Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91517 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Registry repair/still having issues [Solved]


  • This topic is locked This topic is locked
132 replies to this topic

#16 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,114 posts

Posted 31 January 2014 - 12:01 AM

Well... to be perfectly honest... I'm not sure what is going on with your system.  Some scans indicate a rootkit... that doesn't seem to be there.  Then scan show signs of other infections... that turn out to be "oddly" named files that appear to be legitimate.  All I know to do is chip away and keep digging.

 

COMBOFIX-Script
 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    AtJob::
    File::
    
    
    
    Folder::
    c:\Program Files\BitTorrent
    
    
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#17 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 31 January 2014 - 06:34 AM

ComboFix 14-01-29.01 - Beaub 01/31/2014   6:22.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1918.1331 [GMT -6:00]
Running from: c:\documents and settings\Beaub\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Beaub\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BitTorrent
c:\program files\BitTorrent\BitTorrent.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-28 to 2014-01-31  )))))))))))))))))))))))))))))))
.
.
2014-01-31 12:12 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A520A8DA-FC22-46BE-AAC5-D9C2F1E234D9}\mpengine.dll
2014-01-31 03:29 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-26 14:49 . 2014-01-26 14:50 -------- d-----w- c:\windows\LastGood
2014-01-26 03:35 . 2014-01-26 03:35 -------- d-----w- c:\program files\CCleaner
2014-01-17 03:23 . 2014-01-17 03:24 -------- d-----w- c:\windows\system32\NtmsData
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-24 21:27 . 2013-12-02 23:43 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-24 21:27 . 2011-06-10 18:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2009-12-30 23:44 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-19 01:56 . 2013-12-19 01:56 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2013-12-11 09:01 . 2013-12-11 09:01 9272200 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-12-02 19:25 . 2013-11-30 13:49 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-27 20:21 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-19 03:57 . 2013-11-30 01:33 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2013-11-18 01:18 . 2013-11-30 01:33 13504 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2013-11-13 02:59 . 2004-08-04 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-12 20:33 . 2013-06-06 12:32 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-07 05:38 . 2004-08-04 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2009-12-30 19:15 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-11-04 12:42 . 2013-11-04 12:42 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"FPPhotoMiddleWare"="c:\program files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe" [2010-07-30 62864]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-10-15 380416]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-04-14 295512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2012-8-3 494920]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk * \0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [11/29/2013 7:33 PM 13504]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/30/2009 9:22 AM 664064]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [6/6/2013 6:32 AM 37664]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/11/2011 3:23 PM 35088]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [3/6/2013 1:21 AM 39056]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [11/4/2013 6:42 AM 660184]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/27/2013 3:57 PM 93072]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/14/2009 2:31 PM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [12/16/2013 7:34 PM 247968]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [12/16/2013 7:34 PM 193696]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [9/29/2010 7:54 PM 16512]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [8/20/2013 4:55 PM 30464]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [11/4/2013 6:42 AM 16024]
S3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys --> c:\windows\system32\DRIVERS\revoflt.sys [?]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [11/4/2013 6:42 AM 1228504]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/9/2010 10:27 AM 11520]
S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [5/14/2009 11:21 AM 98304]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 08566285
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPFILTER
*NewlyCreated* - PXTDQPOB
*Deregistered* - 08566285
*Deregistered* - aswMBR
*Deregistered* - pxtdqpob
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 21:27]
.
2014-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2014-01-30 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2014-01-31 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2014-01-30 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2014-01-30 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2014-01-26 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files\Glary Utilities 4\Initialize.exe [2013-11-19 03:53]
.
2014-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]
.
2014-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]
.
2014-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-884357618-839522115-1004Core.job
- c:\documents and settings\Beaub\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 06:08]
.
2014-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-884357618-839522115-1004UA.job
- c:\documents and settings\Beaub\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 06:08]
.
2014-01-31 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 21:01]
.
2014-01-26 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1715567821-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]
.
2014-01-26 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1715567821-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]
.
2014-01-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]
.
2014-01-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z005&form=ZGAPHP
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: !HIDDEN! 2010-01-10 14:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
AddRemove-Military AI Works - RAF Lakenheath 48th FW - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-31 06:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-01-31  06:33:40
ComboFix-quarantined-files.txt  2014-01-31 12:33
ComboFix2.txt  2014-01-31 04:08
.
Pre-Run: 31,374,712,832 bytes free
Post-Run: 31,360,221,184 bytes free
.
- - End Of File - - 3FBDD37B0B57263E6330E759CAAD289F
8F558EB6672622401DA993E1E865C861


#18 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,114 posts

Posted 31 January 2014 - 09:28 AM

This tool is technically still in Beta... but it has been being used for a long time now (like maybe two years) and seems to be quite stabel.
 
LlJESjW.jpgMalwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#19 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 31 January 2014 - 04:57 PM

It detected 14 malware items. Do I need to press the clean button???

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
Java version: 1.6.0_21
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 2.004000 GHz
Memory total: 2011611136, free: 1171161088
 
Downloaded database version: v2014.01.31.09
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     01/31/2014 13:07:02
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
sptd.sys
\WINDOWS\System32\Drivers\SPTD4733.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvata.sys
cercsr6.sys
\WINDOWS\System32\Drivers\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
DRVMCDB.SYS
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
BootDefragDriver.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\HSFHWBS2.sys
\SystemRoot\system32\DRIVERS\HSF_DP.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_M.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\HPZid412.sys
\SystemRoot\system32\DRIVERS\HPZipr12.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_nvata.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResM.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABMFSM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\DOCUME~1\Beaub\LOCALS~1\Temp\aswMBR.sys
\SystemRoot\system32\drivers\36620771.sys
\??\C:\DOCUME~1\Beaub\LOCALS~1\Temp\pxtdqpob.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
\??\C:\DOCUME~1\Beaub\LOCALS~1\Temp\catchme.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\Disk points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR6
Upper Device Object: 0xffffffff8a118030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xffffffff8a004030
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a445ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000068\
Lower Device Object: 0xffffffff8a472030
Lower Device Driver Name: \Driver\nvata\
Driver name found: nvata
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a3d4628
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xffffffff8a3de030
Lower Device Driver Name: \Driver\nvata\
Driver name found: nvata
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a3d4628, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a3d4368, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a3d4628, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a497f18, DeviceName: \Device\00000066\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a3de030, DeviceName: \Device\00000064\, DriverName: \Driver\nvata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe3f630e8, 0xffffffff8a3d4628, 0xffffffff86585ab8
Lower DeviceData: 0xffffffffe1b6e9b0, 0xffffffff8a3de030, 0xffffffff8819d728
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E0000000
 
Partition information:
 
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 81920  Numsec = 20971520
 
    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 21053440  Numsec = 467224576
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 250000000000 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-488261250-488281250)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a445ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a496b90, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a445ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a3b1f18, DeviceName: \Device\00000069\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a472030, DeviceName: \Device\00000068\, DriverName: \Driver\nvata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe3bf79c0, 0xffffffff8a445ab8, 0xffffffff85f60758
Lower DeviceData: 0xffffffffe2160258, 0xffffffff8a472030, 0xffffffff882ebde8
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: EDF01A2A
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 3907026081
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8a118030, DeviceName: \Device\Harddisk2\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89d95020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a118030, DeviceName: \Device\Harddisk2\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a004030, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
Infected: C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{07a07410-d3fa-1d04-d2d7-5711f807753f} --> [Trojan.0Access]
Infected: C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{07a07410-d3fa-1d04-d2d7-5711f807753f}\L --> [Trojan.0Access]
Infected: C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{07a07410-d3fa-1d04-d2d7-5711f807753f}\U --> [Trojan.0Access]
Infected: C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f} --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\    --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\   \    --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\   \   \‮ﯹ๛ --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\   \   \‮ﯹ๛\{07a07410-d3fa-1d04-d2d7-5711f807753f} --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\   \   \‮ﯹ๛\{07a07410-d3fa-1d04-d2d7-5711f807753f}\l --> [Trojan.0Access]
Infected: c:\program files\google\desktop\install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\   \   \‮ﯹ๛\{07a07410-d3fa-1d04-d2d7-5711f807753f}\u --> [Trojan.0Access]
Infected: C:\Program Files\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f} --> [Trojan.0Access]
Scan finished


#20 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,114 posts

Posted 31 January 2014 - 07:04 PM

Yes... clean them.  ZeroAccess is a nasty one.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#21 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 31 January 2014 - 07:23 PM

Ok cleanup and PC rebooted.



#22 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,114 posts

Posted 31 January 2014 - 07:29 PM

Now please run me a new set of DDS logs.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#23 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 31 January 2014 - 07:40 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume3
Install Date: 12/30/2009 8:29:26 AM
System Uptime: 1/31/2014 7:18:33 PM (0 hours ago)
.
Motherboard: Dell Inc |  | 0UW457
Processor: AMD Athlon™ 64 Processor 3200+ | Socket M2  | 2004/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 29.227 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.007 GiB free.
E: is CDROM (CDFS)
G: is FIXED (NTFS) - 1863 GiB total, 1669.266 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2996: 12/21/2013 4:00:18 AM - Software Distribution Service 3.0
RP2997: 12/22/2013 4:00:19 AM - Software Distribution Service 3.0
RP2998: 12/22/2013 4:16:17 AM - Software Distribution Service 3.0
RP2999: 12/22/2013 10:42:28 PM - Software Distribution Service 3.0
RP3000: 12/23/2013 4:00:19 AM - Software Distribution Service 3.0
RP3001: 12/24/2013 4:00:22 AM - Software Distribution Service 3.0
RP3002: 12/24/2013 4:17:39 AM - Software Distribution Service 3.0
RP3003: 12/25/2013 4:00:22 AM - Software Distribution Service 3.0
RP3004: 12/25/2013 6:04:15 AM - Software Distribution Service 3.0
RP3005: 12/26/2013 4:00:27 AM - Software Distribution Service 3.0
RP3006: 12/27/2013 4:00:23 AM - Software Distribution Service 3.0
RP3007: 12/27/2013 4:17:47 AM - Software Distribution Service 3.0
RP3008: 12/28/2013 4:00:24 AM - Software Distribution Service 3.0
RP3009: 12/29/2013 4:00:22 AM - Software Distribution Service 3.0
RP3010: 12/29/2013 4:18:54 AM - Software Distribution Service 3.0
RP3011: 12/29/2013 11:30:04 PM - Software Distribution Service 3.0
RP3012: 12/30/2013 4:00:21 AM - Software Distribution Service 3.0
RP3013: 12/31/2013 4:08:10 AM - Software Distribution Service 3.0
RP3014: 12/31/2013 10:33:08 AM - Software Distribution Service 3.0
RP3015: 1/1/2014 4:00:19 AM - Software Distribution Service 3.0
RP3016: 1/2/2014 4:00:21 AM - Software Distribution Service 3.0
RP3017: 1/2/2014 4:17:24 AM - Software Distribution Service 3.0
RP3018: 1/3/2014 4:00:24 AM - Software Distribution Service 3.0
RP3019: 1/4/2014 4:00:21 AM - Software Distribution Service 3.0
RP3020: 1/4/2014 4:16:47 AM - Software Distribution Service 3.0
RP3021: 1/5/2014 4:00:19 AM - Software Distribution Service 3.0
RP3022: 1/5/2014 10:47:58 AM - Software Distribution Service 3.0
RP3023: 1/6/2014 3:15:54 AM - Software Distribution Service 3.0
RP3024: 1/6/2014 4:13:43 AM - Software Distribution Service 3.0
RP3025: 1/7/2014 4:07:09 AM - Software Distribution Service 3.0
RP3026: 1/8/2014 4:06:49 AM - Software Distribution Service 3.0
RP3027: 1/8/2014 6:56:36 PM - Software Distribution Service 3.0
RP3028: 1/9/2014 4:07:10 AM - Software Distribution Service 3.0
RP3029: 1/10/2014 4:07:47 AM - Software Distribution Service 3.0
RP3030: 1/10/2014 1:23:43 PM - Software Distribution Service 3.0
RP3031: 1/11/2014 4:02:37 AM - Software Distribution Service 3.0
RP3032: 1/11/2014 6:37:20 PM - Software Distribution Service 3.0
RP3033: 1/12/2014 9:28:08 AM - Software Distribution Service 3.0
RP3034: 1/12/2014 5:05:21 PM - System Checkpoint
RP3035: 1/12/2014 11:04:42 PM - Software Distribution Service 3.0
RP3036: 1/13/2014 4:00:18 AM - Software Distribution Service 3.0
RP3037: 1/14/2014 4:00:19 AM - Software Distribution Service 3.0
RP3038: 1/14/2014 4:16:36 AM - Software Distribution Service 3.0
RP3039: 1/15/2014 4:00:30 AM - Software Distribution Service 3.0
RP3040: 1/16/2014 4:06:27 AM - Software Distribution Service 3.0
RP3041: 1/16/2014 9:20:10 PM - Software Distribution Service 3.0
RP3042: 1/17/2014 4:00:19 AM - Software Distribution Service 3.0
RP3043: 1/18/2014 4:00:20 AM - Software Distribution Service 3.0
RP3044: 1/18/2014 4:17:55 AM - Software Distribution Service 3.0
RP3045: 1/19/2014 4:00:24 AM - Software Distribution Service 3.0
RP3046: 1/19/2014 10:57:18 PM - Software Distribution Service 3.0
RP3047: 1/20/2014 4:00:19 AM - Software Distribution Service 3.0
RP3048: 1/21/2014 4:00:18 AM - Software Distribution Service 3.0
RP3049: 1/21/2014 4:16:10 AM - Software Distribution Service 3.0
RP3050: 1/22/2014 4:00:18 AM - Software Distribution Service 3.0
RP3051: 1/23/2014 4:00:20 AM - Software Distribution Service 3.0
RP3052: 1/23/2014 4:17:06 AM - Software Distribution Service 3.0
RP3053: 1/24/2014 4:06:45 AM - Software Distribution Service 3.0
RP3054: 1/24/2014 7:24:26 AM - Software Distribution Service 3.0
RP3055: 1/25/2014 4:06:23 AM - Software Distribution Service 3.0
RP3056: 1/25/2014 7:33:15 AM - Software Distribution Service 3.0
RP3057: 1/26/2014 8:45:07 AM - Software Distribution Service 3.0
RP3058: 1/26/2014 9:04:18 AM - Software Distribution Service 3.0
RP3059: 1/26/2014 11:23:41 PM - Software Distribution Service 3.0
RP3060: 1/27/2014 4:00:18 AM - Software Distribution Service 3.0
RP3061: 1/28/2014 4:00:19 AM - Software Distribution Service 3.0
RP3062: 1/28/2014 4:16:35 AM - Software Distribution Service 3.0
RP3063: 1/29/2014 4:00:22 AM - Software Distribution Service 3.0
RP3064: 1/30/2014 4:00:19 AM - Software Distribution Service 3.0
RP3065: 1/30/2014 4:17:12 AM - Software Distribution Service 3.0
RP3066: 1/31/2014 7:22:21 AM - System Checkpoint
RP3067: 1/31/2014 7:16:56 PM - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.2 (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Player 12 ActiveX
Adobe Photoshop 7.0
Adobe Reader X (10.1.9)
Adobe Shockwave Player 12.0
Adobe SVG Viewer 3.0
AI-Aircraft Editor Version 2.1.0.23
AIO_Scan
AMR to MP3 Converter 1.4
AnyToISO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Mover
ArcSoft Panorama Maker 4
ASPCA Reminder by We-Care.com v4.1.22.1
Athlon 64 Processor Driver
Avanquest update
AviSynth 2.5
Bing Bar
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
BufferChm
C5200
C5200_doccd
c5200_Help
CardRd81
CCleaner
CCScore
ClipGrab 3.3.0.2
Compatibility Pack for the 2007 Office system
Content Transfer
Copy
CR2
Critical Security Update
CustomerResearchQFolder
CutePDF Writer 3.0
Dealio Toolbar v8.2
Defraggler
Delta Force - Black Hawk Down
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DocProc
DocProcQFolder
EditVoicepack
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
eSupportQFolder
Expstudio Audio Editor FREE
Fax
File Uploader
Fisher-Price Photo Software
Flight Deck 6 for FS2004
Free M4a to MP3 Converter 7.1
Free Mp3 Wma Converter V 1.9
Glary Utilities 4.0
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB954550-v5)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Officejet 6700 Basic Device Software
HP Officejet 6700 Help
HP Officejet 6700 Product Improvement Study
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
I.R.I.S. OCR
iTunes
Java Auto Updater
Java™ 6 Update 21
K-Lite Codec Pack 7.0.0 (Standard)
KATL Atlanta
KEDDS
Kodak EasyShare digital display software
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Military AI Works - RAF Lakenheath 48th FW 
MobileMe Control Panel
Motorola Driver Installation 4.5.0
Mouse Suite for Desktop Computers
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NASCAR® Racing 2007 Season
netbrdg
Nikon Message Center
Nikon Transfer
NNC Series Mod
NRatings
NVIDIA Drivers
OfotoXMI
PanoStandAlone
PGA Championship Golf 2000
Picasa 3
Prop-Liners Collection
PS Panels 737NG Version 1.1
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Safari
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Scan
Secunia PSI (3.0.0.9015)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2884256)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982802)
SFR
SHASTA
SigmaTel Audio
SimCity 2000® Special Edition
skin0001
SKINXSDK
SolutionCenter
Sonic Activation Module
Spy Sweeper
staticcr
Status
swMSM
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Toolbox
tooltips
TrayApp
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB971029)
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WD SmartWare
WebFldrs XP
WebReg
WinDirStat 1.1.2
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
WinPcap 4.1.2
WinX Free AVI to WMV Converter 4.0.15
WinX Free FLV to MP3 Converter 2.0.7
WinX Free FLV to WMV Converter 4.1.9
WinX Free MOV to MP4 Converter 4.1.11
WinX Free MOV to WMV Converter 4.1.11
WinX Free MP4 to AVI Converter 4.1.12
WinX Free MP4 to WMV Converter 4.1.10
WinZip 14.5
WIRELESS
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
1/31/2014 7:19:36 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  atapi PCIIde
1/31/2014 7:17:00 PM, error: Service Control Manager [7023]  - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:  Access is denied.
1/31/2014 4:12:32 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.165.2960.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/31/2014 4:12:32 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.165.2960.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/31/2014 4:12:32 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.165.2960.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
1/30/2014 10:00:06 PM, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
1/26/2014 8:50:53 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Office 2003 Service Pack 3 (SP3).
1/26/2014 8:40:00 PM, error: Schedule [7901]  - The At2.job command failed to start due to the following error:  General access denied error
1/26/2014 2:00:00 PM, error: Schedule [7901]  - The At4.job command failed to start due to the following error:  General access denied error
1/26/2014 10:10:00 AM, error: Schedule [7901]  - The At1.job command failed to start due to the following error:  General access denied error
1/26/2014 1:14:00 PM, error: Schedule [7901]  - The At3.job command failed to start due to the following error:  General access denied error
1/25/2014 9:47:37 PM, error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
1/25/2014 5:01:37 AM, error: Service Control Manager [7000]  - The Adobe Flash Player Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/25/2014 5:01:36 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
1/25/2014 4:43:55 AM, error: Service Control Manager [7000]  - The Windows Installer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/25/2014 4:43:53 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
1/25/2014 4:43:40 AM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/24/2014 7:14:10 AM, error: Service Control Manager [7000]  - The Process creation detector. service failed to start due to the following error:  The system cannot find the file specified.
1/24/2014 7:13:58 AM, error: Service Control Manager [7000]  - The vToolbarUpdater17.1.2 service failed to start due to the following error:  The system cannot find the file specified.
1/24/2014 7:13:38 AM, error: sptd [4]  - Driver detected an internal error in its data structures for .
1/24/2014 7:13:28 AM, error: Print [23]  - Printer Microsoft Office Document Image Writer failed to initialize because a suitable Microsoft Office Document Image Writer Driver driver could not be found.
1/24/2014 7:12:40 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2863822).
1/24/2014 7:12:40 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Office 2003 (KB907417).
1/24/2014 7:12:18 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).
1/24/2014 4:10:05 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070641: Office 2003 Service Pack 3 (SP3).
.
==== End Of File ===========================
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Beaub at 19:37:35 on 2014-01-31
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1918.1158 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Glary Utilities 4\Integrator.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe
C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [FPPhotoMiddleWare] c:\program files\fisher-price\photo software\util\Fisher-Price Photo Software Middleware.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262200055895
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369003957641
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{67A097C5-EA5A-4A00-B984-FC00705A6157} : DHCPNameServer = 192.168.2.1
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\beaub\application data\mozilla\firefox\profiles\0ixibutj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z005&form=ZGAPHP
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: !HIDDEN! 2010-01-10 14:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [2013-11-29 13504]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 214696]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-6-6 37664]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-11-4 660184]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-8-27 93072]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-9-29 16512]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-8-20 30464]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-11-4 16024]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys --> c:\windows\system32\drivers\revoflt.sys [?]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-11-4 1228504]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-1-9 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2009-5-14 98304]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
.
=============== Created Last 30 ================
.
2014-01-31 19:07:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2014-01-31 19:07:02 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-31 19:02:01 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-31 13:06:18 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d685c25f-2ecf-4e9d-bbe3-443ea0bfcb17}\mpengine.dll
2014-01-31 03:59:24 98816 ----a-w- c:\windows\sed.exe
2014-01-31 03:59:24 256000 ----a-w- c:\windows\PEV.exe
2014-01-31 03:59:24 208896 ----a-w- c:\windows\MBR.exe
2014-01-31 03:29:53 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-26 03:35:34 -------- d-----w- c:\program files\CCleaner
2014-01-17 03:23:22 -------- d-----w- c:\windows\system32\NtmsData
.
==================== Find3M  ====================
.
2014-01-24 21:27:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-24 21:27:39 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-19 01:56:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2013-12-11 09:01:26 9272200 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-12-02 19:25:48 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-19 03:57:02 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2013-11-18 01:18:34 13504 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-12 20:33:41 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-11-04 12:42:02 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP2504C rev.VT100-52 -> Harddisk0\DR0 -> \Device\00000064 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A4E0A40]<< 
_asm { MOV EAX, 0x8a4e0960; XCHG [ESP], EAX; PUSH EAX; PUSH 0x8a4030d4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL;  }
1 ntkrnlpa!IofCallDriver[0x804EE1A0] -> \Device\Harddisk0\DR0[0x8A3A7030]
\Driver\Disk[0x8A428CD0] -> IRP_MJ_CREATE -> 0x8A4E0A40
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x8a4e0a40
user & kernel MBR OK 
Warning: possible MBR rootkit infection !
.
============= FINISH: 19:38:58.21 ===============
 


#24 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,114 posts

Posted 31 January 2014 - 08:24 PM

Still something funky their. 

 

I'm going to have you repeat some things we already did... hoping that as we've made a little progress... the remaining problems will show themselves.

 

 
 

 

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
    tdss_1.jpg
     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     
    tdss_2.jpg
     
  • Click the Start Scan button.
     
    tdss_3.jpg
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     
    tdss_4.jpg
     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
     
    tdss_5.jpg
     
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

 
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
 

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#25 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 31 January 2014 - 09:01 PM

20:45:22.0622 0x0aac  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
20:45:28.0060 0x0aac  ============================================================
20:45:28.0060 0x0aac  Current date / time: 2014/01/31 20:45:28.0060
20:45:28.0060 0x0aac  SystemInfo:
20:45:28.0060 0x0aac  
20:45:28.0060 0x0aac  OS Version: 5.1.2600 ServicePack: 3.0
20:45:28.0060 0x0aac  Product type: Workstation
20:45:28.0060 0x0aac  ComputerName: BEAU
20:45:28.0060 0x0aac  UserName: Beaub
20:45:28.0060 0x0aac  Windows directory: C:\WINDOWS
20:45:28.0060 0x0aac  System windows directory: C:\WINDOWS
20:45:28.0060 0x0aac  Processor architecture: Intel x86
20:45:28.0060 0x0aac  Number of processors: 1
20:45:28.0060 0x0aac  Page size: 0x1000
20:45:28.0060 0x0aac  Boot type: Normal boot
20:45:28.0060 0x0aac  ============================================================
20:45:28.0794 0x0aac  KLMD registered as C:\WINDOWS\system32\drivers\55908034.sys
20:45:29.0075 0x0aac  System UUID: {FC4B0D00-9922-5F55-AF76-811A9AE123D7}
20:45:30.0216 0x0aac  Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:45:30.0231 0x0aac  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B24B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
20:45:30.0231 0x0aac  ============================================================
20:45:30.0231 0x0aac  \Device\Harddisk0\DR0:
20:45:30.0231 0x0aac  MBR partitions:
20:45:30.0231 0x0aac  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1400000
20:45:30.0231 0x0aac  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1414000, BlocksNum 0x1BD94800
20:45:30.0231 0x0aac  \Device\Harddisk1\DR1:
20:45:30.0231 0x0aac  MBR partitions:
20:45:30.0231 0x0aac  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07CA1
20:45:30.0231 0x0aac  ============================================================
20:45:30.0278 0x0aac  C: <-> \Device\Harddisk0\DR0\Partition2
20:45:30.0372 0x0aac  D: <-> \Device\Harddisk0\DR0\Partition1
20:45:31.0012 0x0aac  G: <-> \Device\Harddisk1\DR1\Partition1
20:45:31.0012 0x0aac  ============================================================
20:45:31.0012 0x0aac  Initialize success
20:45:31.0012 0x0aac  ============================================================
20:45:48.0621 0x0d80  ============================================================
20:45:48.0621 0x0d80  Scan started
20:45:48.0621 0x0d80  Mode: Manual; TDLFS; 
20:45:48.0621 0x0d80  ============================================================
20:45:48.0621 0x0d80  KSN ping started
20:46:02.0558 0x0d80  KSN ping finished: true
20:46:03.0339 0x0d80  ================ Scan system memory ========================
20:46:03.0339 0x0d80  System memory - ok
20:46:03.0339 0x0d80  ================ Scan services =============================
20:46:03.0417 0x0d80  Abiosdsk - ok
20:46:03.0417 0x0d80  abp480n5 - ok
20:46:03.0464 0x0d80  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:46:03.0479 0x0d80  ACPI - ok
20:46:03.0651 0x0d80  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:46:03.0667 0x0d80  ACPIEC - ok
20:46:03.0745 0x0d80  [ 2471BCB6E1388A3484E78243A1BE5F33, CB7FBA6C15791554594228A5A1A7A5040BEB1BD725F08947D780E301D8AE788A ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:46:03.0745 0x0d80  AdobeFlashPlayerUpdateSvc - ok
20:46:03.0761 0x0d80  adpu160m - ok
20:46:03.0776 0x0d80  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:46:03.0839 0x0d80  aec - ok
20:46:03.0886 0x0d80  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:46:03.0886 0x0d80  AFD - ok
20:46:03.0901 0x0d80  AFGMp50 - ok
20:46:03.0901 0x0d80  AFGSp50 - ok
20:46:03.0917 0x0d80  Aha154x - ok
20:46:03.0917 0x0d80  aic78u2 - ok
20:46:03.0932 0x0d80  aic78xx - ok
20:46:03.0964 0x0d80  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:46:03.0964 0x0d80  Alerter - ok
20:46:03.0995 0x0d80  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
20:46:03.0995 0x0d80  ALG - ok
20:46:04.0011 0x0d80  AliIde - ok
20:46:04.0057 0x0d80  [ 0A4D13B388C814560BD69C3A496ECFA8, 71ADD4C4A5C6465EA27F572DE608C348896C4C557D136718CCDD9919144F7986 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:46:04.0057 0x0d80  AmdK8 - ok
20:46:04.0057 0x0d80  amsint - ok
20:46:04.0167 0x0d80  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:46:04.0167 0x0d80  Apple Mobile Device - ok
20:46:04.0182 0x0d80  AppMgmt - ok
20:46:04.0182 0x0d80  asc - ok
20:46:04.0198 0x0d80  asc3350p - ok
20:46:04.0198 0x0d80  asc3550 - ok
20:46:04.0245 0x0d80  [ 54AB078660E536DA72B21A27F56B035B, 41FA4D644EBC12AC8768D3D0EC12FF4E31FE0A7FE5E049432132710A1ED4E500 ] ASPI            C:\WINDOWS\System32\DRIVERS\ASPI32.sys
20:46:04.0261 0x0d80  ASPI - ok
20:46:04.0386 0x0d80  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:46:04.0386 0x0d80  aspnet_state - ok
20:46:04.0417 0x0d80  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:46:04.0448 0x0d80  AsyncMac - ok
20:46:04.0464 0x0d80  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:46:04.0479 0x0d80  atapi - ok
20:46:04.0479 0x0d80  Atdisk - ok
20:46:04.0495 0x0d80  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:46:04.0526 0x0d80  Atmarpc - ok
20:46:04.0557 0x0d80  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:46:04.0573 0x0d80  AudioSrv - ok
20:46:04.0620 0x0d80  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:46:04.0636 0x0d80  audstub - ok
20:46:04.0667 0x0d80  [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
20:46:04.0667 0x0d80  avgtp - ok
20:46:04.0745 0x0d80  [ F2E8CEFC8CF4D6454F4121C5FF93136A, DFD05AD328BD0FDD8BF44043C40084A6DF98BF6F5CEAE71BF793176AF6ADFBBB ] BBSvc           C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe
20:46:04.0761 0x0d80  BBSvc - ok
20:46:04.0792 0x0d80  [ 6E1BCC590C9D30FEE8FC14DBD053CE94, 4F698D399225A890B7FDCE3773E504B2880534ED1C0F4C37589568C44BA51743 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
20:46:04.0792 0x0d80  BBUpdate - ok
20:46:04.0854 0x0d80  [ CD4646067CC7DCBA1907FA0ACF7E3966, 705DF801ACB8719213E95D6214E6C30F7A217663305DBB718F7ECD40F0084340 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:46:04.0854 0x0d80  bcm4sbxp - ok
20:46:04.0901 0x0d80  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:46:04.0932 0x0d80  Beep - ok
20:46:05.0011 0x0d80  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:46:05.0026 0x0d80  BITS - ok
20:46:05.0104 0x0d80  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:46:05.0120 0x0d80  Bonjour Service - ok
20:46:05.0167 0x0d80  [ 3722F97E33CACAB1D08B76ABFCCC2966, A40BD18AA7B0B4C5F5912438C0B8AD427C709FD1918C0C57FA3979A5CF73D890 ] BootDefragDriver C:\WINDOWS\system32\drivers\BootDefragDriver.sys
20:46:05.0167 0x0d80  BootDefragDriver - ok
20:46:05.0198 0x0d80  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
20:46:05.0198 0x0d80  Browser - ok
20:46:05.0276 0x0d80  catchme - ok
20:46:05.0292 0x0d80  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:46:05.0307 0x0d80  cbidf2k - ok
20:46:05.0307 0x0d80  cd20xrnt - ok
20:46:05.0370 0x0d80  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:46:05.0401 0x0d80  Cdaudio - ok
20:46:05.0432 0x0d80  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:46:05.0432 0x0d80  Cdfs - ok
20:46:05.0495 0x0d80  [ 4B0A100EAF5C49EF3CCA8C641431EACC, 88D9C066FFB863910EE1863CE63D38846ACA2DF72D6B5FDFCE0F3379A6DA5EF9 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:46:05.0526 0x0d80  Cdrom - ok
20:46:05.0557 0x0d80  [ 84853B3FD012251690570E9E7E43343F, 65CACFA643E52A0C0E6B2D901228A8A0AD4993CAFA3C287E65395F4B7C521089 ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
20:46:05.0604 0x0d80  cercsr6 - ok
20:46:05.0620 0x0d80  Changer - ok
20:46:05.0651 0x0d80  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:46:05.0682 0x0d80  CiSvc - ok
20:46:05.0714 0x0d80  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:46:05.0760 0x0d80  ClipSrv - ok
20:46:05.0807 0x0d80  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:05.0823 0x0d80  clr_optimization_v2.0.50727_32 - ok
20:46:05.0854 0x0d80  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:46:05.0870 0x0d80  clr_optimization_v4.0.30319_32 - ok
20:46:05.0870 0x0d80  CmdIde - ok
20:46:05.0885 0x0d80  COMSysApp - ok
20:46:05.0901 0x0d80  Cpqarray - ok
20:46:05.0917 0x0d80  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:46:05.0917 0x0d80  CryptSvc - ok
20:46:05.0917 0x0d80  dac2w2k - ok
20:46:05.0932 0x0d80  dac960nt - ok
20:46:05.0995 0x0d80  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:46:05.0995 0x0d80  DcomLaunch - ok
20:46:06.0042 0x0d80  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:46:06.0057 0x0d80  Dhcp - ok
20:46:06.0073 0x0d80  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:46:06.0073 0x0d80  Disk - ok
20:46:06.0151 0x0d80  [ 0659E6E0A95564F958D9DF7313F7701E, CDE805D797853D37149678A5A9BE9B5C8F637F5629AAAE9545509E5686F87C20 ] DLABMFSM        C:\WINDOWS\system32\DLA\DLABMFSM.SYS
20:46:06.0151 0x0d80  DLABMFSM - ok
20:46:06.0167 0x0d80  [ 8691C78908F0BD66170669DB268369F2, 7CEDECA3C6A4BBC3195589D7B6A7B9C9F2D8CD4D0513B055C55B867FB14EB58F ] DLABOIOM        C:\WINDOWS\system32\DLA\DLABOIOM.SYS
20:46:06.0167 0x0d80  DLABOIOM - ok
20:46:06.0167 0x0d80  [ 76167B5EB2DFFC729EDC36386876B40B, 4116749A6C6D9473564AE7B3BEB3555867BAA6A7081920B9B8921F89DAA7A3C0 ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
20:46:06.0167 0x0d80  DLACDBHM - ok
20:46:06.0182 0x0d80  [ 5615744A1056933B90E6AC54FEB86F35, 4A7A34E01F829C1E3430166CCBB604490D0A61E39ED9F5B663DFD46DA6C7CE4B ] DLADResM        C:\WINDOWS\system32\DLA\DLADResM.SYS
20:46:06.0182 0x0d80  DLADResM - ok
20:46:06.0214 0x0d80  [ 1AECA2AFA5005CE4A550CF8EB55A8C88, E42DCC29F2D5FE811BC4200D676EC60D8FDB9F86C9204B14754B496E8D8E6E28 ] DLAIFS_M        C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
20:46:06.0214 0x0d80  DLAIFS_M - ok
20:46:06.0229 0x0d80  [ 840E7F6ABB885C72B9FFDDB022EF5B6D, 4F2CF773652E93E9DA5A57BAF505190B608D96923E00B7A589294E2D1EEEC115 ] DLAOPIOM        C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
20:46:06.0229 0x0d80  DLAOPIOM - ok
20:46:06.0245 0x0d80  [ 0294D18731AC05DA80132CE88F8A876B, 913CFA7D0868E1C95F116B2C583803E9138BAA5A52524F0D26026B1661C20392 ] DLAPoolM        C:\WINDOWS\system32\DLA\DLAPoolM.SYS
20:46:06.0245 0x0d80  DLAPoolM - ok
20:46:06.0260 0x0d80  [ 91886FED52A3F9966207BCE46CFD794F, 808425C5ECA163626ED23EC0BB203C77870932C23AD9FEEB39FE907314BB3997 ] DLARTL_M        C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
20:46:06.0260 0x0d80  DLARTL_M - ok
20:46:06.0276 0x0d80  [ CCA4E121D599D7D1706A30F603731E59, 2776BB5384A210184F0BEC0A3CBC1076BEBEAE00D74D4D6B7CED5711291BBB9E ] DLAUDFAM        C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
20:46:06.0276 0x0d80  DLAUDFAM - ok
20:46:06.0292 0x0d80  [ 7DAB85C33135DF24419951DA4E7D38E5, 87FC6BD347C7DC68130FDE862389DD0B9321FB51D5ED62B39985EA4437486EDA ] DLAUDF_M        C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
20:46:06.0292 0x0d80  DLAUDF_M - ok
20:46:06.0307 0x0d80  dmadmin - ok
20:46:06.0339 0x0d80  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:46:06.0417 0x0d80  dmboot - ok
20:46:06.0448 0x0d80  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:46:06.0510 0x0d80  dmio - ok
20:46:06.0542 0x0d80  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:46:06.0557 0x0d80  dmload - ok
20:46:06.0589 0x0d80  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:46:06.0604 0x0d80  dmserver - ok
20:46:06.0651 0x0d80  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:46:06.0667 0x0d80  DMusic - ok
20:46:06.0714 0x0d80  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:46:06.0714 0x0d80  Dnscache - ok
20:46:06.0776 0x0d80  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:46:06.0854 0x0d80  Dot3svc - ok
20:46:06.0870 0x0d80  dpti2o - ok
20:46:06.0901 0x0d80  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:46:06.0917 0x0d80  drmkaud - ok
20:46:06.0979 0x0d80  [ C00440385CF9F3D142917C63F989E244, 5DD3684D3C6DE4E9C82778C4097E9017E1DB0617DDD1D04831263B1E390B2D08 ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
20:46:06.0979 0x0d80  DRVMCDB - ok
20:46:06.0979 0x0d80  [ 6E6AB29D3C06E64CE81FEACDA85394B5, 82BB4F82D4C0DA7FC426FDF363E232183CD0DC7F3357CF930ACEE21DA71F62B8 ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
20:46:06.0995 0x0d80  DRVNDDM - ok
20:46:07.0042 0x0d80  [ 6461E57BB51A848AAE26F52427B7CF9E, A5730998362CB5C3A7B288A3DCD02E3165ACBBB98AB39F7A0FE2029D946EA95D ] dtscsi          C:\WINDOWS\System32\Drivers\dtscsi.sys
20:46:07.0042 0x0d80  dtscsi - ok
20:46:07.0057 0x0d80  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:46:07.0120 0x0d80  EapHost - ok
20:46:07.0135 0x0d80  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:46:07.0135 0x0d80  ERSvc - ok
20:46:07.0182 0x0d80  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
20:46:07.0182 0x0d80  Eventlog - ok
20:46:07.0229 0x0d80  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
20:46:07.0229 0x0d80  EventSystem - ok
20:46:07.0260 0x0d80  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:46:07.0292 0x0d80  Fastfat - ok
20:46:07.0354 0x0d80  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:46:07.0354 0x0d80  FastUserSwitchingCompatibility - ok
20:46:07.0385 0x0d80  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
20:46:07.0401 0x0d80  Fdc - ok
20:46:07.0417 0x0d80  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:46:07.0432 0x0d80  Fips - ok
20:46:07.0448 0x0d80  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
20:46:07.0479 0x0d80  Flpydisk - ok
20:46:07.0526 0x0d80  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:46:07.0526 0x0d80  FltMgr - ok
20:46:07.0573 0x0d80  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:46:07.0573 0x0d80  FontCache3.0.0.0 - ok
20:46:07.0604 0x0d80  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:46:07.0620 0x0d80  Fs_Rec - ok
20:46:07.0635 0x0d80  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:46:07.0635 0x0d80  Ftdisk - ok
20:46:07.0682 0x0d80  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:46:07.0682 0x0d80  GEARAspiWDM - ok
20:46:07.0714 0x0d80  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:46:07.0745 0x0d80  Gpc - ok
20:46:07.0838 0x0d80  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:46:07.0838 0x0d80  gupdate - ok
20:46:07.0854 0x0d80  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:46:07.0854 0x0d80  gupdatem - ok
20:46:07.0901 0x0d80  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:46:07.0917 0x0d80  gusvc - ok
20:46:07.0932 0x0d80  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:46:07.0932 0x0d80  HDAudBus - ok
20:46:07.0979 0x0d80  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:46:07.0979 0x0d80  helpsvc - ok
20:46:07.0995 0x0d80  HidServ - ok
20:46:08.0010 0x0d80  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:46:08.0026 0x0d80  hidusb - ok
20:46:08.0042 0x0d80  [ 4ADF0F441F26B0BA70B82E703BD72D2C, 4EEEA588A8F4253F40F0389EBFBC76B0EC888B40FCA9FB367EC5B8AEA9EA3F3F ] hitmanpro37     C:\WINDOWS\system32\drivers\hitmanpro37.sys
20:46:08.0042 0x0d80  hitmanpro37 - ok
20:46:08.0088 0x0d80  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:46:08.0120 0x0d80  hkmsvc - ok
20:46:08.0120 0x0d80  hpn - ok
20:46:08.0229 0x0d80  [ 38D6B51F04DEF7FB248FA56E4C47407E, 9D2A53553AF2FB2E8424BE6B6388EFFC69240EA5BBE043AC542029BE39BACB25 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:46:08.0229 0x0d80  hpqcxs08 - ok
20:46:08.0276 0x0d80  [ 3EE4A63539EC04EE2D4BD293985087AB, 754826BC906F69AEE5D2CFEA1B22B7179767999C834B70D561F8B0CB4CAE9A59 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:46:08.0276 0x0d80  hpqddsvc - ok
20:46:08.0292 0x0d80  [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:46:08.0323 0x0d80  HPZid412 - ok
20:46:08.0338 0x0d80  [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:46:08.0354 0x0d80  HPZipr12 - ok
20:46:08.0370 0x0d80  [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:46:08.0385 0x0d80  HPZius12 - ok
20:46:08.0432 0x0d80  [ 77E4FF0B73BC0AEAAF39BF0C8104231F, A5D35FCD9E52003D990EB97DF1634DE9B516647C8DAAD3152550CD875DBBDA82 ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
20:46:08.0463 0x0d80  HSFHWBS2 - ok
20:46:08.0510 0x0d80  [ 60E1604729A15EF4A3B05F298427B3B1, 139DE473F645A300DD436B4AA8359A23FCE3BB9688B6B597E89F8ADBC36A71B9 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:46:08.0588 0x0d80  HSF_DP - ok
20:46:08.0635 0x0d80  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:46:08.0651 0x0d80  HTTP - ok
20:46:08.0667 0x0d80  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:46:08.0682 0x0d80  HTTPFilter - ok
20:46:08.0698 0x0d80  i2omgmt - ok
20:46:08.0698 0x0d80  i2omp - ok
20:46:08.0713 0x0d80  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
20:46:08.0745 0x0d80  i8042prt - ok
20:46:08.0792 0x0d80  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:46:08.0854 0x0d80  IDriverT - ok
20:46:08.0932 0x0d80  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:46:08.0963 0x0d80  idsvc - ok
20:46:08.0979 0x0d80  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:46:09.0010 0x0d80  Imapi - ok
20:46:09.0057 0x0d80  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:46:09.0057 0x0d80  ImapiService - ok
20:46:09.0073 0x0d80  ini910u - ok
20:46:09.0073 0x0d80  IntelIde - ok
20:46:09.0120 0x0d80  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
20:46:09.0151 0x0d80  Ip6Fw - ok
20:46:09.0167 0x0d80  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:46:09.0182 0x0d80  IpFilterDriver - ok
20:46:09.0213 0x0d80  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:46:09.0260 0x0d80  IpInIp - ok
20:46:09.0292 0x0d80  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:46:09.0292 0x0d80  IpNat - ok
20:46:09.0354 0x0d80  [ 066F2BBE2EEC9A42B065B552BF356B4E, AE86DB5BFD4748C54C0C224E7FBEA3C032F1071A39303DF35AA04869D3950B7A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:46:09.0370 0x0d80  iPod Service - ok
20:46:09.0401 0x0d80  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:46:09.0448 0x0d80  IPSec - ok
20:46:09.0479 0x0d80  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:46:09.0495 0x0d80  IRENUM - ok
20:46:09.0510 0x0d80  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:46:09.0510 0x0d80  isapnp - ok
20:46:09.0667 0x0d80  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:46:09.0682 0x0d80  JavaQuickStarterService - ok
20:46:09.0698 0x0d80  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:46:09.0713 0x0d80  Kbdclass - ok
20:46:09.0729 0x0d80  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:46:09.0745 0x0d80  kbdhid - ok
20:46:09.0776 0x0d80  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:46:09.0776 0x0d80  kmixer - ok
20:46:09.0854 0x0d80  [ 9646A100ACF21516DB1052BC419332BA, 231A21866983E5D2BA32F2F76B1180880F68908D54FCF13ECE377354FA847D62 ] KodakDigitalDisplayService C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe
20:46:09.0948 0x0d80  KodakDigitalDisplayService - ok
20:46:09.0979 0x0d80  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:46:09.0979 0x0d80  KSecDD - ok
20:46:10.0026 0x0d80  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:46:10.0026 0x0d80  lanmanserver - ok
20:46:10.0073 0x0d80  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:46:10.0073 0x0d80  lanmanworkstation - ok
20:46:10.0088 0x0d80  Lavasoft Ad-Aware Service - ok
20:46:10.0104 0x0d80  Lavasoft Kernexplorer - ok
20:46:10.0104 0x0d80  lbrtfdc - ok
20:46:10.0151 0x0d80  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:46:10.0166 0x0d80  LmHosts - ok
20:46:10.0182 0x0d80  [ EEAEA6514BA7C9D273B5E87C4E1AAB30, 3B724C6A8867B1B7A45D832150E0CFAC1004D3B972A2A7BFDD2ADDDB2488BB1E ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:46:10.0182 0x0d80  mdmxsdk - ok
20:46:10.0198 0x0d80  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:46:10.0229 0x0d80  Messenger - ok
20:46:10.0260 0x0d80  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:46:10.0276 0x0d80  mnmdd - ok
20:46:10.0307 0x0d80  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
20:46:10.0385 0x0d80  mnmsrvc - ok
20:46:10.0401 0x0d80  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:46:10.0401 0x0d80  Modem - ok
20:46:10.0432 0x0d80  [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:46:10.0448 0x0d80  MODEMCSA - ok
20:46:10.0479 0x0d80  [ 54FEE02961C70FD9D4D7E2F87AFA23FA, 63DFA8340ECD3150AE29291502B10812661CF975FCAC4DA74267588E85A0B0B5 ] motmodem        C:\WINDOWS\system32\DRIVERS\motmodem.sys
20:46:10.0526 0x0d80  motmodem - ok
20:46:10.0526 0x0d80  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:46:10.0557 0x0d80  Mouclass - ok
20:46:10.0573 0x0d80  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:46:10.0588 0x0d80  mouhid - ok
20:46:10.0635 0x0d80  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:46:10.0635 0x0d80  MountMgr - ok
20:46:10.0698 0x0d80  [ 825BF0E46B4470A463AEB641480C5FCA, 321F37EA5D2AF7E3F55399ABE94AC3788B90E254E4A6859059C6BB1C6BEF19D0 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:46:10.0698 0x0d80  MozillaMaintenance - ok
20:46:10.0745 0x0d80  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:46:10.0760 0x0d80  MpFilter - ok
20:46:10.0885 0x0d80  [ 06D4F934E09C359B0EFBFB3146F1D910, 484F57CD6F8757137F3B3491B8AC8ECF6C6385A666CD1671833DDD9E962AAB4A ] MpKsl3450b2a1   C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D685C25F-2ECF-4E9D-BBE3-443EA0BFCB17}\MpKsl3450b2a1.sys
20:46:10.0885 0x0d80  MpKsl3450b2a1 - ok
20:46:10.0901 0x0d80  mraid35x - ok
20:46:10.0916 0x0d80  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:46:10.0932 0x0d80  MRxDAV - ok
20:46:10.0979 0x0d80  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:46:10.0995 0x0d80  MRxSmb - ok
20:46:11.0010 0x0d80  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
20:46:11.0041 0x0d80  MSDTC - ok
20:46:11.0057 0x0d80  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:46:11.0057 0x0d80  Msfs - ok
20:46:11.0057 0x0d80  MSIServer - ok
20:46:11.0088 0x0d80  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:46:11.0104 0x0d80  MSKSSRV - ok
20:46:11.0166 0x0d80  [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:46:11.0166 0x0d80  MsMpSvc - ok
20:46:11.0182 0x0d80  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:46:11.0213 0x0d80  MSPCLOCK - ok
20:46:11.0245 0x0d80  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:46:11.0276 0x0d80  MSPQM - ok
20:46:11.0276 0x0d80  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:46:11.0276 0x0d80  mssmbios - ok
20:46:11.0307 0x0d80  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:46:11.0323 0x0d80  Mup - ok
20:46:11.0354 0x0d80  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:46:11.0416 0x0d80  napagent - ok
20:46:11.0432 0x0d80  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:46:11.0448 0x0d80  NDIS - ok
20:46:11.0463 0x0d80  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:46:11.0463 0x0d80  NdisTapi - ok
20:46:11.0479 0x0d80  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:46:11.0495 0x0d80  Ndisuio - ok
20:46:11.0510 0x0d80  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:46:11.0573 0x0d80  NdisWan - ok
20:46:11.0604 0x0d80  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:46:11.0604 0x0d80  NDProxy - ok
20:46:11.0635 0x0d80  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
20:46:11.0635 0x0d80  Net Driver HPZ12 - ok
20:46:11.0666 0x0d80  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:46:11.0666 0x0d80  NetBIOS - ok
20:46:11.0713 0x0d80  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:46:11.0745 0x0d80  NetBT - ok
20:46:11.0791 0x0d80  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:46:11.0870 0x0d80  NetDDE - ok
20:46:11.0885 0x0d80  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:46:11.0885 0x0d80  NetDDEdsdm - ok
20:46:11.0916 0x0d80  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:46:11.0932 0x0d80  Netlogon - ok
20:46:11.0948 0x0d80  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
20:46:11.0948 0x0d80  Netman - ok
20:46:11.0979 0x0d80  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:46:11.0979 0x0d80  NetTcpPortSharing - ok
20:46:12.0041 0x0d80  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:46:12.0057 0x0d80  Nla - ok
20:46:12.0104 0x0d80  [ B48DC6ABCD3AEFF8618350CCBDC6B09A, 824D8B03E061DDD0D33EF9F03C669B13E7B6E339684009BD44D69178C45E2DE1 ] npf             C:\WINDOWS\system32\drivers\npf.sys
20:46:12.0104 0x0d80  npf - ok
20:46:12.0120 0x0d80  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:46:12.0120 0x0d80  Npfs - ok
20:46:12.0182 0x0d80  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:46:12.0198 0x0d80  Ntfs - ok
20:46:12.0198 0x0d80  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
20:46:12.0198 0x0d80  NtLmSsp - ok
20:46:12.0244 0x0d80  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:46:12.0291 0x0d80  NtmsSvc - ok
20:46:12.0307 0x0d80  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:46:12.0323 0x0d80  Null - ok
20:46:12.0541 0x0d80  [ 15A6306A0B958BF60F09688D0EE70479, BE4AD7CF12EAA8D62B7B8A0153B1F1E8C163DCC61C4C977E8EC06D78239DC91E ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:46:12.0729 0x0d80  nv - ok
20:46:12.0776 0x0d80  [ 6B37162E91A7005BAA753CB611ACEA2D, 7B0776F21A1EFBDC519682236A630BDBF598AAAFFD240149F2CFABAC65DF2503 ] nvata           C:\WINDOWS\system32\DRIVERS\nvata.sys
20:46:12.0776 0x0d80  nvata - ok
20:46:12.0807 0x0d80  [ 986D6666E076AFD2B60ACAFD5B01A00F, 074EC1BD13D2B5626AFF7DD966E7F2D0ECE9C64577B8BD6C157B274A44FF3F9A ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
20:46:12.0823 0x0d80  NVSvc - ok
20:46:12.0854 0x0d80  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:46:12.0869 0x0d80  NwlnkFlt - ok
20:46:12.0885 0x0d80  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:46:12.0916 0x0d80  NwlnkFwd - ok
20:46:12.0932 0x0d80  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
20:46:12.0932 0x0d80  Parport - ok
20:46:12.0979 0x0d80  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:46:12.0994 0x0d80  PartMgr - ok
20:46:13.0010 0x0d80  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:46:13.0026 0x0d80  ParVdm - ok
20:46:13.0057 0x0d80  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:46:13.0057 0x0d80  PCI - ok
20:46:13.0057 0x0d80  PCIDump - ok
20:46:13.0104 0x0d80  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:46:13.0119 0x0d80  PCIIde - ok
20:46:13.0151 0x0d80  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:46:13.0166 0x0d80  Pcmcia - ok
20:46:13.0182 0x0d80  PDCOMP - ok
20:46:13.0182 0x0d80  PDFRAME - ok
20:46:13.0198 0x0d80  PDRELI - ok
20:46:13.0198 0x0d80  PDRFRAME - ok
20:46:13.0213 0x0d80  perc2 - ok
20:46:13.0213 0x0d80  perc2hib - ok
20:46:13.0244 0x0d80  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
20:46:13.0260 0x0d80  PlugPlay - ok
20:46:13.0291 0x0d80  [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
20:46:13.0307 0x0d80  Pml Driver HPZ12 - ok
20:46:13.0323 0x0d80  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:46:13.0323 0x0d80  PolicyAgent - ok
20:46:13.0338 0x0d80  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:46:13.0385 0x0d80  PptpMiniport - ok
20:46:13.0385 0x0d80  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
20:46:13.0416 0x0d80  Processor - ok
20:46:13.0416 0x0d80  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:46:13.0416 0x0d80  ProtectedStorage - ok
20:46:13.0463 0x0d80  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:46:13.0494 0x0d80  PSched - ok
20:46:13.0526 0x0d80  [ 68B57D7C11277EA89F78255480376B4D, 5530B58126BF33E6BCDED99C73C41B90BA148587BDA3866FD4DAD12035B302B5 ] PSI             C:\WINDOWS\system32\DRIVERS\psi_mf_x86.sys
20:46:13.0557 0x0d80  PSI - ok
20:46:13.0588 0x0d80  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:46:13.0604 0x0d80  Ptilink - ok
20:46:13.0619 0x0d80  [ FEFFCFDC528764A04C8ED63D5FA6E711, BECC9174DA5860FCF011957CB6A12DE5074A770DC14076C0C94E63AD42ECF19E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:46:13.0619 0x0d80  PxHelp20 - ok
20:46:13.0635 0x0d80  ql1080 - ok
20:46:13.0635 0x0d80  Ql10wnt - ok
20:46:13.0651 0x0d80  ql12160 - ok
20:46:13.0651 0x0d80  ql1240 - ok
20:46:13.0666 0x0d80  ql1280 - ok
20:46:13.0682 0x0d80  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:46:13.0698 0x0d80  RasAcd - ok
20:46:13.0729 0x0d80  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:46:13.0776 0x0d80  RasAuto - ok
20:46:13.0791 0x0d80  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:46:13.0791 0x0d80  Rasl2tp - ok
20:46:13.0854 0x0d80  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:46:13.0869 0x0d80  RasMan - ok
20:46:13.0885 0x0d80  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:46:13.0901 0x0d80  RasPppoe - ok
20:46:13.0916 0x0d80  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:46:13.0932 0x0d80  Raspti - ok
20:46:13.0948 0x0d80  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:46:13.0963 0x0d80  Rdbss - ok
20:46:13.0963 0x0d80  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:46:13.0979 0x0d80  RDPCDD - ok
20:46:14.0026 0x0d80  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:46:14.0026 0x0d80  RDPWD - ok
20:46:14.0057 0x0d80  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:46:14.0104 0x0d80  RDSessMgr - ok
20:46:14.0166 0x0d80  [ 89525CC2DBAD44F7199B9CC188B3F9C5, 09708EFA65BC1CCF92E6F2E143FCF88C645B1633AFE0DED833CDF945CB077D8C ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
20:46:14.0182 0x0d80  RealNetworks Downloader Resolver Service - ok
20:46:14.0213 0x0d80  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:46:14.0260 0x0d80  redbook - ok
20:46:14.0291 0x0d80  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:46:14.0323 0x0d80  RemoteAccess - ok
20:46:14.0338 0x0d80  Revoflt - ok
20:46:14.0354 0x0d80  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:46:14.0401 0x0d80  RpcLocator - ok
20:46:14.0447 0x0d80  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
20:46:14.0447 0x0d80  RpcSs - ok
20:46:14.0494 0x0d80  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:46:14.0526 0x0d80  RSVP - ok
20:46:14.0557 0x0d80  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:46:14.0557 0x0d80  SamSs - ok
20:46:14.0604 0x0d80  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:46:14.0666 0x0d80  SCardSvr - ok
20:46:14.0697 0x0d80  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:46:14.0729 0x0d80  Schedule - ok
20:46:14.0744 0x0d80  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:46:14.0776 0x0d80  Secdrv - ok
20:46:14.0791 0x0d80  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:46:14.0791 0x0d80  seclogon - ok
20:46:14.0916 0x0d80  [ DA6C0E0B15CD0B135FD385AEABAE3A4C, 1DBED093D4BD1E800828D8E0EB19EDA7FD1E963AABD4F71D61F1AD04F669290F ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
20:46:15.0088 0x0d80  Secunia PSI Agent - ok
20:46:15.0135 0x0d80  [ 71761EDC432A0E39CF621105884E738E, 935133326B794F6DEAA97B9B6B6295AC6A884C3B73ABCD5662A79CEAD8EEA5EE ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
20:46:15.0166 0x0d80  Secunia Update Agent - ok
20:46:15.0182 0x0d80  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
20:46:15.0182 0x0d80  SENS - ok
20:46:15.0197 0x0d80  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
20:46:15.0197 0x0d80  Serial - ok
20:46:15.0244 0x0d80  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:46:15.0260 0x0d80  Sfloppy - ok
20:46:15.0307 0x0d80  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:46:15.0322 0x0d80  SharedAccess - ok
20:46:15.0338 0x0d80  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:46:15.0338 0x0d80  ShellHWDetection - ok
20:46:15.0354 0x0d80  Simbad - ok
20:46:15.0369 0x0d80  Sparrow - ok
20:46:15.0385 0x0d80  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:46:15.0401 0x0d80  splitter - ok
20:46:15.0463 0x0d80  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:46:15.0463 0x0d80  Spooler - ok
20:46:15.0510 0x0d80  [ 610522607B15DC6D5D8E20827D07B282, 86F5E40AEAB77C9381DDB0938FFFC98FAF2A060F3CAD5F0B63278568005511B8 ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
20:46:15.0541 0x0d80  sptd - ok
20:46:15.0557 0x0d80  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:46:15.0557 0x0d80  sr - ok
20:46:15.0619 0x0d80  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:46:15.0619 0x0d80  srservice - ok
20:46:15.0682 0x0d80  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:46:15.0697 0x0d80  Srv - ok
20:46:15.0729 0x0d80  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:46:15.0744 0x0d80  SSDPSRV - ok
20:46:15.0791 0x0d80  [ 306521935042FC0A6988D528643619B3, 6FCC06EA71F5C83A8C3A8B7152E9FF48BCFBD35ED8C134A0879735F9135BB20C ] StarOpen        C:\WINDOWS\system32\drivers\StarOpen.sys
20:46:15.0791 0x0d80  StarOpen - ok
20:46:15.0885 0x0d80  [ 8990440E4B2A7CA5A56A1833B03741FD, 55FE82DAE2D15D02AB12777045E2A3FE71560E53ECF1B1C03C25A603D5D90EBB ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
20:46:15.0932 0x0d80  STHDA - ok
20:46:15.0963 0x0d80  [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
20:46:15.0979 0x0d80  StillCam - ok
20:46:16.0057 0x0d80  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:46:16.0072 0x0d80  stisvc - ok
20:46:16.0104 0x0d80  [ 51778FD315C9882F1CBD932743E62A72, 5127292970ABC2966723CC5535DD547C77AAC132AAA849BCBD90D0F00EDD08C0 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
20:46:16.0166 0x0d80  stllssvr - ok
20:46:16.0197 0x0d80  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:46:16.0213 0x0d80  swenum - ok
20:46:16.0229 0x0d80  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:46:16.0260 0x0d80  swmidi - ok
20:46:16.0260 0x0d80  SwPrv - ok
20:46:16.0276 0x0d80  symc810 - ok
20:46:16.0276 0x0d80  symc8xx - ok
20:46:16.0291 0x0d80  sym_hi - ok
20:46:16.0291 0x0d80  sym_u3 - ok
20:46:16.0307 0x0d80  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:46:16.0338 0x0d80  sysaudio - ok
20:46:16.0354 0x0d80  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:46:16.0401 0x0d80  SysmonLog - ok
20:46:16.0447 0x0d80  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:46:16.0447 0x0d80  TapiSrv - ok
20:46:16.0494 0x0d80  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:46:16.0510 0x0d80  Tcpip - ok
20:46:16.0525 0x0d80  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:46:16.0525 0x0d80  TDPIPE - ok
20:46:16.0541 0x0d80  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:46:16.0541 0x0d80  TDTCP - ok
20:46:16.0572 0x0d80  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:46:16.0572 0x0d80  TermDD - ok
20:46:16.0619 0x0d80  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
20:46:16.0635 0x0d80  TermService - ok
20:46:16.0666 0x0d80  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:46:16.0666 0x0d80  Themes - ok
20:46:16.0744 0x0d80  [ E4FAD21646088D79F8889B6531396ACF, D0C8F0E3293D423245FD2233F283A1FE2463E15F8B9F4ED6AC96C2164EC51F75 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
20:46:16.0744 0x0d80  TomTomHOMEService - ok
20:46:16.0744 0x0d80  TosIde - ok
20:46:16.0775 0x0d80  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:46:16.0775 0x0d80  TrkWks - ok
20:46:16.0822 0x0d80  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:46:16.0854 0x0d80  Udfs - ok
20:46:16.0854 0x0d80  ultra - ok
20:46:16.0900 0x0d80  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:46:16.0947 0x0d80  Update - ok
20:46:16.0979 0x0d80  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:46:16.0994 0x0d80  upnphost - ok
20:46:17.0025 0x0d80  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
20:46:17.0104 0x0d80  UPS - ok
20:46:17.0135 0x0d80  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
20:46:17.0166 0x0d80  USBAAPL - ok
20:46:17.0197 0x0d80  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:46:17.0197 0x0d80  usbccgp - ok
20:46:17.0213 0x0d80  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:46:17.0213 0x0d80  usbehci - ok
20:46:17.0229 0x0d80  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:46:17.0260 0x0d80  usbhub - ok
20:46:17.0291 0x0d80  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:46:17.0307 0x0d80  usbohci - ok
20:46:17.0338 0x0d80  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:46:17.0369 0x0d80  usbprint - ok
20:46:17.0400 0x0d80  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:46:17.0400 0x0d80  usbscan - ok
20:46:17.0416 0x0d80  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:46:17.0432 0x0d80  USBSTOR - ok
20:46:17.0447 0x0d80  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:46:17.0463 0x0d80  VgaSave - ok
20:46:17.0479 0x0d80  ViaIde - ok
20:46:17.0494 0x0d80  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:46:17.0494 0x0d80  VolSnap - ok
20:46:17.0541 0x0d80  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
20:46:17.0619 0x0d80  VSS - ok
20:46:17.0650 0x0d80  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
20:46:17.0666 0x0d80  W32Time - ok
20:46:17.0682 0x0d80  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:46:17.0713 0x0d80  Wanarp - ok
20:46:17.0760 0x0d80  [ D6EFAF429FD30C5DF613D220E344CCE7, 807D4563E8AD4073688691078EB13AF240E14BA5E0C8506A48B3060A20B90082 ] WDC_SAM         C:\WINDOWS\system32\DRIVERS\wdcsam.sys
20:46:17.0807 0x0d80  WDC_SAM - ok
20:46:17.0885 0x0d80  [ 8530B35284AA20D9C614CCB3725CEF37, 38EDA7CEF28F830C2FF999EA5783152BEF39D61299DBDACEF8AE7865FB605152 ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
20:46:17.0885 0x0d80  WDDMService - ok
20:46:17.0963 0x0d80  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
20:46:17.0979 0x0d80  Wdf01000 - ok
20:46:17.0979 0x0d80  WDICA - ok
20:46:18.0025 0x0d80  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:46:18.0057 0x0d80  wdmaud - ok
20:46:18.0057 0x0d80  [ 138AB06ADBBF300AA804D7974A5AEC82, 61A99CB8176C291E858F9D964A9B2EC36970F3BFFF3D5F933A16E9B28BF922DD ] WDSmartWareBackgroundService C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
20:46:18.0057 0x0d80  WDSmartWareBackgroundService - ok
20:46:18.0072 0x0d80  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:46:18.0072 0x0d80  WebClient - ok
20:46:18.0166 0x0d80  [ F59ED5A43B988A18EF582BB07B2327A7, E870821C9C4E31D3B05049FBA5D81358F9C30E6A67F600D4EA3A5736CA344028 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:46:18.0213 0x0d80  winachsf - ok
20:46:18.0307 0x0d80  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:46:18.0307 0x0d80  winmgmt - ok
20:46:18.0432 0x0d80  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:46:18.0479 0x0d80  wlidsvc - ok
20:46:18.0525 0x0d80  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:46:18.0541 0x0d80  WmdmPmSN - ok
20:46:18.0588 0x0d80  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:46:18.0682 0x0d80  WmiApSrv - ok
20:46:18.0807 0x0d80  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
20:46:19.0072 0x0d80  WMPNetworkSvc - ok
20:46:19.0103 0x0d80  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
20:46:19.0135 0x0d80  WpdUsb - ok
20:46:19.0228 0x0d80  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:46:19.0244 0x0d80  WPFFontCache_v0400 - ok
20:46:19.0291 0x0d80  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:46:19.0307 0x0d80  WS2IFSL - ok
20:46:19.0353 0x0d80  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
20:46:19.0353 0x0d80  wscsvc - ok
20:46:19.0369 0x0d80  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:46:19.0369 0x0d80  wuauserv - ok
20:46:19.0385 0x0d80  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:46:19.0385 0x0d80  WudfPf - ok
20:46:19.0416 0x0d80  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:46:19.0463 0x0d80  WudfRd - ok
20:46:19.0494 0x0d80  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:46:19.0510 0x0d80  WudfSvc - ok
20:46:19.0572 0x0d80  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:46:19.0588 0x0d80  WZCSVC - ok
20:46:19.0619 0x0d80  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:46:19.0666 0x0d80  xmlprov - ok
20:46:19.0666 0x0d80  ================ Scan global ===============================
20:46:19.0697 0x0d80  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
20:46:19.0775 0x0d80  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
20:46:19.0791 0x0d80  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
20:46:19.0822 0x0d80  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
20:46:19.0822 0x0d80  [ Global ] - ok
20:46:19.0822 0x0d80  ================ Scan MBR ==================================
20:46:19.0838 0x0d80  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:46:19.0978 0x0d80  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
20:46:19.0978 0x0d80  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:46:22.0760 0x0d80  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
20:46:23.0400 0x0d80  \Device\Harddisk1\DR1 - ok
20:46:23.0400 0x0d80  ================ Scan VBR ==================================
20:46:23.0431 0x0d80  [ C343C9F5943295F45F4DDAE291FC0A48 ] \Device\Harddisk0\DR0\Partition1
20:46:23.0447 0x0d80  \Device\Harddisk0\DR0\Partition1 - ok
20:46:23.0447 0x0d80  [ 77F76699DDB661A6C8D7C7004050FB1E ] \Device\Harddisk0\DR0\Partition2
20:46:23.0447 0x0d80  \Device\Harddisk0\DR0\Partition2 - ok
20:46:23.0447 0x0d80  [ 8EE92F04D5EB4A28A82C1F0E2A3213BA ] \Device\Harddisk1\DR1\Partition1
20:46:23.0463 0x0d80  \Device\Harddisk1\DR1\Partition1 - ok
20:46:23.0463 0x0d80  Waiting for KSN requests completion. In queue: 184
20:46:24.0463 0x0d80  Waiting for KSN requests completion. In queue: 184
20:46:25.0494 0x0d80  AV detected via SS1: Microsoft Security Essentials, 4.4.0304.0, enabled, updated
20:46:25.0494 0x0d80  Win FW state via NFM: enabled
20:46:28.0275 0x0d80  ============================================================
20:46:28.0275 0x0d80  Scan finished
20:46:28.0275 0x0d80  ============================================================
20:46:28.0275 0x0fd0  Detected object count: 1
20:46:28.0275 0x0fd0  Actual detected object count: 1
20:57:23.0596 0x0fd0  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:57:23.0596 0x0fd0  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 

    Advertisements

Register to Remove


#26 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,114 posts

Posted 31 January 2014 - 09:30 PM

Just before the TDSSkiller scan completes... it should have brought up a window listing suspicious objects.  In your case, there should have just been one.  The you should have had the option to: Skip, Delete, Quarantine, or Cure.

 

You didn't see anything like this?


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#27 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 31 January 2014 - 09:37 PM

i kept it on skip like on the first run of it. I just noticed this, that Malware Anti Rootkit said in the instructions that if items were detected, to do cleanup, and then run it again until nothing is found?



#28 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,114 posts

Posted 31 January 2014 - 10:30 PM

Yes... that is true.  Go ahead and run it again to verify it reads clean.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#29 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 01 February 2014 - 07:44 AM

Ran scan, no malware found.



#30 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,114 posts

Posted 01 February 2014 - 09:31 AM

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users