\Tweaking.com
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-11 15:48 - 2006-12-15 18:03 - 00000000 ____D () C:\Documents and Settings\IBM\Local Settings\Temp
2014-12-11 15:40 - 2012-12-12 16:25 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-11 15:40 - 2009-11-15 02:09 - 00000000 _____ () C:\Documents and Settings\IBM\Local Settings\Application Data\prvlcl.dat
2014-12-11 15:35 - 2006-12-05 00:21 - 00000314 _____ () C:\WINDOWS\Tasks\BMMTask.job
2014-12-11 15:31 - 2008-06-22 14:05 - 00000000 ____D () C:\WINDOWS\system32\Drivers\Avg
2014-12-11 15:22 - 2007-10-22 13:22 - 00006443 _____ () C:\WINDOWS\RTacDbg.txt
2014-12-11 15:21 - 2006-12-15 19:17 - 01349729 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-11 15:21 - 1980-01-01 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-11 15:20 - 2012-12-12 16:25 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-11 15:20 - 2006-12-04 23:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-11 15:20 - 2006-12-04 23:44 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-11 15:20 - 2006-12-04 23:44 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-11 15:17 - 2006-12-15 18:03 - 00000178 ___SH () C:\Documents and Settings\IBM\ntuser.ini
2014-12-11 15:17 - 2006-12-05 00:15 - 00032072 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-10 14:29 - 2006-12-05 00:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-12-10 14:29 - 2006-12-04 23:40 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2014-12-09 23:55 - 2014-08-06 14:25 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-09 15:09 - 2007-09-26 13:10 - 00086528 ___SH () C:\WINDOWS\Thumbs.db
2014-12-08 16:44 - 2010-10-13 15:56 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2378111_WM9$
2014-12-08 14:43 - 2010-07-30 07:13 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\Desktop cleanup
2014-12-08 14:41 - 2013-06-02 14:26 - 00000000 ____D () C:\Documents and Settings\IBM\Desktop\Derbyshire Heritage Walks
2014-12-08 02:13 - 2010-01-14 11:19 - 00258047 _____ () C:\WINDOWS\setupapi.log
2014-12-08 02:13 - 2006-12-04 23:46 - 00000000 ____D () C:\WINDOWS\Registration
2014-12-08 02:13 - 2006-12-04 23:37 - 00000000 ____D () C:\WINDOWS\repair
2014-12-08 00:59 - 2014-08-06 14:24 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-08 00:59 - 2014-08-06 14:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-08 00:59 - 2014-08-06 14:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-07 00:10 - 2010-07-30 07:51 - 00000000 ____D () C:\Documents and Settings\IBM\Application Data\vlc
2014-12-06 22:43 - 2011-01-14 01:00 - 00000000 ____D () C:\Documents and Settings\IBM\Application Data\dvdcss
2014-12-06 19:47 - 2014-10-19 00:19 - 00029184 _____ () C:\Documents and Settings\IBM\Desktop\2015 Tour.xls
2014-12-06 19:47 - 2007-12-02 16:46 - 00000551 _____ () C:\WINDOWS\IBM.xlb
2014-11-23 01:57 - 2006-12-15 19:06 - 00060832 _____ () C:\WINDOWS\wmsetup.log
2014-11-21 06:14 - 2014-08-06 14:24 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-08-06 14:24 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-11-20 15:23 - 2009-01-22 16:14 - 00079576 _____ () C:\Documents and Settings\IBM\Application Data\ReplayConverterLog.log
2014-11-19 10:53 - 2006-12-05 00:15 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-19 10:52 - 2006-12-15 18:03 - 00000000 ____D () C:\Documents and Settings\IBM
2014-11-19 10:52 - 2006-12-05 00:15 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-19 10:52 - 2006-12-05 00:15 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-11-19 10:49 - 2006-12-04 23:47 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-11-14 01:34 - 2012-01-11 17:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2646524$
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
And that's all I have of the log.
Having checked the hard drive space, I can see that there's less than 1GB free (about 830MB), so I'm wondering if that's part of the problem - I usually try to make sure there's about 2GB or more free.
Hi lather,
Not really sure why FRST won't do a complete scan. Lets run a different scan to make sure nothing is slipping by. The scan will produce two logs (OTL.txt and Extras.txt), just post the OTL log.
As far as the free space on the hard drive, it is recommended that you keep at 20% free to allow Windows to run smoothly.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
To run OTL, Right click and select "Run as Administrator". Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
=========================
In your next post please provide the following:
OTL.txt
OTL ran OK, so the log is attached below.
I did used to keep about 20% of the drive space free, but with all of the software upgrades etc, it's now a struggle to keep it at 10%. I guess I need a good temp files cleaner, as that's possibly a big part of the problem, and then take a good look at what software I can lose from the system.
OTL logfile created on: 12/12/2014 13:21:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\IBM\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1022.98 Mb Total Physical Memory | 712.66 Mb Available Physical Memory | 69.66% Memory free
1.28 Gb Paging File | 0.92 Gb Available in Paging File | 71.95% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.22 Gb Total Space | 0.81 Gb Free Space | 4.69% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 10.32 Gb Free Space | 6.92% Space Free | Partition Type: NTFS
Computer Name: THINKPAD | User Name: IBM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\IBM\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe ()
PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE ()
PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE ()
PRC - C:\WINDOWS\system32\QCONSVC.EXE ()
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE (IBM Corp.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe ()
MOD - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanDll.dll ()
MOD - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\acAuth.dll ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\QCON.DLL ()
MOD - C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE ()
MOD - C:\WINDOWS\system32\QCONSVC.EXE ()
MOD - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
MOD - C:\WINDOWS\system32\tp4uires.dll ()
MOD - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll ()
========== Services (SafeList) ==========
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (QCONSVC) -- C:\WINDOWS\system32\QCONSVC.EXE ()
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (SjyPkt) -- C:\WINDOWS\System32\Drivers\SjyPkt.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (DSMBATT) -- C:\WINDOWS\system32\drivers\DSMBATT.SYS ()
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TPPWR) -- C:\WINDOWS\system32\drivers\TPPWR.SYS (IBM Corp.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents/Links_07.htm
IE - HKCU\..\SearchScopes,DefaultScope = {2737D436-02AF-442D-87F4-70874E2A19E8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{2737D436-02AF-442D-87F4-70874E2A19E8}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "file:///C:/Documents/Links_07.htm"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: externalip@erik.morlin:0.9.9.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.8.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.24
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 12:52:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/07 21:34:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/07 20:58:07 | 000,000,000 | ---D | M]
[2009/02/01 16:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\IBM\Application Data\Mozilla\Extensions
[2014/12/10 14:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\extensions
[2010/04/28 15:35:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/07 15:08:56 | 000,000,000 | ---D | M] (Media Converter) -- C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2014/11/23 00:32:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/23 00:44:47 | 000,000,000 | ---D | M] ("RightToClick") -- C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2012/01/06 14:47:02 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013/08/12 22:53:04 | 000,000,000 | ---D | M] (Block site) -- C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/12/10 16:53:24 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/01/25 20:56:52 | 000,000,000 | ---D | M] (external IP) -- C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\extensions\externalip@erik.morlin
[2013/06/09 21:19:33 | 000,000,000 | ---D | M] ("YouTube Unblocker") -- C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\it92t6zv.default\extensions\youtubeunblocker@unblocker.yt
[2014/12/10 14:42:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 22:38:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/14 18:55:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/15 22:46:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/15 03:14:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/16 00:19:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/15 15:39:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/06/20 14:28:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011/09/13 12:52:12 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: No name found = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch\3.1_0\
CHR - Extension: No name found = C:\Documents and Settings\IBM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/05/29 16:41:23 | 000,453,965 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15589 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Orange Toolbar) - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer211.dll (Copernic Technologies Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Orange Toolbar) - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer211.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PwrMonit.dll (IBM Corp.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE ()
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE ()
O4 - HKLM..\Run: [Tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe (Support.com, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPTRAY] C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [UC_SMB] File not found
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe ()
O4 - Startup: C:\Documents and Settings\IBM\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: links_07.htm ([]file in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166184064923 (WUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab (IBM Access Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BE415DD9-C50D-46AA-9B5D-37F2EEBBBFE6} https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab (acpRunner Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C559113-25C0-41FA-86CE-367FE5CEF1EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF284004-B485-47D2-97FF-E6CDAF4666B3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\IBM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\IBM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/15 18:03:35 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9e452150-6d2a-11dd-b2de-0018e7297566}\Shell - "" = AutoRun
O33 - MountPoints2\{9e452150-6d2a-11dd-b2de-0018e7297566}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e452150-6d2a-11dd-b2de-0018e7297566}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/12/12 13:19:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\IBM\Desktop\OTL.exe
[2014/12/10 14:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/12/10 14:49:05 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\IBM\Desktop\esetsmartinstaller_enu.exe
[2014/12/10 14:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM\Application Data\AVG9
[2014/12/08 15:36:23 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\5F375B6D.sys
[2014/12/08 15:18:04 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\20A54D69.sys
[2014/12/08 14:47:42 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/12/08 14:18:37 | 001,944,824 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\IBM\Desktop\rkill.exe
[2014/12/08 14:16:39 | 004,184,008 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\IBM\Desktop\tdsskiller.exe
[2014/12/08 02:15:48 | 000,000,000 | ---D | C] -- C:\FRST
[2014/12/08 02:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2014/12/08 02:08:11 | 005,198,336 | ---- | C] (AVAST Software) -- C:\Documents and Settings\IBM\Desktop\aswMBR.exe
[2014/12/08 02:07:36 | 001,111,040 | ---- | C] (Farbar) -- C:\Documents and Settings\IBM\Desktop\FRST.exe
[2014/12/05 20:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\IBM\Desktop\DHW fun posts
[2014/11/19 18:03:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/11/16 00:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RogueKiller
[2014/11/14 15:28:09 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/11/14 15:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\Documents and Settings\IBM\Desktop\*.tmp files -> C:\Documents and Settings\IBM\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/12/12 13:31:46 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\BMMTask.job
[2014/12/12 13:25:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\prvlcl.dat
[2014/12/12 13:19:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\IBM\Desktop\OTL.exe
[2014/12/12 13:09:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/12/12 13:09:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/12 13:08:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/12/12 13:08:37 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/11 15:40:16 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/11 15:29:18 | 159,722,447 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2014/12/10 14:49:07 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\IBM\Desktop\esetsmartinstaller_enu.exe
[2014/12/10 01:20:02 | 000,035,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2014/12/09 23:55:19 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/12/08 15:36:23 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\5F375B6D.sys
[2014/12/08 15:35:31 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\20A54D69.sys
[2014/12/08 14:20:37 | 015,201,368 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\RogueKiller.exe
[2014/12/08 14:18:39 | 001,944,824 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\IBM\Desktop\rkill.exe
[2014/12/08 14:18:06 | 004,184,008 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\IBM\Desktop\tdsskiller.exe
[2014/12/08 02:46:07 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\MBR.dat
[2014/12/08 02:12:26 | 000,001,887 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
[2014/12/08 02:08:16 | 005,198,336 | ---- | M] (AVAST Software) -- C:\Documents and Settings\IBM\Desktop\aswMBR.exe
[2014/12/08 02:07:37 | 001,111,040 | ---- | M] (Farbar) -- C:\Documents and Settings\IBM\Desktop\FRST.exe
[2014/12/08 02:06:46 | 004,215,584 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\tweaking.com_registry_backup_setup.exe
[2014/12/08 00:59:50 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/06 19:47:46 | 000,000,551 | ---- | M] () -- C:\WINDOWS\IBM.xlb
[2014/11/29 22:06:56 | 000,312,077 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\Newcastle confirmation.pdf
[2014/11/29 15:14:27 | 000,370,294 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\Hull confirmation.pdf
[2014/11/29 01:14:47 | 000,358,519 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\Walsall confirmation.pdf
[2014/11/29 00:24:10 | 002,280,128 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\PCR_Americas_EN_07_2009.pdf
[2014/11/29 00:22:05 | 000,044,415 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\IHG® Rewards Club _ Print Member Card.pdf
[2014/11/21 06:14:14 | 000,054,360 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/11/21 06:14:06 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/11/20 01:47:17 | 000,128,687 | ---- | M] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\census.cache
[2014/11/20 01:46:27 | 000,166,168 | ---- | M] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\ars.cache
[2014/11/20 01:21:44 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\housecall.guid.cache
[2014/11/12 19:17:31 | 000,185,689 | ---- | M] () -- C:\Documents and Settings\IBM\Desktop\Order Complete _ Sage Gateshead.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\Documents and Settings\IBM\Desktop\*.tmp files -> C:\Documents and Settings\IBM\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/12/08 16:49:56 | 000,035,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2014/12/08 15:28:03 | 1072,746,496 | -HS- | C] () -- C:\hiberfil.sys
[2014/12/08 14:19:55 | 015,201,368 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\RogueKiller.exe
[2014/12/08 02:46:07 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\MBR.dat
[2014/12/08 02:12:26 | 000,001,887 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
[2014/12/08 02:06:39 | 004,215,584 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\tweaking.com_registry_backup_setup.exe
[2014/11/29 22:06:57 | 000,312,077 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\Newcastle confirmation.pdf
[2014/11/29 15:14:27 | 000,370,294 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\Hull confirmation.pdf
[2014/11/29 01:14:47 | 000,358,519 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\Walsall confirmation.pdf
[2014/11/29 00:24:07 | 002,280,128 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\PCR_Americas_EN_07_2009.pdf
[2014/11/29 00:21:55 | 000,044,415 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\IHG® Rewards Club _ Print Member Card.pdf
[2014/11/20 01:47:16 | 000,128,687 | ---- | C] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\census.cache
[2014/11/20 01:46:27 | 000,166,168 | ---- | C] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\ars.cache
[2014/11/20 01:21:44 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\housecall.guid.cache
[2014/11/12 19:17:32 | 000,185,689 | ---- | C] () -- C:\Documents and Settings\IBM\Desktop\Order Complete _ Sage Gateshead.pdf
[2014/07/28 11:07:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\{2C9D8B85-D085-4E66-AD86-35DD655F7115}
[2013/04/06 01:38:31 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/04/06 01:38:31 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/15 02:09:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\prvlcl.dat
[2007/09/24 10:58:21 | 000,131,584 | ---- | C] () -- C:\Documents and Settings\IBM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/12/15 12:56:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2009/11/05 11:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/15 00:32:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/12/03 15:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/02/15 18:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2014/04/23 12:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
[2014/12/08 16:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RogueKiller
[2008/03/19 13:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2014/12/10 14:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\AVG9
[2007/12/05 16:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\dBpoweramp
[2007/09/26 15:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\InterVideo
[2014/05/27 13:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\Opera Software
[2013/10/21 00:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\Oracle
[2014/04/23 12:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\IBM\Application Data\PDF Writer
========== Purity Check ==========
< End of report >
Hi lather,
I did used to keep about 20% of the drive space free, but with all of the software upgrades etc, it's now a struggle to keep it at 10%. I guess I need a good temp files cleaner, as that's possibly a big part of the problem, and then take a good look at what software I can lose from the system.
As you can see by these entries in the OTL yoru hard drives are extremely short on free space. You should try and move or delete any files or programs that you no longer need. External hard drives are quite affordable and would help eleviate some of the congestion.
Drive C: | 17.22 Gb Total Space | 0.81 Gb Free Space | 4.69% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 10.32 Gb Free Space | 6.92% Space Free | Partition Type: NTFS
= = = = = = = = = = = = = = = = = = = =
OTL log looks good. Are you having any issues we haven't addressed?
Yes, I think the time may finally have come to upgrade the C: drive - fortunately, I've got a partition management program on another PC, which I can use to copy the old drive onto the new one, and there's a good selection of suitable PATA drives on eBay right now. So I think the first step is to invest in a 60GB drive to replace the current 20GB C: drive.
As for how the machine is running, I can't see any problems with anything. No programs appear to be reporting an issue, and they all seem to be opening OK. So everything does look to be fine now.
Hi lather,
That sounds like a solid plan. Since you are having no other issues and your logs appear clean we can go ahead and wrap this up and send you on your way.
We have a few items to take care of before we get to the All Clean Speech.
= = = = = = = = = = = = = = = = = = = =
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Remove Disinfection Tools
Download Delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Tick the following boxes:
Remove disinfection tools
Create registry backup
Purge system restore
http://i1269.photobucket.com/albums/jj590/OCD-WTT/Delfix_zpsbce6c60b.gif (http://s1269.photobucket.com/user/OCD-WTT/media/Delfix_zpsbce6c60b.gif.html)
Click Run
Any other tools and files found can simply be deleted or uninstall via the Control Panel.
= = = = = = = = = = = = = = = = = = = =
With the above items taken care of let's move on to the All Clean part of the process.
The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate windows and frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)
Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
Free Anti-Virus
Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)
Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/).
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)
= = = = = = = = = = = = = = = = = = = =
Be prepared for CryptoLocker:
Cryptolocker Ransomware: What You Need To Know (http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/#)
CryptoLocker Ransomware Information Guide and FAQ (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
to help protect your computer in the future I recommend that you get the following free program:
CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this program to lock down and prevent crypto-ransomeware
http://i1269.photobucket.com/albums/jj590/OCD-WTT/CryptoPrevent_zps7ddc3ebd.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/CryptoPrevent_zps7ddc3ebd.jpg.html)
= = = = = = = = = = = = = = = = = = = =
COMPUTER SECURITY (http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960) - a short guide to staying safer online
= = = = = = = = = = = = = = = = = = = =
WOT (http://www.mywot.com/) Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
Green should be good to go
Yellow for caution
Red to stop
= = = = = = = = = = = = = = = = = = = =
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.
Please read these short reports on the dangers of peer-2-peer programs and file sharing.
FBI Cyber Education Letter (http://www.fbi.gov/cyberinvest/cyberedletter.htm)
USAToday (http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm)
infoworld (http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html)
= = = = = = = = = = = = = = = = = = = =
Make sure you keep your Windows OS current.
Windows XP:
Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
If you are running Windows XP, please take the time to read the information provided at these links.
Windows XP - The Elephant In The Room (http://www.malwareremoval.com/forum/viewtopic.php?p=630064#p630064)
Windows XP - The end of the road (http://techpageone.dell.com/technology/windows-xp-end-road/?dgc=BA&cid=272099&lid=5049884&acd=12309189674467600#.UxUoP4W9Is3)
Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.
Without these you are leaving the back door open.
= = = = = = = = = = = = = = = = = = = =
Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
= = = = = = = = = = = = = = = = = = = =
Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
OK, everything cleaned up, and free disk space up to 10% of total as a result. Also ordered an 80GB drive, so will be upgrading to that when it arrives.
Both CryptoPrevent and WOT installed, and I've also switched to a more effective ad-blocker in Chrome. Will look at some of the other suggestions such as the hosts file once I've had a chance to figure things out a little better.
Thanks for the help, and hopefully the changes will mean I'm not back here again anytime soon!
You're very welcome. Glad I was able to help. :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed.
If you still require help, please start a new topic and include fresh FRST and aswMBR logs, along with a link to your previous thread.
Please do not add any logs that might have been requested previously, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start your own topic.